The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia 9811617090, 9789811617096

Citation preview

Francesco de Zwart

The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia Volume 1

The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia

Francesco de Zwart

The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia

Francesco de Zwart Adelaide Law School University of Adelaide Adelaide, SA, Australia

ISBN 978-981-16-1709-6    ISBN 978-981-16-1710-2 (eBook) https://doi.org/10.1007/978-981-16-1710-2 © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Singapore Pte Ltd. The registered company address is: 152 Beach Road, #21-01/04 Gateway East, Singapore 189721, Singapore

Preface

Stage 1 of the Relational Corporate Governance Model Project was published in 2015 in the book Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach by Dr Francesco de Zwart. That book introduced the Relational Corporate Governance Model – a model which explained how 39 governance mechanisms, structures, processes and protocols called ‘governance variables’ affected ‘agency costs’ and the long-term efficiency and survival or sustainability of the firm. This survival/sustainability was measured by proxies for shareholder wealth or welfare including firm cost of capital, firm value/share price, firm operating performance/profit and the likelihood of earnings manipulation or ‘management’. The Stage 1 Model was not tied to any particular industry and applied to firms generally. The 39 Stage 1 governance variables were extracted from the literature, case studies, governance codes and empirical studies comprising the four original Key Fields: (1) the application of the theoretical models of the firm to the relational approach; (2) Enron and Hastie corporate collapse literature; (3) international and national governance codes of the US, UK and Australia; and (4) empirical/field studies actually undertaken by other commentators and researchers in examining the effectiveness or ability of the governance variables in reducing agency costs, enhancing firm value/share price and operating performance/profit, and reducing the likelihood of earnings management/misstatement. As the relational approach is based on predicting the interrelationships between these 39 governance variables, the aim in Stage 1 was to identify what those interrelationships are. These interrelationships are represented by the eight ‘governance factors’ which are the eight firm-specific or firm-level recurring or underpinning aims and themes of firm-level corporate governance. Themes and considerations from each of the four original Key Fields above are used in Stage 1 to construct each of the governance factors: 1 . Reporting – transparency, timing and integrity of financial and other reports 2. Compliance – corporate governance and legal compliance 3. Alignment – alignment of management and shareholder interests 4. Compensation – board, CEO and management compensation and incentives; v

vi

Preface

5. Risk Management, Monitoring and Audit – risk management internal and external/audit monitoring quality 6. Stakeholders – identification, participation and protection of stakeholder interests 7. Decision-making – quality of board, CEO and management decision-making 8. Responsibility  – delineation and disclosure of powers, duties and lines of responsibility A governance factor is a firm-specific or firm-level underlying and recurring theme or aim of ‘good’ corporate governance derived from within the four Key Fields above. In other words, it is, in itself, an object, purpose or end of firm-specific or firm-level ‘good governance’. It may also be considered to be an intermediate step or combination of steps to achieve such an object, purpose or end or to avoid harming good governance outcomes. Stage 1 sets out each original governance variable and its total hypothesised or predicted relative importance or strength known as ‘coverage’ – the number of governance factors affected, switched-on or influenced by that governance variable and the direction positive (+), negative (-) or dual-directional (+/-). The ‘relational proximity rating’ or ‘rprox’ of each governance variable is a simple calculation like percentages – so a coverage of 4 out of 8 governance factors is 50.00 rprox. A coverage of 6 out of 8 factors is 75.00 rprox. A coverage of 7 out of 8 factors is 87.50 rprox. The calculation is: total hypothesised or predicted coverage

x 100.

total number of governance factors = 8

Thus, a coverage of +7 factors gives rise to a relational proximity of: +7 x 100 = + 87.50 rprox. 8 This Stage 2 Key Code and Advanced Handbook applies the Relational Approach Model to the Global Financial Crises and the banking and financial services industry in a new Key Field – the ‘Governance of Banks in the GFC and Beyond’ Key Field No. 5. This fifth Key Field examines the behaviour and failures of governance variables relating to banks and financial firms in the GFC of 2008–9 and beyond to the recent Australian Banking Royal Commission Inquiry into banking misconduct. This fifth Key Field in the Stage 2 Key Code and Advanced Handbook is bigger than the four original Key Fields put together. There are now 1,749 governance variables in total. All the bank-specific governance variables are modelled or based on, or derived from, seven ‘key’ or ‘core’ governance variables from the original 39 variables of Stage 1. Stage 2 is a ‘key code’ (like an index or digest) which examines major reports and pronouncements from the GFC and beyond to propose a uniform approach to governance and supervision for banks in Australia. Banks, on the one hand, and supervisors/regulators, on the other, can identify, formulate and agree on the scope of an inquiry or review to be undertaken at a particular bank or in relation to particular business units or particular activities of a bank. An important element of Stage 2

Preface

vii

is to bring together major reports and pronouncements in Australia to propose a uniform approach for banks, particularly in relation to governance, accountability, remuneration, board characteristics, committees, conduct and other non-financial risks, bank and risk culture and the governance and management of risk. Those major reports and pronouncements at the time of writing are: • The International Institute of Finance’s Final Report of the IIF Committee on Market Best Practices of 2008 • The UK Walker Review’s A review of corporate governance in UK Banks and other financial industry entities, Final recommendations of 2009 • The OECD Steering Group on Corporate Governance’s Corporate Governance and the Financial Crisis: Key Findings and Main Messages of June 2009 • Grant Kirkpatrick’s Report for the OECD, Corporate Governance Lessons from the Financial Crisis of 2009 • The European Commission’s Green Paper, Corporate Governance in Financial Institutions and Remuneration Policies of 2010 • The OECD Steering Group on Corporate Governance’s, Corporate Governance and the Financial Crisis of 2010 • The European Commission’s Green Paper, The EU Corporate Governance Framework of 2011 • The Basel Committee on Banking Supervision’s Guidelines, Corporate Governance Principles for Banks of 2015 • The Financial Stability Board (FSB) Principles for Sound Compensation Practices of 2009 • The FSB Principles for Sound Compensation Practices Implementation Standards also of 2009 • For bank and risk culture and misconduct risk: –– the FSB Principles for An Effective Risk Appetite Framework of 18 November 2013 –– the FSB Guidance on Supervisory Interaction with Financial Institutions on Risk Culture, A Framework for Assessing Risk Culture of 7 April 2014 –– the FSB Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, the use of compensation tools to address misconduct risk of March 2018 • The Retail Banking Remuneration Review Report of April 2017 by Stephen Sedgwick AO • The APRA Final Report of the Prudential Inquiry into CB • The BEAR – Bank Executive Accountability Regime - contained in sections 37 – 37KC of the Banking Act 1959 (Cth) • The FSRC Interim Report • The FSRC Final Report • The NAB Self-Assessment 2018 • The Westpac Review Team Governance, Accountability and Culture Self-­ Assessment of November 2018 • The APRA Information Paper, Self-Assessments of Governance, Accountability and Culture of 22 May 2019

viii

Preface

• • • • •

APRA’s Prudential Standard CPS 220 Risk Management of July 2019 APRA’s Prudential Standard CPS 510 Governance of July 2019 APRA’s Prudential Standard CPS 520 Fit and Proper of July 2019 APRA’s Revised Draft Prudential Standard 511 Remuneration of November 2020 The ASX Corporate Governance Council’s Fourth Edition of the Corporate Governance Principles and Recommendations of February 2019 • ASIC’s Corporate Governance Taskforce, Director and Officer Oversight of Non-financial Risk Report of October 2019 • Westpac’s Reassessment of the Culture, Governance and Accountability Remediation Plan of June 2020 At a detailed operational level for planning and conducting such governance reviews or ‘mappings’ of the bank, the governance variables are also linked by a ‘Key Grouping’, prefix or abbreviation (e.g., non-financial risk committee (‘NFRCm’), risk appetite statement (‘RAS’) and second line risk management function (‘SecLine’)) for particular activities. Thus, all related governance variables are grouped into 159 activities or functions for a ‘deep dive’ review of each activity. Thus, Stage 2 shows with very practical or ‘operational-level’ enquiry steps in governance variables how to apply the major reports and pronouncements of national and international bodies – including the EC, OECD, International Institute of Finance (IIF), Financial Stability Board (FSB), Walker Review, Basel Committee for Banking Supervision, APRA, FSRC, ASX and ASIC – at the ‘nuts and bolts’ bank level. In other words, Stage 2 shows the practical and operational checks and balances (presented as pathways modelled on Key or Core Stage 1 governance variables) required by these bodies. Starting from the GFC, the period of constructing bank-specific governance variables is complete at the time of publication of the APRA Revised Draft of Prudential Standard CPS 511 Remuneration of November 2020.

Tables Stage 1 Relational Corporate Governance Approach Model

Stage 1 Page Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. (continued)

Preface

ix

Table of Statutes

Statute Banking Act 1959 (Cth), ss 37 – 37KC being PART IIAA - THE BANKING EXECUTIVE ACCOUNTABILITY REGIME, accessed 28 February 2019, available at http://classic.austlii.edu.au/au/legis/cth/consol_act/ba195972/index.html#s37g, (the ‘BEAR’).

Page

 able of Stage 2 Government, Supervisory/Regulatory, Major T Bank and Industry Body Reports, Codes, Rules and Publications

Report, Code, Rule or Publication Page Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, 22 January 2020, accessed 17 February 2020, available at https://treasury.gov.au/sites/default/ files/2020-­01/c2020-­24974.pdf Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-­Prudential-­Inquiry_Final-­Report_30042018.pdf, (‘APRA Final Report’). Australian Prudential Regulation Authority (APRA), Information Paper, Self-Assessments of Governance, Accountability and Culture, 22 May 2019, accessed 5 June 2019, available at https://www.apra.gov.au/sites/default/files/information_paper_self-­ assessment_of_governance_accountability_and_culture.pdf, (APRA Information Paper 2019’). Australian Prudential Regulation Authority, Prudential Standard CPS 220 Risk Management, July 2019, accessed 22 September 2019, available at https://www.apra.gov. au/sites/default/files/cps_220_risk_management_effective_from_1_july_2019.pdf (‘CPS 220’). Australian Prudential Regulation Authority, Prudential Standard CPS 510 Governance, July 2019, accessed 22 September 2019, available at: https://www.legislation.gov.au/ Details/F2019L00662/Download (‘CPS 510’). Australian Prudential Regulation Authority, Revised Draft Prudential Standard CPS 511 Remuneration, November 2020, accessed 19 November 2020, available at: https://www. apra.gov.au/sites/default/files/%5Bdate%3Acustom%3AY%5D-­ %5Bdate%3Acustom%3Am%5D/Revised Draft Prudential Standard CPS 511 Remuneration -­Clean -­November 2020.pdf (“CPS 511”). Australian Prudential Regulation Authority, Prudential Standard CPS 520 Fit and Proper, July 2019, accessed 1 October 2019, available at: https://www.legislation.gov.au/Details/ F2018L01390/Download (‘CPS 520’). Australian Prudential Regulation Authority, Information Paper, APRA’s Policy Priorities, January 2020, accessed 17 February 2020, available at https://www.apra.gov.au/ apras-­policy-­priorities. (continued)

x

Preface

Report, Code, Rule or Publication Page Australian Prudential Regulation Authority, Information Paper, APRA’s Supervision Priorities, January 2020, accessed 17 February 2020, available at https://www.apra.gov. au/apras-­supervision-­priorities. Australian Securities and Investments Commission, ASIC Corporate Governance Taskforce, Director and Officer Oversight of Non-financial Risk Report, October 2019, accessed 15 April 2020, available at https://download.asic.gov.au/media/5290879/ rep631-­published-­2-­10-­2019.pdf (‘2019ASIC’). Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition, February 2019, accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-­principles-­ and-­recommendations-­fourth-­edn.pdf (‘2019ASX’). The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’). Commonwealth of Australia, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Interim Report, 28 September 2018, accessed 11 December 2018, available at https://financialservices.royalcommission.gov. au/Documents/interim-­report/interim-­report-­volume-­1.pdf, Volume 1, (‘FSRC Interim Report’). Commonwealth of Australia, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 4 February 2019, accessed 5 February 2019, available at https://static.treasury.gov.au/uploads/sites/1/2019/02/ fsrc-­volume1.pdf, Volume 1, (‘FSRC Final Report’). European Commission, The High-Level Group on Financial Supervision in the EU Chaired by Jacques de Larosière, Report of the de Larosière Group, Brussels, 25 February 2009, accessed 15 June 2017 at https://ec.europa.eu/internal_market/finances/docs/de_ larosiere_report_en.pdf (‘de Larosière Report’). European Commission, Green Paper, Corporate Governance in Financial Institutions and Remuneration Policies, COM(2010) 284 final, Brussels, 2 June 2010, accessed 23 March 2017 at http://www.ecgi.org/commission/documents/green_paper_com2010_284_en.pdf (‘EC Green Paper 2010’). European Commission, Green Paper, The EU Corporate Governance Framework, COM (2011) 164 final, Brussels, 5 April 2011, accessed 1 May 2017 at ec.europa.eu/internal_ market/company/docs/modern/com2011-164_en.pdf, (‘EC Second Green Paper 2011’). Financial Stability Board, FSB Principles for Sound Compensation Practices, 2 April 2009 accessed 28 February 2019, available at http://www.fsb.org/wp-­content/ uploads/r_0904b.pdf (‘FSBP’). Financial Stability Board, FSB Principles for Sound Compensation Practices Implementation Standards, 25 September 2009, accessed 28 February 2019, available at http://www.fsb.org/wp-­content/uploads/r_090925c.pdf (‘FSBIS’). Financial Stability Board, Principles for An Effective Risk Appetite Framework of 18 November 2013 accessed 28 February 2019, available at http://www.fsb.org/wp-­content/ uploads/r_131118.pdf (‘FSBRAF’). Financial Stability Board, Guidance on Supervisory Interaction with Financial Institutions on Risk Culture, A Framework for Assessing Risk Culture of 7 April 2014, accessed 28 February 2019, available at http://www.fsb.org/wp-­content/uploads/140407. pdf (‘FSBCult’). Financial Stability Board, Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, The use of compensation tools to address misconduct risk, 9 March 2018, accessed 28 February 2019, available at http://www.fsb.org/ wp-­content/uploads/P090318-­1.pdf (‘FSBSupp’). (continued)

Preface

xi

Report, Code, Rule or Publication Page G20/OECD Principles of Corporate Governance of 30 November 2015, accessed 29 July 2015 at http://www.oecd-­ilibrary.org/governance/g20-­oecd-­principles-­of-­corporate-­ governance-­2015_9789264236882-­en (‘G20/OECD 2015 Principles’). Institute of International Finance, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, Financial Services Industry Response to the Market Turmoil of 2007-2008, Washington, DC, July 2008, accessed 24 March 2017 at http://www.apec.org.au/docs/11_CON_GFC/IIF_Final_ Report_of_the_Committee_on_Market_Best_Practices.pdf (‘IIF Final Report 2008’). Grant Kirkpatrick, The Corporate Governance Lessons from the Financial Crisis, Report of the OECD Steering Group on Corporate Governance, 11 February 2009, Financial Market Trends, Vol 2009/1, ISSN 1995-2864, accessed 27 March 2017 at http://search. oecd.org/finance/financial-­markets/42229620.pdf, (‘OECD Kirkpatrick Report 2009’). National Australia Bank, NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/ content/dam/nabrwd/documents/reports/corporate/nab-­self-­assessment-­2018.pdf (‘NAB Self-Assessment 2018’). Organisation for Economic Co-Operation and Development (OECD), OECD Principles of Corporate Governance 2004, 2004, OECD Publications Service, Paris ‘(OECD Principles 2004’). See http://www.oecd.org/document/49/0,3343 ,en_2649_34813_31530865_1_1_1_37439,00.html (accessed 6 March 2015). OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis: Key Findings and Main Messages, June 2009, approved for publication 29 May 2009, accessed 12 April 2017 at www.oecd.org/corporate/ca/ corporategovernanceprinciples/43056196.pdf, (‘OECD Key Findings 2009’). OECD Directorate for Financial and Enterprise Affairs, OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis, Conclusions and emerging good practices to enhance implementation of the Principles, 24 February 2010, accessed 11 May 2017 at www.oecd.org/corporate/ca/ corporategovernanceprinciples/44679170.pdf, (‘OECD 2010 Conclusions and Practices’). Stephen Sedgwick AO, Retail Banking Remuneration Review Report, 19 April 2017, accessed 28 February 2019, available at https://www.betterbanking.net.au/wp-­content/ uploads/2018/01/FINAL_Rem-­Review-­Report.pdf (‘Sedgwick Review’). David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov. uk/+/http:/www.hm-­treasury.gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’). Westpac Banking Corporation, Review Team, Governance, Accountability and Culture Self-Assessment, 28 November 2018, accessed 5 August 2019, available at https://www. westpac.com.au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-­ Assessment_Report_.pdf (‘Westpac Review Team 2018’). Westpac Banking Corporation, Reassessment of the Culture, Governance and Accountability Remediation Plan, June 2020, accessed 20 November 2020, available at https://www.westpac.com.au/content/dam/public/wbc/documents/pdf/aw/media/WBC_ CGA_Reassessment.pdf (‘Westpac Reassessment’).

Adelaide, SA, Australia 8 December 2020

Dr. Francesco de Zwart Director, Stage 2 Relational Corporate Governance Model Project for Australian Banks

Contents of Volume I

Part I Governance of Banks in the GFC and Beyond Key Field No 5 (Part 1): Introduction to the Relational Corporate Governance Model, Key Code and Advanced Handbook 1

Aims and Approach to Examining the Governance of Banks in the Global Financial Crisis and Beyond to the Australian Banking Royal Commission Inquiry into Banking Misconduct in Stage 2����������������������������������������������������������������������������     3 1.1 The ‘Bank-Specific’ Stage 2 Relational Corporate Governance Approach and Model Is a ‘Key Code’ and ‘Advanced Handbook’��������������������������������������������������������������     7 1.2 Stage 2 Government, Regulatory, Bank and Industry Body Reports and Publications����������������������������������������������������������������     9 1.3 ‘Core’ and ‘Emerging’ Themes������������������������������������������������������    12 1.4 Non-Financial Risk Definitions and Major Risk Classes ��������������    15 1.5 ‘Key Groupings’ of Governance Variables for ‘Accountability Mapping’����������������������������������������������������������������������������������������    16 1.6 Aims of Parts 1 and 2����������������������������������������������������������������������    16

2

The Theoretical and Operational Parts of the Stage 1 Relational Approach and Model����������������������������������������������������������    25 2.1 The Conceptual/Theoretical Components of the Relational Model and How They Are Used in Practice������������������������������������    29 2.2 The ‘Three Relational Axes of Good Governance’������������������������    31 2.3 Governance Variables (Also Part of the Operation of the Stage 1 Model Below)����������������������������������������������������������    32 2.4 Governance Factors������������������������������������������������������������������������    33

3

Determining the Effects of Governance Variables in the Relational Approach��������������������������������������������������������������������    37 3.1 Shareholder-Primacy Interrelationship Scheme������������������������������    38

xiii

xiv

Contents of Volume I

3.2 Operational or Practical Use of the Stage 1 Model – How to Determine/Predict the Effect of the Governance Variables in Affecting Firm Value/Share Price and Operating Performance/Profit ��������������������������������������������������������    40 3.3 ‘Relational Effect Path’ of Each Governance Variable ������������������    40 3.4 The Coverage Table (Table 3.1 in the Stage 1 Model)��������������������    40 3.5 The Relational Proximity Table (Table 3.2 in the Stage 1 Model)��������������������������������������������������������������������������������������������    45 3.6 The ‘Spine’ of Relational Effect Paths and the Comparator Variable: [BrdSkills] (+) – Board – Skills ‘Mix’ ��������������������������    45 3.7 [TransTimeMon] (+) – Transparency and Timing of Reporting – Monitoring Effect ��������������������������������������������������    48 3.8 Introduction to the Chap. 4 User Guide and Chap. 5 Quick-Reference Guide������������������������������������������������������������������    51 4

 ey Code and Advanced Handbook User Guide��������������������������������    53 K 4.1 Using the Stage 2 Key Code and Advanced Handbook for the Governance ‘Mapping’ or Reviewing of an Australian Major Bank ������������������������������������������������������������������������������������    53 4.2 How Do We Determine the Relative Strength of a Governance Variable?��������������������������������������������������������������    54 4.3 Using Table 10.2 – How Do We Determine the Coverage/Rating of a Stage 2 Bank-Specific Variable?������������������    56 4.4 Variable, Source, Abbreviation and Key Grouping������������������������    56 4.5 Stage 1 ‘Key’ or ‘Core’ Variable����������������������������������������������������    57 4.6 Target or Hypothesised Coverage/Rating ��������������������������������������    58 4.7 “Mapping” the Bank – How Do We Determine the Existence of a Governance Variable in the Bank and Then Verify it is Performing or Behaving as Predicted or Contemplated by the Model? ��������������������������������������������������������������������������������    58 4.8 Some User Guide ‘Rules of Thumb’����������������������������������������������    60 4.9 ‘Board Skills’ Key/Core Variable ��������������������������������������������������    60 4.10 The ‘Compensation and Incentive’ Key/Core Variables ����������������    61 4.11 Non-executive/Independent Directors��������������������������������������������    61 4.12 Reporting, Information Flows and Escalation of ‘Red Flags’��������    62

5

Quick-Reference Guide ������������������������������������������������������������������������    63

Part II Governance of Banks in the GFC and Beyond Key Field No 5 (Part 2): The Challenge for Relational Governance Variables for Australian Banks 6

 ey Questions and Core Failures in Bank Governance ��������������������    71 K 6.1 The Key Questions for the Governance of Banks in the GFC and Beyond to the Australian Banking Royal Commission Inquiry into Banking Misconduct ��������������������������������������������������    72

Contents of Volume I

xv

6.2 ‘Core’ Areas of Corporate Governance Failures from Banks in the GFC and Beyond������������������������������������������������������������������    73 6.3 Securitisation of Mortgage-Backed Securities��������������������������������    75 6.4 Multiple Failures in Governance Variables in Banks During the GFC������������������������������������������������������������������������������������������    76 6.5 Overview of Multiple Governance Failures in Banks��������������������    76 6.6 Failures Identified in Commentator Studies and Governmental and Market Participant Reports������������������������������������������������������    78 7

 istinguishing Features of Banks for the Relational Approach��������    83 D 7.1 Similarities and Differences with the Enron Collapse��������������������    84 7.2 Maturity of Debt, Liquidity, Leverage and the Interconnectedness of Banks����������������������������������������������������������    85 7.3 Deposit Insurance, Government Bailout and Risk-Taking ������������    87 7.4 Systemic Risk���������������������������������������������������������������������������������    89 7.5 Conflicts of Interest������������������������������������������������������������������������    90 7.6 Perceived Weaknesses in Governance Codes���������������������������������    91 7.7 Summary – Governance Variables for Distinguishing Features and Bank Regulation Are Needed������������������������������������    91

8

 aximising the ‘Default Standard’ of Shareholder Value����������������    95 M 8.1 Should the Shareholder Wealth-Maximisation Principle Apply to Banks and Financial Firms?��������������������������������������������    95 8.2 The Market for Corporate Control May Be Weaker ����������������������    96 8.3 The Shareholder Wealth-Maximisation Principle and the Short-Term Share Price������������������������������������������������������    97 8.4 Did the Shareholder Wealth-Maximization Principle Exacerbate the Severity of the Financial Crisis?����������������������������    99

9

Overview of Stage 2 Bank-Specific Key Code and Advanced Handbook for Australian Banks ����������������������������������������������������������   103 9.1 Overview of the Relational Corporate Governance Approach and Model in Stage 2������������������������������������������������������   103 9.2 Introduction to Bank-Specific Stage 2 Key Code and Advanced Handbook Chapters for Australian Banks��������������   104

Part III Governance of Banks in the GFC and Beyond Key Field No 5 (Part 3): Bank-­Specific Coverage and Relational Proximity Rating Results for Australian Banks 10 E  xisting Stage 1 and New Stage 2 Bank-­Specific Relational Corporate Governance Variables for Australian Banks��������������������   115 10.1 Bank-Specific Governance Reports and Pronouncements������������   117 10.2 The Key Code – The Bank Combined Coverage and Relational Proximity Table 10.2 Displays the Target or Hypothesised Coverage and Relational Proximity Rating������������   126

xvi

Contents of Volume I

Part IV Governance of Banks in the GFC and Beyond Key Field No. 5 (Part 4): Issues in Executive Compensation and Accountability – Incentives, Bonuses, Equity and Option Compensation and the BEAR 11 A  pproach and Structure of Part 4 Has a Risk-Taking Focus������������   511 11.1 Introduction to Incentives, Option-Based and Equity-­Based Pay and Risk-Taking by Banks ����������������������������������������������������   514 11.2 Review – Compensation Governance Variables from Stage 1����������������������������������������������������������������������������������   517 11.3 Variable Performance-Based Pay and Deposit Insurance Increase Moral Hazard and Risk-Taking��������������������������������������   518 11.4 Variable Option Compensation in Combination with Limited Liability Increases Risk-Taking��������������������������������������   519 11.5 Variable Pay Combined with Short-Term Profit Results and Reporting Increased Risk-Taking������������������������������������������   520 11.6 Summary of Studies and New Governance Variables for Variable Performance-Based Compensation and Bank Risk-Taking ������������������������������������������������������������������������   522 11.7 Variable Compensation, Deposit Insurance and Government Bailout����������������������������������������������������������������������   522 11.8 Variable Compensation and Limited Liability������������������������������   524 11.9 Variable Pay and Short-Term Profit Results and Reporting����������   524 12 G  overnment and Market Reform Report Recommendations for Compensation or Remiuneration ��������������������������������������������������   525 12.1 Walker Review 2009 Recommendations��������������������������������������   527 12.2 OECD Key Findings 2009 and Absence of Pay for Performance����������������������������������������������������������������������������   530 12.3 Moody’s Challenges for Executive Compensation ����������������������   532 12.4 Existing Compensation Variables from Stage 1����������������������������   533 12.5 Compensation Committee and High End Employees – Risk ‘Alignment’ Effect and Risk ‘Failure’ Effect of Equity and Options – Relational Effect Paths������������������������������������������   537 12.6 Governance Variables for Compensation/Remuneration Committee Composition, Functions and Policies in the ASX Principles and Recommendations, APRA’s Revised Draft CPS 511, the Walker Review 2009, APRA Final Report and the NAB Self-Assessment 2018��������������������������������������������   539 12.7 Governance Variables for Compensation/Remuneration Committee Functions and Policies in OECD Key Findings 2009�������������������������������������������������������������������������������   555 12.8 Governance Variables for Compensation/Remuneration Committee Functions and Policies in the OECD 2010 Conclusions and Practices������������������������������������������������������������   558

Contents of Volume I

xvii

12.9 IIF Risk-Based Incentive Principles ��������������������������������������������   559 12.10 Long-Term Profitability Adjusted for Cost of Capital������������������   559 12.11 Risk-Taking and Risk Appetite ����������������������������������������������������   560 12.12 Adjustments for the ‘risk time horizon’����������������������������������������   561 12.13 Adjustments for Organization as a Whole and Firm-Wide Profit����������������������������������������������������������������������������������������������   562 12.14 Severance Pay ������������������������������������������������������������������������������   563 12.15 Transparency and Disclosure��������������������������������������������������������   563 12.16 IIF Examples of Risk-Adjusted Compensation and Incentives ������������������������������������������������������������������������������   564 12.17 Disclosure of Bands and Elements of Compensation for Executives and High End Employees��������������������������������������   570 12.18 Restrictions, Delay, Lock-Up, Deferral and Clawback of Incentive Payments – Relational Effect Path����������������������������   574 12.19 Failure to Adjust Pay Bonuses for Risks Incurred for Low Level Employees ������������������������������������������������������������   587 12.20 Required Minimum Shareholdings of Executive Board Members, Executives and High End Employees Including Vesting Arrangements ��������������������������������������������������   588 12.21 Formal Code of Conduct for Remuneration Consultants Including Use of the Code by Remuneration Committee to Engage Advisers ����������������������������������������������������������������������   589 12.22 Incentive Payments and Bonuses to Be Calculated by Economic Profit Not Revenue��������������������������������������������������   591 12.23 Remuneration Design Adjustments for the firm’s Risk Appetite, Cost of Capital and Liquidity Risk�������������������������������   592 12.24 Adjusting Pay Benchmarks for Risk��������������������������������������������   593 12.25 Remuneration and Breaches of Company Risk Appetite Limits, Internal Procedures and Legal Requirements������������������   594 13 F  SB Principles for Sound Compensation Practices (FSBP) and FSB Implementation Standards (FSBIS) ������������������������������������   595 13.1 FSB Principles and Standards 1–3 for Effective Governance of Compensation������������������������������������������������������   596 13.2 FSB Principles and Standards 4–7 for Effective Alignment of Compensation with Prudent Risk-Taking��������������   600 13.3 FSB Principles and Standards 8–9 for Effective Oversight and Engagement by Stakeholders��������������������������������   605 13.4 FSB Implementation Standards (FSBIS)��������������������������������������   608 14 N  AB Self-Assessment 2018 Recommendations and Commentary on Remuneration������������������������������������������������������������������������������������   613 14.1 NAB Remuneration Framework – Fixed and Variable Remuneration��������������������������������������������������������������������������������   614 14.2 NAB Remuneration Framework – Consequence Management����������������������������������������������������������������������������������   616

xviii

Contents of Volume I

14.3 NAB Board Oversight of Remuneration Practices ����������������������   620 14.4 NAB Remuneration Governance Model��������������������������������������   621 14.5 NAB Assessment of Risk and Conduct Within the Remuneration Framework������������������������������������������������������   622 14.6 NAB Application of Remuneration Consequence������������������������   624 15 W  estpac Review Team 2018 Recommendations and Commentary on Remuneration����������������������������������������������������   627 15.1 Westpac’s Remuneration Approach – Fixed and Variable Remuneration ����������������������������������������������������������   628 15.2 Westpac’s Risk Gates for Short Term Variable Reward����������������   629 15.3 Westpac’s Risk Adjustments for Short Term Variable Reward������������������������������������������������������������������������������������������   630 15.4 Westpac’s Navigation and Consistency of Frameworks and Policies ����������������������������������������������������������������������������������   633 15.5 Westpac’s Use of Malus Provisions����������������������������������������������   634 15.6 Westpac’s Deferral of Variable Reward����������������������������������������   634 15.7 Westpac’s Implementation of Sedgwick Recommendations��������   635 15.8 Westpac’s Non-remuneration Components of Consequence Management ������������������������������������������������������   635 15.9 Westpac’s Factors that Inform Accountability Outcomes������������   637 16 S  hareholder Value Maximisation in Banks and Financial Firms������   641 16.1 Traditional Governance Variables Maximise the Share Price������   642 16.2 Shareholder Value-Maximisation and Ownership Structure – Incentive Equity Holdings/Plans of Directors and Officers����������������������������������������������������������������������������������   648 16.3 Shareholdings of Lower-Level Management Predict Bank Failure ������������������������������������������������������������������������������������������   648 16.4 Owner-Control Predicts Bank Failure Due to Increased Risk-­Taking����������������������������������������������������������������������������������   651 16.5 Risk Preference of Bank Management and Shareholders May Diverge����������������������������������������������������������������������������������   654 16.6 Substantial Equity Ownership Not Aligned Where Holding Positions Are Short-Term������������������������������������������������   656 16.7 “Inside Debt” Compensation Reduces Risk-Taking ��������������������   659 17 A  dditional Compensation/Remuneration Committee Considerations����������������������������������������������������������������������������������������   661 17.1 Chairperson Pay and Non-executive Director Pay Differentials����������������������������������������������������������������������������������   661 17.2 Enhanced Disclosure of Pay Not Linked to Performance and Exceptional Commencement/Termination/Pension Arrangements – ‘Golden Hellos’ and ‘Golden Parachutes’���������   662 17.3 Disclosure Obligation for ‘Enhanced Benefits’����������������������������   664 17.4 Compensation Component of ‘Enhanced Benefits’����������������������   665

Contents of Volume I

xix

18 C  ompensation Practices for Misconduct Risk������������������������������������   667 18.1 Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices – The Use of Compensation Tools to Address Misconduct Risk (‘FSBSupp’)��������������������������   667 19 F  SRC Final Report Commentary and Recommendations in Relation to Remuneration����������������������������������������������������������������   675 19.1 FSRC Recommendations and Commentary on Executive Remuneration��������������������������������������������������������������������������������   676 19.2 FSRC Recommendations and Commentary on Issues of Implementation������������������������������������������������������������������������   680 19.3 ‘Front-Line’ or ‘Customer-Facing’ Staff Remuneration��������������   682 20 T  he BEAR – Bank Executive Accountability Regime – And APRA’S Non-Financial Risk Accountabilities������������������������������������   687 20.1 ADIs and Accountable Persons����������������������������������������������������   688 20.1.1 ADIs��������������������������������������������������������������������������������   688 20.1.2 Obligations of an Accountable Person����������������������������   688 20.1.3 Governance Variables for Obligations of an ADI and Accountable Persons������������������������������������������������   689 20.2 BEAR Accountability Obligations of an ADI and an Accountable Person����������������������������������������������������������������������   692 20.2.1 Governance Variables for Accountability Obligations����������������������������������������������������������������������   693 20.2.2 Reasonable Steps������������������������������������������������������������   694 20.3 Key Personnel Obligations of an ADI������������������������������������������   695 20.3.1 Governance Variables for Key Personnel Obligations����������������������������������������������������������������������   695 20.4 Deferred Remuneration Obligations of an ADI and Governance Variables������������������������������������������������������������   696 20.4.1 The Deferred Remuneration Obligation��������������������������   697 20.4.2 Section 37EA – Meaning of Variable Remuneration������   698 20.4.3 Section 37EB – Minimum Amount of Variable Remuneration������������������������������������������������������������������   699 20.4.4 Section 37EC – Minimum Period of Deferral����������������   699 20.5 Section 37F – Notification Obligations of an ADI and Governance Variables������������������������������������������������������������   700 20.5.1 Accountability Statement������������������������������������������������   702 20.5.2 Accountability Map��������������������������������������������������������   702 20.5.3 Section 37FC – Types of Events for Which APRA Must Be Notified ������������������������������������������������   703 20.6 Section 37G – Pecuniary Penalty for Non-compliance with the BEAR������������������������������������������������������������������������������   703 20.6.1 Section 37G – Pecuniary Penalty������������������������������������   703 20.6.2 Prudential Matters ����������������������������������������������������������   704 20.6.3 Resolution ����������������������������������������������������������������������   704

xx

Contents of Volume I

20.7 Registration of Accountable Persons��������������������������������������������   705 20.7.1 Section 37H – Register of Accountable Persons������������   705 20.7.2 Section 37HA – Registration as an Accountable Person������������������������������������������������������������������������������   705 20.8 Disqualification of Accountable Persons��������������������������������������   706 20.8.1 Section 37J – Disqualification by APRA������������������������   706 20.8.2 Section 37JA – APRA May Vary or Revoke a Disqualification ��������������������������������������������������������������   707 20.8.3 Section 37JC – Allowing a Person Disqualified by APRA to Act as an Accountable Person��������������������   707 20.8.4 Section 37KA – Indemnifying ADIs and Accountable Persons Not Permitted Except for Liability for Legal Costs��������������������������������������������   708 20.9 APRA’s Improvements for Non-Financial Risk Accountabilities Not Being Clear, Cascaded and Enforced (NFRAccFail) ��������������������������������������������������������   709 21 A  PRA Revised Draft Prudential Standard CPS 511 Remuneration����������������������������������������������������������������������������������   713 21.1 APRA Remuneration Framework������������������������������������������������   715 21.2 APRA Role of the Board in the Remuneration Framework ��������   716 21.3 APRA Review of the Remuneration Framework��������������������������   717 21.4 APRA Variable Remuneration Design������������������������������������������   718 21.5 APRA Variable Remuneration Outcomes������������������������������������   721 21.6 APRA Variable Remuneration of Specified Roles������������������������   722 21.7 APRA Variable Remuneration Deferral and Clawback����������������   724 21.8 APRA Remuneration Policy ��������������������������������������������������������   726 21.9 APRA Other Requirements of CPS 511 ��������������������������������������   729

Contents of Volume II

Part V Governance of Banks in the GFC and Beyond Key Field No. 5 (Part 5): Boards and Committees, Independence, Expertise and Bank and Risk Culture 22 G  overnance of Banks in the GFC and Beyond Key Field No. 5 (Part 5): Boards and Committees, Independence, Expertise and Bank and Risk Culture ������������������������������������������������   735 22.1 Approach to Boards, Committees, Independence, Expertise and Bank and Risk Culture from the GFC to the Australian Banking Royal Commission Inquiry into Banking Misconduct��������������������������������������������������������������   735 22.2 Summary of Responsibilities of the Board ����������������������������������   738 22.3 Review of the [BrdIndMon] (+) Variable from Stage 1 – Board Independent: Executive Director Proportion – Monitoring Effect��������������������������������������������������������������������������   745 23 B  oard Characteristics for Australian Major Banks���������������������������   747 23.1 Overview – Governance Failings of Boards of Directors ������������   749 23.2 Board Size, Composition and Qualification����������������������������������   752 23.3 Board Size and Information and Task ‘Overload’������������������������   753 23.4 Governance Variables for NED Induction, Training, Development Programs, ‘Dedicated Support’ and Financial Industry Awareness – Coverage/Rating + 7/87.50 rprox – Relational Effect Paths������������������������������������������������������������������   754 23.5 Time commitment of Non-executive Directors – Coverage/Rating + 7/87.50 rprox ������������������������������������������������   755

xxi

xxii

Contents of Volume II

24 F  unctioning of the Board and Monitoring and Evaluation of Performance ��������������������������������������������������������������������������������������   757 24.1 [BankNEDTestStrat] (+) Variable – Banks – Challenging and Testing Strategy by Non-executive Directors – Enhancement of Monitoring Effect – Coverage/Rating + 7/87.50 rprox – Relational Effect Path������������������������������������������   759 24.2 [BankNEDTestRisk] (+) Variable – Banks – Challenging and Testing Risk by Non-executive Directors – Enhancement of Monitoring Effect – Coverage/Rating + 7/87.50 rprox – Relational Effect Path ������������������������������������������������������������������   759 24.3 Time, Qualifications, Role and Annual Election of Chairperson������������������������������������������������������������������������������   760 24.4 Role of the ‘Senior Independent Director’������������������������������������   760 24.5 Performance Evaluation of the Board������������������������������������������   760 24.6 Evaluation Statement of the Skills and Experience of the Board����������������������������������������������������������������������������������   760 24.7 Regulatory Authorization Processes to Approve Non-­executive Directors Beyond Scope of Book ������������������������   761 24.8 APRA Final Report Failings in Board Effectiveness, Risk Management, Internal Monitoring and Decision-Making��������������������������������������������������������������������   761 24.9 APRA Final Report Failings in Reporting to the Board����������������������������������������������������������������������������������   762 25 Diversity��������������������������������������������������������������������������������������������������   765 25.1 Interim Variables for Board Diversity������������������������������������������   767 26 S  kills, Independence, Competence and ‘Fit and Proper Person’ Tests ������������������������������������������������������������������������������������������   771 26.1 Existing Governance Variables Based on the Independence Ingredient��������������������������������������������������������������������������������������   775 26.2 Independence May Be Associated with Less Bank-Specific Knowledge������������������������������������������������������������������������������������   776 26.3 OECD Findings on Independence and Competence��������������������   779 26.4 APRA’s Prudential Standard 520 Fit and Proper – Fit and Proper Person Variables – Coverage/Rating + 7/87.50 rprox��������������������������������������������������������������������������������   783 26.5 Governance Variables Based on OECD Recommendations on Continuing Training ����������������������������������������������������������������   792 27 F  ailures in Risk Modelling and Rating Securitized Products������������   795 27.1 Variables for Failures in Risk Models of Securitized Products����������������������������������������������������������������������������������������   797 27.2 Variables Based on Credit Ratings of Securitised Products����������   799 27.3 Leverage and off-Balance-Sheet Entities��������������������������������������   801

Contents of Volume II

xxiii

28 O  wnership, Governance Structure and Government Bailout ����������   805 28.1 Bank Size and Leverage Related to Probability of Bailout����������   806 28.2 [BankHighLevRisk] (−) – Banks – Level of Leverage (High) – Effects of Risk-Taking – Coverage/Rating − 7/87.50 rprox – Relational Effect Path������������������������������������������   806 28.3 ‘Maturity Transformation’ of Bank Debt and a Continuous Supply of Liquidity ����������������������������������������������������������������������   808 28.4 [BankConnect] (−) – Banks – Level of Interconnectedness of Banks (High) – Effects of Risk-­Taking – Coverage/Rating − 7/87.50 rprox – Relational Effect Path����������   808 28.5 [BankSystRisk] (−) – Banks – Level of Systemic Risk – Effects of Risk-Taking – Coverage/Rating − 7/87.50 rprox – Relational Effect Path ������������������������������������������������������������������   809 28.6 [BankSizeRisk] (−) – Banks – Increases in Bank Size – Effects of Risk-Taking – Coverage/Rating − 7/87.50 rprox – Relational Effect Path ������������������������������������������������������������������   810 28.7 Controlling Shareholder Predictive of Greater Risk and Bailout������������������������������������������������������������������������������������   810 28.8 Relationship Between Stronger Governance, Market Valuation and Performance ����������������������������������������������������������   811 28.9 More Independent Boards with High Institutional Ownership Performed Worse in the Crisis������������������������������������   813 28.10 Country-Level Governance ����������������������������������������������������������   815 29 C  omposition, Independence, Representation, Codes of Conduct and Culture������������������������������������������������������������������������   817 29.1 Greater Challenge, Debate and Testing����������������������������������������   820 29.2 Change in Board Culture and Codes of Conduct/Ethics and Conflicts ��������������������������������������������������������������������������������   822 29.3 FSB’s Framework for Assessing Risk Culture������������������������������   832 29.4 FSRC Findings on Governance, Remuneration and Culture��������   844 29.5 FSRC Final Report Recommendations and Commentary on Culture��������������������������������������������������������������������������������������   845 29.6 FSRC Final Report Recommendations and Commentary on Governance������������������������������������������������������������������������������   847 29.7 FSRC Recommendations and Commentary on Priorities������������   849 29.8 NAB Self-Assessment 2018 on Financial Objectives and Prioritisation��������������������������������������������������������������������������   851 29.9 Westpac Review Team 2018 Prioritisation Decisions������������������   856 29.10 FSRC Final Report Recommendations and Commentary on Non-­financial Risks������������������������������������������������������������������   861 29.11 FSRC Final Report Recommendations and Commentary on Accountability��������������������������������������������������������������������������   861

xxiv

Contents of Volume II

30 N  AB Self-Assessment 2018, Westpac Review Team 2018 and Westpac Reassessment on Governance, Accountability and Culture��������������������������������������������������������������������������������������������   863 30.1 NAB Self-Assessment 2018 and Westpac Review Team 2018 on the Role of the Board and Senior Management��������������   864 30.2 Operation of the Board and Its Committees ��������������������������������   864 30.3 NAB Reporting to the Board��������������������������������������������������������   865 30.4 Westpac Review Team 2018 ��������������������������������������������������������   870 30.5 NAB Board Challenge and Closure of Issues������������������������������   870 30.6 NAB Remuneration and Consequence Management��������������������   872 30.7 NAB Self-Assessment on Senior Leadership Oversight��������������   873 30.8 Westpac Functioning of Executive Team and RISKCO ��������������   881 30.8.1 Westpac Reassessment Board and Executive Oversight of Non-financial Risk ������������������������������������   884 30.9 NAB Self-Assessment of Accountability��������������������������������������   886 31 N  AB and Westpac Recommendations and Commentary on Culture ����������������������������������������������������������������������������������������������   893 31.1 NAB Five Cultural Inhibitors to Targeted Culture������������������������   895 31.2 NAB Values and Behaviours and Cultural ‘Levers’����������������������   896 31.3 NAB Measuring Risk Culture������������������������������������������������������   897 31.4 NAB Cultural Inhibitor 1 – Rigour and Discipline����������������������   899 31.5 NAB Cultural Inhibitor 2 – Over-Reliance on People for Deficiencies in Systems and Processes ����������������������������������   901 31.6 NAB Cultural Inhibitor 3 – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues ������������������������������   902 31.7 NAB Cultural Inhibitor 4 – Failure to Listen and Learn from Customers, Regulators and Employees��������������������������������   905 31.8 NAB Cultural Inhibitor 5 – Other Priorities Put Before Commitment to Customers ����������������������������������������������������������   907 31.9 Westpac’s Findings and Commentary on Culture������������������������   909 31.10 Westpac Finding 1: “Vision, values and strategy set at the top are clear, but translation by leaders into purposeful action for employees can be improved”��������������������������������������������������   910 31.11 Westpac Finding 2: “Management of non-financial risk, although recognised as important, is not as well understood and embedded as it should be”������������������������������������������������������   913 31.12 Westpac Finding 3: “The organisation is people-­oriented, but can overplay its caring, relationship-focus and collaboration attributes” ��������������������������������������������������������   915 31.13 Westpac Finding 4: “There is insufficient personal ownership and empowerment, leading to a tendency to default to collective decision-­making and diffused accountability” ��������   917 31.14 Westpac Finding 5: “There is a tendency towards “Completeness”, Which Can Lead to Acceptance and Perpetuation of Organisational Complexity” ������������������������   918

Contents of Volume II

xxv

31.15 Westpac Finding 6: “Focus on speak-up and challenge has increased, but more work is needed to increase employee comfort and listening by leaders”��������������������������������   920 31.16 Westpac Finding 7: “There is insufficient discipline in prioritising, making decisions and saying “no””����������������������   921 31.17 Westpac Finding 8: “There is a tendency to focus on conceptualisation over embedding and process over outcome” ������������������������������������������������������������������������������   922 31.18 Westpac Finding 9: “A lack of institutional learning and reflection holds the organisation back”����������������������������������   923 31.19 Westpac Reassessment Findings on Risk Culture������������������������   925 32 A  PRA Information Paper 2019 on Risk Culture��������������������������������   927 32.1 APRA’s “Risk culture is not always well understood” ����������������   927 33 F  inancial and Bank-Specific Expertise������������������������������������������������   931 33.1 Lack of Financial Expertise Predictive of Bank Failure ��������������   932 33.2 Inadequate Risk Management and Internal Controls��������������������   933 33.3 Mix of Financial and Non-financial Industry Knowledge for Effective Challenge ����������������������������������������������������������������   935 33.4 Financial Industry Expertise and Independence Trade-Off����������   937 33.5 Number and Time Commitment of Non-executive Directors for Audit, Remuneration and Risk Committees – Relational Effect Paths������������������������������������������   938 33.6 Development, Training and Support of Non-executives and New Non-executive Director Mentoring by Senior Executives ������������������������������������������������������������������������������������   941 33.7 The Senior Independent Director��������������������������������������������������   943 34 R  ole, Responsibilities and Time Commitment for the Chairperson��������������������������������������������������������������������������������   945 34.1 Division in CEO/Chairperson Roles from Stage 1 and OECD Recommendations in Stage 2 ������������������������������������   946 34.2 Agenda Items, Access to Information and Promoting Alternative Views��������������������������������������������������������������������������   947 35 S  ize and Composition of the Board������������������������������������������������������   955 35.1 Proportion of Executive and Non-executive Directors on the Board����������������������������������������������������������������������������������   955 35.2 Evaluation of the Board, Board Renewal and Communication with Major Shareholders��������������������������������������������������������������   957 35.3 Board Review of Performance for Board and Committees and Renewal of Board������������������������������������������������������������������   958 35.4 Evaluation Statement of the Skills and Experience of the Board����������������������������������������������������������������������������������   962 35.5 Communication with Major Shareholders������������������������������������   962 35.6 Cooperation of the Board and Committees����������������������������������   963

xxvi

Contents of Volume II

36 Board Committees ��������������������������������������������������������������������������������   967 36.1 Audit Committee��������������������������������������������������������������������������   968 36.2 APRA Shortcomings in Operation of Audit Committee��������������   978 36.3 Westpac Audit Committee Reporting from Group Audit�������������   982 36.4 Board Risk Committee (BRC)������������������������������������������������������   983 36.5 Compensation/Remuneration Committee������������������������������������   983 36.6 Other Committees ������������������������������������������������������������������������   983 36.7 APRA Failings in Board Committees������������������������������������������   989 36.8 APRA Failings in Senior Executive Leadership��������������������������   994 36.9 APRA’s Improvements in Non-Financial Risk Management in Relation to Operational, Compliance and Conduct Risks (NFRMan)��������������������������������������������������������������������������   998 36.10 APRA’s Observations That Acknowledged Weaknesses Are Already Known (NFRWeak)��������������������������������������������������  1002 37 C  omplexity of Bank Structures, Off-­Balance Sheet Entities, Disclosure and Transparency����������������������������������������������������������������  1005 37.1 Off-Balance Sheet Entities and the Relational Approach ������������  1006 37.2 Separate Legal Entity Principle Can Affect Group-­Wide Risk Policy and Disclosure ����������������������������������������������������������  1006 37.3 Complex and Opaque Bank Structures ����������������������������������������  1006 37.3.1 Complexity of Bank Structures and Directors’ Duties to the Entity���������������������������������������������������������  1006 37.3.2 Boards of Parent Companies������������������������������������������  1008 37.3.3 Complexity Makes Oversight by Non-executive Directors Problematic�����������������������������������������������������  1008 37.4 [NEDBankStructInfo] (−) Variable – Banks – Non-­Executive Directors – Complex and Opaque Bank, Group and Entity Structures – Reduction in Decision Quality and Delineation and Disclosure of Powers, Duties and Lines of Responsibility – Coverage/Rating −4/50.00 rprox – Relational Effect Path ������������������������������������������������������������������  1009 37.5 Complex and Opaque Bank Financial Instruments����������������������  1010 37.5.1 Complexity of Financial Products and Lack of Control������������������������������������������������������������������������  1010 37.6 Separation of Deposit-Based Banking Beyond Scope of Walker Review 2009����������������������������������������������������������������  1011 37.7 Bank (Continuous) Disclosure and Transparency and Structured Products����������������������������������������������������������������  1012 37.7.1 ASX Continuous Disclosure Obligations�����������������������  1012 37.7.2 ASX Information and Facilities for Security Holders����������������������������������������������������������������������������  1013 37.7.3 Information Asymmetry Extends Beyond Shareholders��������������������������������������������������������������������  1015 37.7.4 Principles for Transparency and Disclosure��������������������  1015

Contents of Volume II

xxvii

37.8 Disclosure at the Structured-Product Level����������������������������������  1016 37.8.1 Deficiencies in the Quality of Decision-Making by Non-­executive Directors��������������������������������������������  1017 37.8.2 Deficiencies in the Transparency and Timing of Reporting and Internal and External Monitoring��������  1017 37.9 Disclosure at the Financial Institution Level��������������������������������  1018 37.9.1 Risk Disclosure ��������������������������������������������������������������  1018 37.9.2 Valuation Disclosure ������������������������������������������������������  1019 37.9.3 Liquidity Disclosure��������������������������������������������������������  1019 37.10 Bank Supervisors and Regulatory Guidance��������������������������������  1020 Part VI Governance of Banks in the GFC and Beyond Key Field No 5 (Part 6): The Governance and Management of Bank Risk, Risk Appetite and Risk Culture 38 I ntroduction to Failings of Risk Management in the Global Financial Crisis and Beyond to the Australian Banking Royal Commission Enquiry into Banking Misconduct����������������������  1023 38.1 The Link Between Risk Management and Governance����������������  1028 38.2 Board Responsibilities and Failings of Board Oversight in Risk Management ��������������������������������������������������������������������  1029 38.2.1 Board Responsibilities����������������������������������������������������  1029 38.2.2 Failings of Board Oversight in Risk Management����������  1030 38.3 Application – Governance Variables Based on Board Responsibilities and Principal Failings of Board Oversight in Risk Management, Internal Monitoring and Decision-Quality ��������������������������������������������������������������������������  1033 38.3.1 Approach to Modelling Governance Variables ��������������  1033 38.3.2 Governance Variables for Board Responsibilities in CPS 220 Risk Management����������������������������������������  1035 38.3.3 Additional Requirements on Head of a Group����������������  1036 38.4 Failure to Identify Risks on an Organisation-Wide Basis Rather than by Business Unit or Activity�������������������������������������  1037 38.5 Separation and Low Status of Risk Managers Likely to Cause a Deficiency or Reduction in the Flow of Information from Management to the Risk Manager on the Details of Particular Risks������������������������������������������������������������������������  1037 38.6 Failure to Escalate Problems or ‘Red Flags’ – Deficiencies in the Flow of Information Upward Through the Bank to Senior Management and/or the Board��������������������������������������  1038 38.7 Failure in Information Flow on Leverage and Risks Due to over-­Reliance on Regulatory Capital Ratios and Rates of Return on Equity������������������������������������������������������  1038 38.8 Failure of Information Flow on Identifying Risks������������������������  1038 38.9 Failure of Information Flow on Risks in CDOs and Other Financial Products������������������������������������������������������������������������  1039

xxviii

Contents of Volume II

38.10 Failure of Information Flow to Senior Management Due to ‘Silo Structures’������������������������������������������������������������������������  1039 38.11 Failure of Information Flow Due to Conducting Stress Testing with Past Information ������������������������������������������������������  1039 38.12 Failure to Understand and Compare Bank’s Risk Position Relative to Risk Appetite��������������������������������������������������������������  1040 38.13 Failure of Risk Model Assumptions ��������������������������������������������  1040 38.14 Failure by Board to Continuously Review Internal Structure of Bank for Clear Lines of Accountability/Responsibility, Risk Culture and Flow of Information About Risks ��������������������  1040 38.15 Failure in Training Employees Responsible for Distributing Risk Products��������������������������������������������������������������������������������  1041 38.16 Failure in Expertise or Experience of Risk Management Employees in Entire Range of Risks��������������������������������������������  1041 38.17 Failure to Monitor Changes in Risks in Real Time and to Escalate Information Rapidly Upward in the Bank ����������  1041 38.18 Failure to Upgrade IT Tools for Complex and Opaque Bank Structures����������������������������������������������������������������������������  1042 38.19 Failure to Devote Sufficient Management Time to Management of Risks ��������������������������������������������������������������  1042 38.20 Failure to Align Corporate Strategy, Risk Appetite and the Internal Risk Management Structure��������������������������������  1042 38.21 Failure to Separate Risk Management and Control from Profit Centres������������������������������������������������������������������������  1043 38.22 Failure of Chief Risk Officer (CRO) to Report Directly to Board and Board Risk Committee (BRC) in Addition to CEO ����������������������������������������������������������������������  1043 38.23 Failure in Transparency and Understandability of Material Risk Factors Ranked in Order of Importance ������������������������������  1044 39 N  AB and ASIC Failures in Issue Identification, Escalation and Resolution����������������������������������������������������������������������������������������  1045 39.1 NAB Failure to Escalate Problems or ‘Red Flags’ Generally – Deficiencies in the Flow of Information Upward Through the Bank to Senior Management and/or the Board (Generally) ������������������������������������������������������������������  1046 39.2 NAB Operational Risk Management Policy ��������������������������������  1047 39.3 NAB Monitoring and Reporting of Issues, Events and Actions������������������������������������������������������������������������������������  1049 39.4 NAB Compliance Breach Assessment and Reporting������������������  1049 39.5 NAB Audit and Regulatory Issues������������������������������������������������  1050 39.6 NAB Whistleblower Program ������������������������������������������������������  1051 39.7 NAB Complaints Reporting����������������������������������������������������������  1051 39.8 NAB Significant Issues ����������������������������������������������������������������  1052 39.9 NAB Customer Remediation Procedure ��������������������������������������  1052 39.10 NAB Management of ‘Excessive’ Risks��������������������������������������  1052

Contents of Volume II

xxix

39.11 NAB Regulatory Engagement������������������������������������������������������  1053 39.12 NAB Breach Reporting����������������������������������������������������������������  1053 39.13 NAB Voice of Customer in Issue Management����������������������������  1054 39.14 NAB Complex Issue Management and Closure ��������������������������  1055 39.15 NAB Resolving Customer Complaints ����������������������������������������  1056 39.16 NAB Customer Remediation��������������������������������������������������������  1056 39.17 NAB Regulatory Interactions��������������������������������������������������������  1057 39.18 ASIC Governance Taskforce 2019 Findings on ‘Information Flows’����������������������������������������������������������������������  1057 40 R  isk Culture, Risk Appetite and Risk Appetite Statements��������������  1063 40.1 Elements of Sound Risk Culture��������������������������������������������������  1066 40.1.1 APRA’s Aims for Risk Culture ��������������������������������������  1068 40.2 APRA’s Nine Themes Inhibiting Sound Risk Culture������������������  1068 40.2.1 APRA Identifies “Widespread Complacency”����������������  1069 40.2.2 APRA Identifies “Reactivity Rather Than Pre-emption Regarding Risk” ����������������������������������������  1070 40.2.3 APRA Identifies “Uneven Influence of the Risk Function”������������������������������������������������������������������������  1071 40.2.4 APRA Identifies “Not Fully ‘Walking the Talk’ When It Comes to Risk Management”���������������������������  1072 40.2.5 APRA Identifies “Less Tendency Towards Reflection, Introspection and Learning” ������������������������  1073 40.2.6 APRA Identifies “Collegial, High Trust Environment Leading to Some Over-Confidence and OverCollaboration” ����������������������������������������������������������������  1075 40.2.7 APRA Identifies “Striving to Balance Empowerment with Challenge, Although Not Well Executed”��������������  1075 40.2.8 APRA Identifies “Aiming to Be a Values-Led Institution, But an Over-Reliance on Good Intent”��������  1076 40.2.9 APRA Identifies “Self-Perceived, But Incomplete, Focus on the Customer”��������������������������������������������������  1077 40.3 Senior Management Responsibilities for Risk Culture, Risk Management and Provision of Information��������������������������  1078 40.3.1 Governance Variables for Senior Management Responsibilities ��������������������������������������������������������������  1078 40.4 Developing a Risk Appetite Is a Responsibility of the Board������  1080 40.5 Risk Appetite Statement (RAS) and Risk Management Strategy (RMS) ����������������������������������������������������������������������������  1081 40.5.1 APRA Requirements for the RAS and RMS������������������  1081 40.5.2 Governmental and Market Participant Reports on the RAS����������������������������������������������������������������������  1083 40.5.3 ASIC Governance Taskforce 2019 on the RAS��������������  1087 40.6 APRA Business Plan and Policies and Procedures����������������������  1093

xxx

Contents of Volume II

41 F  SB Effective Risk Appetite Framework��������������������������������������������  1095 41.1 FSB Principles for an Effective Risk Appetite Framework (RAF)������������������������������������������������������������������������  1096 41.2 FSB Risk Appetite Statement (RAS)��������������������������������������������  1096 41.3 FSB Risk Limits����������������������������������������������������������������������������  1097 41.4 FSB Roles and Responsibilities for an Effective RAF ����������������  1098 41.5 Westpac BRC Monitoring of Risk Appetite����������������������������������  1101 42 T  he Three Lines of Defence������������������������������������������������������������������  1105 42.1 Business Units or Line 1 ��������������������������������������������������������������  1107 42.2 Risk Management and Compliance Function ������������������������������  1114 42.3 Internal Audit��������������������������������������������������������������������������������  1115 42.4 Corporate Defence Management (CDM) Extends the Three Lines�����������������������������������������������������������������������������  1115 42.5 Other Enquiries Beyond the Scope of this Stage 2 Key Code and Advanced Handbook����������������������������������������������������  1117 42.6 High Risk Strategies and (Improper) Delegation of Risk Oversight��������������������������������������������������������������������������������������  1117 42.7 Inadequate Oversight, Risk Management and Complexity of Financial Products��������������������������������������������������������������������  1118 42.8 Governance Variables for Complexity of Financial Products������  1121 42.9 Factors Contributing to Short-Term Emphasis and Acceptance of Increased Leverage�����������������������������������������������  1123 43 B  oard Risk Committee (BRC)��������������������������������������������������������������  1125 43.1 Review – Non-Executive Director Number, Time Commitment and Number of Meetings for BRC��������������������������  1131 43.2 The Nature of Risks and Responsibilities Monitored by the BRC������������������������������������������������������������������������������������  1133 43.3 Responsibilities of the BRC����������������������������������������������������������  1136 43.4 BRC Responsibilities Proposed by BCBS Guidelines 2015, NAB Self-Assessment 2018, Westpac Review Team 2018 and ASIC��������������������������������������������������������������������������������������  1137 43.5 APRA Failings in Operation, Reporting and Reliance on Key Individuals of the BRC����������������������������������������������������  1146 43.6 Westpac Reporting to the BRC ����������������������������������������������������  1149 44 B  oard Risk Committee Composition ��������������������������������������������������  1153 44.1 Independence, Status and Reporting Lines of CRO ��������������������  1155 44.2 The Role and Responsibilities of the CRO ����������������������������������  1159 44.3 Role and Contribution of Non-Executive Directors on BRC�����������������������������������������������������������������������������������������  1161 44.4 BRC and Risk Appetite and Weightings for Incentives����������������  1162 44.5 The BRC, Economic Assessments, “Stress” Testing and Metrics������������������������������������������������������������������������������������  1163

Contents of Volume II

xxxi

44.6 External Advisers to the BRC ������������������������������������������������������  1166 44.7 The BRC and Significant Mergers, Acquisitions and Disposals��������������������������������������������������������������������������������  1166 44.8 Separate BRC Report��������������������������������������������������������������������  1167 44.9 No Constraints on Persons Providing Information to APRA����������������������������������������������������������������������������������������  1170 45 T  he Risk Management Function����������������������������������������������������������  1171 45.1 Other Functions and Responsibilities of the Second Line of Defence����������������������������������������������������������������������������  1174 45.2 Enterprise Risk Management (ERM) Framework������������������������  1193 45.3 Resources for Risk Management��������������������������������������������������  1199 45.4 Risk Identification, Monitoring and Control – Introduction to Internal Controls ����������������������������������������������������������������������  1200 45.5 Communication of Risk – Introduction����������������������������������������  1201 45.6 Escalation of Risk Information Upwards – ‘Red Flags’��������������  1208 45.7 Failure of ‘Red Flags’ as a Failure in Board’s Oversight of Risk Management ��������������������������������������������������������������������  1210 45.8 Failure by Senior Management to Escalate ‘Red Flags’ or Information Upwards to the Board������������������������������������������  1210 45.9 Failure by Second-Line Risk Management Function to Escalate ‘Red Flags’ or Information Upwards to the Board����������������������������������������������������������������������������������  1211 45.10 APRA and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags’ from Staff������������������������������������������������  1213 45.11 APRA and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags’ from Customers��������������������������������������  1222 45.12 APRA and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags’ from Regulators and Whistleblowers������  1231 45.13 APRA Identifies Failures in Financial Objectives and Prioritisation����������������������������������������������������������������������������������  1234 45.14 Compliance as Part of the Second Line of Defence���������������������  1238 45.15 APRA Identifies Failings in Accountability and Responsibility������������������������������������������������������������������������  1241 46 The Internal Audit Function ����������������������������������������������������������������  1247 47 G  overnance Variables for Remediation Activities������������������������������  1249 47.1 APRA Commentary on Remediation Attributes��������������������������  1249 48 G  overnance Variables for APRA on Risk Management and Compliance��������������������������������������������������������������������������������������  1255 48.1 APRA Risk Management Framework������������������������������������������  1256

xxxii

Contents of Volume II

49 N  AB’S Risk Management Framework (RMF) and ASX Enviromental and Social Risks ������������������������������������������������������������  1263 49.1 NAB First Line Risk and Control Ownership������������������������������  1266 49.2 NAB Second Line Risk Management������������������������������������������  1269 50 G  overnance Variables for the Westpac Review Team 2018 and the Westpac Reassessment on Risk Management and Compliance��������������������������������������������������������������������������������������  1275 50.1 Westpac Non-financial Risk Appetite ������������������������������������������  1275 50.2 Westpac Management of Conduct and Reputation Risks ������������  1277 50.3 Westpac Divisional Approaches to Manage Risk and Compliance and Embedding Group-Wide Policies ��������������  1280 50.4 Westpac Reassessment “CORE” Remediation Program��������������  1281 50.4.1 “Pillar 1 – Direction and Tone set by Board and Group Executive” ����������������������������������������������������  1282 50.4.2 “Pillar 2 – Clear Risk Boundaries for Decision-making” ����������������������������������������������������������  1284 50.4.3 “Pillar 3 – Accountable and Empowered People”����������  1285 Bibliography ��������������������������������������������������������������������������������������������������  1287 Index����������������������������������������������������������������������������������������������������������������  1295

Part I

Governance of Banks in the GFC and Beyond Key Field No 5 (Part 1): Introduction to the Relational Corporate Governance Model, Key Code and Advanced Handbook

Chapter 1

Aims and Approach to Examining the Governance of Banks in the Global Financial Crisis and Beyond to the Australian Banking Royal Commission Inquiry into Banking Misconduct in Stage 2 Abstract  The Stage 1 Relational Corporate Governance Approach Model explained how thirty-nine governance mechanisms, structures, processes and protocols called ‘governance variables’ affected ‘agency costs’ and the long-term efficiency and survival or sustainability of the firm. This survival/sustainability was measured by proxies for shareholder wealth or welfare including firm cost of capital, firm value/ share price, firm operating performance/profit and the likelihood of earnings manipulation or ‘management’. The Stage 1 Model was not tied to any particular industry and applied to firms generally. The thirty-nine Stage 1 governance variables were extracted from the literature, case studies, governance codes and empirical studies comprising the four original ‘Key Fields’: (1) the application of the theoretical models of the firm to the relational approach; (2) Enron and Hastie corporate collapse literature; (3) international and national governance codes of the US, UK and Australia and (4) empirical/field studies actually undertaken by other commentators and researchers in examining the effectiveness or ability of the governance variables in reducing agency costs, enhancing firm value/share price and operating performance/profit and reducing the likelihood of earnings management/misstatement. This Stage 2 Key Code and Advanced Handbook 2 applies the Relational Model to the Global Financial Crises and the banking and financial services industry in a new Key Field – the ‘Governance of Banks in the GFC and Beyond’ Key Field No. 5. This fifth Key Field examines the behaviour and failures of governance variables relating to banks and financial firms in the GFC of 2008–9 and beyond to the recent Australian Banking Royal Commission Inquiry into banking misconduct. All the bank-specific governance variables – 1749 in number – are modelled or based on, or derived from, seven ‘Key’ or ‘Core’ governance variables from the original thirty-nine variables of Stage 1. This Stage 2 Key Code and Advanced Handbook indexes and examines major reports and pronouncements from the GFC and beyond to propose a uniform approach to governance and supervision for major banks in Australia. An important © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_1

3

4

1  Aims and Approach to Examining the Governance of Banks in the Global Financial…

element is to bring together major reports and pronouncements in Australia to propose a uniform approach for banks, in particular in relation to governance, accountability, remuneration, board characteristics, committees, conduct and other non-financial risks, bank and risk culture and the governance and management of risk. In this Chap. 1, the Key Code and Advanced Handbook introduces the major reports and pronouncements from the GFC and beyond which are indexed and modelled throughout the Key Code. As part of this, the seven ‘Key’ or ‘Core’ governance variables from the original thirty-nine variables of Stage 1 are introduced. Also introduced are the ‘Key Groupings’ of the Stage 2 Bank-Specific Governance Variables for Australian Banks. These Key Groupings are the prefixes or abbreviations – spanning one-hundred and fifty-nine (159) categories – in which the Key Code is classified or divided to represent the functions of the bank at the basic activity level. Keywords  Aims and approach · Stage 2 Relational Corporate Governance Approach · Key code · Advanced handbook · Stage 2 Reports and Publications · Core themes · Emerging themes · Non-financial risk · Key Groupings · Accountability Mapping

What differentiates banking in terms of corporate governance is the more important role of stakeholders (i.e. depositors) and implicit or explicit government guarantees with respect to classes of liabilities which changes the incentives facing boards, shareholders and managers. Failure of a bank could also have systemic consequences which is not the case with non-banks. Managers and shareholders are not likely to take account of this externality in conditioning their actions, laying the foundations for quite specific corporate governance policy interventions by the authorities such as demanding a “fit and proper person” test for prospective bank board members and major shareholders.1

This Stage 2 ‘Key Code’ and ‘Advanced Handbook’ follows-on from the Stage 1 Relational Corporate Governance Model Project and book  – Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach.2 Stage 1 built the relational approach that examined the effects of

 OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis: Key Findings and Main Messages, June 2009, approved for publication 29 May 2009, accessed 12 April 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/43056196. pdf, (‘OECD Key Findings 2009’), The Challenges for Policy Makers and the Steering Group, pp 12–13. 2  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 1

1  Aims and Approach to Examining the Governance of Banks in the Global Financial…

5

thirty-­nine (39) corporate governance and management mechanisms, structures, processes and protocols – called ‘governance variables’ – on shareholder wealth/ welfare measures using proxies such as firm cost of capital, firm value/share price, firm operating performance and the likelihood of earnings management or manipulation. In the relational approach, these proxies were used as indicators of the longterm efficiency and survival/sustainability of the for-profit corporation. The Stage 1 relational approach is not tied specifically to any industry and applies to firms generally. Moving now to the banking and financial services industry in this Stage 2, the overall aim of Stage 2 of the relational approach is to examine the new ‘Governance of Banks in the GFC and Beyond’ Key Field No. 5 – the behaviour and failures of governance variables relating to banks and financial firms in the Global Financial Crisis (GFC) of 2008–9 and beyond to the recent Australian Banking Royal Commission Inquiry into banking misconduct. Timewise, this culminates in Australia with the Bank Executive Accountability Regime (‘BEAR’),3 the Australian Prudential Regulation Authority’s (APRA’s) Final Report on its Prudential Inquiry into the Commonwealth Bank of Australia4 and 2019s Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry Final Report of 4 February 2019.5 There followed in 2019–2020 a number of APRA Prudential Standards detailed below culminating, at the time of writing, with APRAS’s Revised Draft Prudential Standard 511 Remuneration of November 2020 for remuneration requirements across all APRA-regulated entities.6

 Being PART IIAA – THE BANKING EXECUTIVE ACCOUNTABILITY REGIME, Banking Act 1959 (Cth), ss 37 – 37KC accessed 28 February 2019, available at http://classic.austlii.edu.au/ au/legis/cth/consol_act/ba195972/index.html#s37g, (the ‘BEAR’). The Australian Treasury announced in a Proposals Paper of 22 January 2020 that it proposed to extend the BEAR to other APRA regulated entities in the insurance and superannuation industries with the introduction of the Financial Accountability Regime (FAR). See Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, accessed 17 February 2020, available at https:// treasury.gov.au/sites/default/files/2020-01/c2020-24974.pdf. See Attachment A  – Summary of changes from the BEAR to the FAR, pp 11–13. The Government intends to introduce legislation by the end of 2020 to implement the FAR. See Proposal Paper, Next steps, p 3. 4  Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (‘APRA Final Report’), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-Report_30042018.pdf. 5  Commonwealth of Australia, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 4 February 2019, accessed 5 February 2019, available at https://static.treasury.gov.au/uploads/sites/1/2019/02/fsrc-volume1.pdf, Volume 1, (‘FSRC Final Report’). 6   Australian Prudential Regulation Authority, Revised Draft Prudential Standard CPS 511 Remuneration, November 2020, accessed 19 November 2020, available at: https://www.apra.gov. au/sites/default/files/%5Bdate%3Acustom%3AY%5D-%5Bdate%3Acustom%3Am%5D/Revised DraftPrudentialStandardCPS511Remuneration-­Clean-­November 2020.pdf (“CPS 511”). For earlier versions of CPS 511, see Australian Prudential Regulation Authority, Draft Prudential Standard CPS 511 Remuneration, Draft July 2019 available at https://www.apra.gov. 3

6

1  Aims and Approach to Examining the Governance of Banks in the Global Financial…

As noted above, in Australia, APRA delivered its Final Report on the Prudential Inquiry of the Commonwealth Bank of Australia in April 2018. That failings during the GFC affected the governance of banks and financial institutions – and continue to be relevant – was thus observed by APRA at that time: In the wake of governance failings and shortcomings in risk behaviour and culture exposed by the global financial crisis, Board effectiveness has come under heightened focus from regulators, globally and in Australia, and from stakeholders.7

Still in Australia, with an Interim Report in September 2018, Australia’s Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (FSRC) identified culture, governance practices, risk management and remuneration still at the heart of governance failings of banks and financial firms: I [The Royal Commission] must seek to identify properly the underlying causes of conduct of the kinds referred to in the Terms of Reference: conduct that might amount to misconduct and conduct falling short of community standards and expectations. As the Terms of Reference say, I must inquire whether the relevant conduct is ‘attributable to the particular culture and governance practices of a financial services entity or broader cultural or governance practices in the relevant industry or relevant subsector’ and whether the conduct ‘result[s] from other practices, including risk management, recruitment and remuneration practices of a financial services entity, or in the relevant industry or relevant subsector’. The second purpose must be to conduct the inquiry in ways that will prompt proper consideration of how best to avoid recurrence of conduct that might amount to misconduct or conduct falling short of community standards and expectations.8 au/sites/default/files/draft_prudential_standard_cps_511_remuneration_v2.pdf, See also:

(‘CPS

511’).

• Consultation on Remuneration Requirements for all APRA-regulated entities, accessed 22 September 2019, available at https://www.apra.gov.au/consultation-remunerationrequirements-­all-apra-regulated-entities; and • Discussion paper: Strengthening prudential requirements for remuneration July 2019, accessed 22 September 2019, available at https://www.apra.gov.au/sites/default/files/discussion_ paper_strengthening_prudential_requirements_for_remuneration_july_2019_v1.pdf. Recent pronouncements from APRA in January 2020 state that this draft will be finalised in the first half of 2020 with an expected effective date of July 2021. See: • Australian Prudential Regulation Authority, Information Paper, APRA’s Policy Priorities, January 2020, accessed 17 February 2020, available at https://www.apra.gov.au/apras-policy-­ priorities, section 2.1.2 Remuneration and Attachment B: Timelines; and • Australian Prudential Regulation Authority, Information Paper, APRA’s Supervision Priorities, January 2020, accessed 17 February 2020, available at https://www.apra.gov.au/apras-­ supervision-­priorities, section 2.3.3 Remuneration. In addition to finalisation of APRA’s Draft Prudential Standard 511 Remuneration, APRA has announced that it intends to consult on revised versions of Prudential Standard CPS 510 Governance, Prudential Standard CPS 220 Risk Management and Prudential Standard 520 Fit and Proper in the second half of 2020 with expected effective dates of 2022. See the above Information Paper, APRA’s Policy Priorities, section 2.1.1 Governance and risk management, section 2.1.3 Accountability and Attachment B: Timelines. 7  APRA Final Report, above n 4, p 10. 8  Commonwealth of Australia, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Interim Report, 28 September 2018, accessed 11 December 2018,

1.1  The ‘Bank-Specific’ Stage 2 Relational Corporate Governance Approach and…

7

As noted above, the FSRC’s Final Report was delivered in February 2019.9 The relational approach indexes and examines major reports and pronouncements from the GFC and beyond to propose a uniform approach to governance and supervision for major banks in Australia. Banks on the one hand and Supervisors/ Regulators on the other, can identify, formulate and agree on the scope of an inquiry or review to be undertaken at a particular bank or in relation to particular business units or particular activities of a bank. An important element of Stage 2 is to bring together and index major reports and pronouncements in Australia to propose a uniform approach for major banks, in particular in relation to governance, accountability, remuneration, board characteristics, committees, conduct and other non-­ financial risks, bank and risk culture and the governance and management of risk.

1.1 The ‘Bank-Specific’ Stage 2 Relational Corporate Governance Approach and Model Is a ‘Key Code’ and ‘Advanced Handbook’ As indicated by the title of this Stage 2, this is achieved through the use of a ‘Key Code’ and ‘Advanced Handbook’. A Key Code – or control code – is used on a practical level to actually index, plan, execute and monitor the progress of a ‘deep dive’ review of a very-wide range of banks, and, more particularly, their ‘first line’ business units, ‘second line’ compliance functions and other functions at the activity level. So each governance variable in this Stage 2 has its origin identified and indexed from reports, papers and findings set out in Sect. 1.2 below. Stage 2 is also a Key Code because all its bank-specific governance variables – 1749 in number – are modelled or based on, or derived from, seven (7) ‘Key’ or ‘Core’ governance variables from the original thirty-nine (39) variables of Stage 1. These Stage 1 governance variables are set out in Table 10.2 below and re-stated here: • [AudCom] (+) – Audit Committee – Presence, Operation and Frequency (relational effect path section 8.4.2 of Stage 1) (+6/75.00 rprox) (Table 10.2, No 23); • [BrdIndInfo] (−) – Board Independent Director: Executive Director Proportion – Information Flow and Decision Quality ‘Trade-off’ (relational effect path section 7.3.2.1.3 of Stage 1) (−4/50.00 rprox) (Table 10.2, No 201); • [BrdIndMon] (+) – Board Independent Director: Executive Director Proportion – Monitoring Effect (relational effect path sections 7.3.2.1.1–7.3.2.1.2 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 203); • [BrdSkills] (+) – Board – Director Skills ‘Mix’ (relational effect path section 7.3.1.2.1 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 209);

available at https://financialservices.royalcommission.gov.au/Documents/interim-report/interim-­ report-­volume-1.pdf, Volume 1, Introduction, p 2, (‘FSRC Interim Report’). 9  FSRC Final Report, above n 5.

8

1  Aims and Approach to Examining the Governance of Banks in the Global Financial…

• [EqOptEntrch] (−)  – Equity/Option Plans and Holdings of Directors/ Executives  – ‘Entrenchment’ Effect (excludes short-term options) (relational effect path section 10.2.4 of Stage 1) (−7/87.50 rprox) (Table 10.2, No 434); • [EqOptIncent] (+)  – Equity/Option Plans and Holdings of Directors/ Executives – Incentive/’Alignment’ Effect (excludes short-term options) (relational effect path section 10.2.4 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 435); and • [TransTimeMon] (+)  – Transparency and Timing of Reporting  – Monitoring Effect (relational effect path section 9.1.2.1 of Stage 1) (+8/100.00 rprox) (Table 10.2, No 1203). Thus, of utility for modelling purposes, these Stage 1 governance variables have high explanatory power for identifying, constructing and articulating the new Stage 2 bank-specific governance variables. A number of further aspects comprise the Key Code and Advanced Handbook. First, the Key Code itself is in a single table  – Table 10.2. This is the ‘Bank Combined Coverage and Relational Proximity Table’ which gives a description of each variable with the results for the target or hypothesised ‘coverage’ and ‘relational proximity rating’ of those variables. The target or hypothesised coverage and relational proximity rating of each Stage 2 bank-specific governance variable is based on the coverage/rating of one of the above seven (7) ‘Key’ or ‘Core’ governance variables from the original thirty-nine (39) variables of Stage 1. Thus, the target or hypothesised coverage/rating of each bank-specific governance variable is fixed in Table 10.2 and does not change. In Sect. 4.7 of Chap. 4, we introduce how to undertake a ‘mapping’ or review exercise of the bank’s governance and management structures, mechanisms, processes, protocols and lines of responsibility and accountability in a four-step process. Second, at a detailed operational level for planning and conducting such governance mappings or reviews of the bank, the governance variables are also indexed and linked by a ‘Key Grouping’, prefix or abbreviation (for example, non-financial risk committee (‘NFRCm’), risk appetite statement (‘RAS’) and 2nd line risk management function (‘SecLine’)) for particular activities. Thus, all related governance variables are indexed and grouped into one-hundred and fifty-nine (159) activities or functions for a ‘deep dive’ review of each activity. Thus, Stage 2 indexes and shows with very practical or ‘operational-level’ enquiry steps in governance variables how to apply the major reports and pronouncements of national and international bodies below in section 1.2 – including the EC, OECD, International Institute of Finance (IIF), Financial Stability Board (FSB), Walker Review, Basel Committee for Banking Supervision, APRA, FSRC, ASX and ASIC – at the ‘nuts and bolts’ bank level. In other words, Stage 2 indexes and shows the practical and operational checks and balances (presented as pathways modelled on Key or Core Stage 1 governance variables) required by these bodies. Third, the ‘Advanced Handbook’ means that each governance variable in Table 10.2 is indexed and linked by section number to the obligations, requirements and recommendations identified in the reports and pronouncements of those bodies and an analysis and pathway representing the nature, extent and behaviour for that variable. Thus, the Stage 2 Key Code and Advanced Handbook indexes and explains for

1.2  Stage 2 Government, Regulatory, Bank and Industry Body Reports and Publications

9

banks, Supervisors, Regulators, exchange operators, market participants and governments and their advisers how 1749 variables affect agency costs and the long-­ term efficiency and survival/sustainability of a bank. Again – like Stage 1 – this is measured by proxies such as bank cost of capital, bank value/share price, bank operating performance/profit and the likelihood of earnings manipulation or ‘management’ and represented on the ‘coverage’ and ‘relational proximity rating’ scales also introduced in Stage 1.

1.2 Stage 2 Government, Regulatory, Bank and Industry Body Reports and Publications Fourth, significant in Stage 2 for Australia will be the following reports, papers, findings and pronouncements which are important to recognise now for, together, their wide field of operation and level of particularity or specificity at the practical – again ‘nuts and bolts’ – level of the bank: • the International Institute of Finance’s Final Report of the IIF Committee on Market Best Practices of 2008;10 • the UK Walker Review’s A review of corporate governance in UK Banks and other financial industry entities, Final recommendations of 2009;11 • the OECD Steering Group on Corporate Governance’s Corporate Governance and the Financial Crisis: Key Findings and Main Messages of June 2009;12 • Grant Kirkpatrick’s Report for the OECD, Corporate Governance Lessons from the Financial Crisis of 2009;13 • the European Commission’s Green Paper, Corporate Governance in Financial Institutions and Remuneration Policies of 2010;14  Institute of International Finance, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, Financial Services Industry Response to the Market Turmoil of 2007–2008, Washington, DC, July 2008, accessed 24 March 2017 at http://www.apec.org.au/docs/11_CON_GFC/IIF_Final_Report_of_the_Committee_on_Market_ Best_Practices.pdf (‘IIF Final Report 2008’). 11  David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’). 12  OECD Key Findings 2009, above n 1. 13  Grant Kirkpatrick, The Corporate Governance Lessons from the Financial Crisis, Report of the OECD Steering Group on Corporate Governance, 11 February 2009, Financial Market Trends, Vol 2009/1, ISSN 1995-2864, accessed 27 March 2017 at http://search.oecd.org/finance/financial-­ markets/42229620.pdf (‘OECD Kirkpatrick Report 2009’). 14  European Commission, Green Paper, Corporate Governance in Financial Institutions and Remuneration Policies, COM(2010) 284 final, Brussels, 2 June 2010, accessed 23 March 2017 at http://www.ecgi.org/commission/documents/green_paper_com2010_284_en.pdf (‘EC Green Paper 2010’). 10

10

1  Aims and Approach to Examining the Governance of Banks in the Global Financial…

• the OECD Steering Group on Corporate Governance’s, Corporate Governance and the Financial Crisis of 2010;15 • the European Commission’s Green Paper, The EU Corporate Governance Framework of 2011;16 • the Basel Committee on Banking Supervision’s Guidelines, Corporate Governance Principles for Banks of 2015;17 • the Financial Stability Board (FSB) Principles for Sound Compensation Practices of 2009;18 • the FSB Principles for Sound Compensation Practices Implementation Standards also of 2009;19 • for bank and risk culture and misconduct risk: –– the FSB Principles for An Effective Risk Appetite Framework of 18 November 2013; 20 –– the FSB Guidance on Supervisory Interaction with Financial Institutions on Risk Culture, A Framework for Assessing Risk Culture of 7 April 2014;21 and –– the FSB Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, the use of compensation tools to address misconduct risk of March 2018;22

 OECD Directorate for Financial and Enterprise Affairs, OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis, Conclusions and emerging good practices to enhance implementation of the Principles, 24 February 2010, accessed 11 May 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/44679170.pdf, (‘OECD 2010 Conclusions and Practices’). 16  European Commission, Green Paper, The EU Corporate Governance Framework, COM (2011) 164 final, Brussels, 5 April 2011, accessed 1 May 2017 at ec.europa.eu/internal_market/company/ docs/modern/com2011-164_en.pdf, (‘EC Second Green Paper 2011’). 17  The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’). 18  Financial Stability Board, FSB Principles for Sound Compensation Practices, 2 April 2009 accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/r_0904b.pdf (‘FSBP’). 19  Financial Stability Board, FSB Principles for Sound Compensation Practices Implementation Standards, 25 September 2009, accessed 28 February 2019, available at http://www.fsb.org/wp-­ content/uploads/r_090925c.pdf (‘FSBIS’). 20  Financial Stability Board, Principles for An Effective Risk Appetite Framework of 18 November 2013 accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/r_131118. pdf (‘FSBRAF’). 21  Financial Stability Board, Guidance on Supervisory Interaction with Financial Institutions on Risk Culture, A Framework for Assessing Risk Culture of 7 April 2014, accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/140407.pdf (‘FSBCult’). 22  Financial Stability Board, Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, The use of compensation tools to address misconduct risk, 9 March 2018, accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/ P090318-1.pdf (‘FSBSupp’). 15

1.2  Stage 2 Government, Regulatory, Bank and Industry Body Reports and Publications

11

• the Retail Banking Remuneration Review Report of April 2017 by Stephen Sedgwick AO;23 • the APRA Final Report;24 • the BEAR – Bank Executive Accountability Regime – contained in sections 37 – 37KC of the Banking Act 1959 (Cth);25 • the FSRC Interim Report;26 • the FSRC Final Report;27 • the NAB Self-Assessment 2018;28 • the Westpac Review Team Governance, Accountability and Culture Self-­ Assessment of November 2018;29 • the APRA Information Paper, Self-Assessments of Governance, Accountability and Culture of 22 May 2019;30 • APRA’s Prudential Standard CPS 220 Risk Management of July 2019;31 • APRA’s Prudential Standard CPS 510 Governance of July 2019;32  Stephen Sedgwick AO, Retail Banking Remuneration Review Report, 19 April 2017, accessed 28 February 2019, available at https://www.betterbanking.net.au/wp-content/uploads/2018/01/ FINAL_Rem-Review-Report.pdf (‘Sedgwick Review’). 24  APRA Final Report, above n 4. 25  BEAR, above n 3. As stated in n 3, the Australian Treasury announced in a Proposals Paper of 22 January 2020 that it proposed to extend the BEAR to other APRA regulated entities in the insurance and superannuation industries with the introduction of the Financial Accountability Regime (FAR). See Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, accessed 17 February 2020, available at https://treasury.gov.au/sites/default/files/2020-01/ c2020-24974.pdf. See Attachment A – Summary of changes from the BEAR to the FAR, pp 11–13. The Government intends to introduce legislation by the end of 2020 to implement the FAR. See Proposal Paper, Next steps, p 3. 26  FSRC Interim Report, above n 8. 27  FSRC Final Report, above n 5. 28  National Australia Bank, NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/ content/dam/nabrwd/documents/reports/corporate/nab-self-assessment-2018.pdf (‘NAB Self-­ Assessment 2018’). 29  Westpac Banking Corporation, Review Team, Governance, Accountability and Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-Assessment_Report_.pdf (‘Westpac Review Team 2018’). 30  Australian Prudential Regulation Authority (APRA), Information Paper, Self-Assessments of Governance, Accountability and Culture, 22 May 2019, accessed 5 June 2019, available at https:// www.apra.gov.au/sites/default/files/information_paper_self-­assessment_of_governance_accountability_and_culture.pdf, (APRA Information Paper 2019’). 31  Australian Prudential Regulation Authority, Prudential Standard CPS 220 Risk Management, July 2019, accessed 22 September 2019, available at https://www.apra.gov.au/sites/default/files/ cps_220_risk_management_effective_from_1_july_2019.pdf (‘CPS 220’). 32  Australian Prudential Regulation Authority, Prudential Standard CPS 510 Governance, July 2019, accessed 22 September 2019, available at: https://www.legislation.gov.au/Details/ F2019L00662/Download (‘CPS 510’). 23

12

1  Aims and Approach to Examining the Governance of Banks in the Global Financial…

• APRA’s Prudential Standard CPS 520 Fit and Proper of July 2019;33 • APRA’s Revised Draft Prudential Standard 511 Remuneration of November 2020;34 • the ASX Corporate Governance Council’s Fourth Edition of the Corporate Governance Principles and Recommendations of February 2019;35 • ASIC’s Corporate Governance Taskforce, Director and Officer Oversight of Non-financial Risk Report of October 2019;36 and • Westpac’s Reassessment of the Culture, Governance and Accountability Remediation Plan of June 2020.37 Thus Stage 2 is the largest Key Code and Advanced Handbook for Australian banks in publication to index and draw these reports, papers, findings and pronouncements together in a single publication, to identify and document their requirements and translate them into ‘nuts and bolts’ governance variables to apply at the practical levels of review of banking operations. There is one qualification to the above reports and pronouncements. In this Stage 2, the Key Code and Advanced Handbook applies to middle-to-higher level managers, senior managers, senior executives, the ‘C-suite’, board of directors and chairperson. Bank-specific governance variables relating to ‘frontline’ or ‘customer-facing’ staff and their ‘near managers’ awaits a future stage.

1.3 ‘Core’ and ‘Emerging’ Themes In the NAB Self-Assessment, its ‘core’ themes are stated to follow the APRA Final Report and are adopted in this Key Code and Advanced Handbook: • Governance: the way in which decisions at NAB are made, including how financial objectives, values and strategic priorities impact on decision-making and risk management, and how decisions once made are implemented.  Australian Prudential Regulation Authority, Prudential Standard CPS 520 Fit and Proper, July 2019, accessed 1 October 2019, available at: https://www.legislation.gov.au/Details/F2018L01390/ Download (‘CPS 520’). 34  CPS 511, above n 6. 35  Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition, February 2019, accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-principles-and-recommendationsfourth-­edn.pdf (‘2019ASX’). 36  Australian Securities and Investments Commission, ASIC Corporate Governance Taskforce, Director and Officer Oversight of Non-financial Risk Report, October 2019, accessed 15 April 2020, available at https://download.asic.gov.au/media/5290879/rep631-published-2-10-2019.pdf (‘2019ASIC’). 37  Westpac Banking Corporation, Reassessment of the Culture, Governance and Accountability Remediation Plan, June 2020, accessed 20 November 2020, available at https://www.westpac. com.au/content/dam/public/wbc/documents/pdf/aw/media/WBC_CGA_Reassessment.pdf (‘Westpac Reassessment’). 33

1.3  ‘Core’ and ‘Emerging’ Themes

13

• Accountability: the way in which NAB employees, both individually and collectively, fulfil their responsibilities and the consequences of them not doing so. • Culture: the norms of behaviour for individuals and groups within NAB that determine the collective ability to identify, understand, openly discuss, escalate and act on current and future challenges and risks.38

For the APRA Information Paper 2019, APRA wrote to 36 financial institutions after the APRA Final Report requesting a ‘board endorsed’ self-assessment of governance, accountability and culture.39 There, APRA identified “five key levers of change” in the recommendations of its Final Report: • more rigorous board and executive committee governance of non-financial risks; • exacting accountability standards reinforced by remuneration practices; • a substantial upgrading of the authority and capability of the operational risk management and compliance functions; • injection of the "should we" question in relation to all dealings with and decisions on customers; and • cultural change that moves the dial from reactive and complacent to empowered, challenging and striving for best practice in risk identification and remediation.40

For APRA, four “emerging themes” flowed from the industry self-assessments: • non-financial risk management requires improvement. This was evidenced through a range of issues identified by institutions, including resource gaps (particularly in the compliance function), blurred roles and responsibilities for risk, and insufficient monitoring and oversight. Institutions acknowledged that historical underinvestment in risk management systems and tools has also contributed to ineffective controls and processes. • accountabilities are not always clear, cascaded, and effectively enforced. Institutions noted that, while senior executive accountabilities are fairly well defined within frameworks, there is less clarity or common understanding of responsibilities at lower levels, and points of handover where risks, controls and processes cut across divisions. This is further undermined by weaknesses in remuneration frameworks and inconsistent application of consequence management. • acknowledged weaknesses are well known and some have been long-standing. The majority of self-assessment findings were reported to be already known to boards and senior leadership. Nevertheless, some issues have been allowed to persist over time, with competing priorities, resource and funding constraints typically cited as the basis for acceptance of slower progress. It was observed that these issues are often only prioritised when there is regulatory scrutiny or after adverse events. • risk culture is not well understood, and therefore may not be reinforcing the desired behaviours. Institutions are putting considerable effort into assessing risk culture, but many continue to face difficulties in measuring, analysing, and understanding culture (and sub-cultures across the institution). It is therefore unclear if these institutions can accurately determine whether their culture is effectively reinforcing desired behaviours (or identify how it would need to be changed to do so).41

 NAB Self-Assessment 2018, above n 28, p 7.  APRA Information Paper 2019, above n 30, p 7. 40  Ibid. 41  Ibid, p 12 (emphasis in original). 38 39

14

1  Aims and Approach to Examining the Governance of Banks in the Global Financial…

APRA further observed a number of “execution risks” in relation to program and project delivery causing delays, changes and reduced accountability: Many self-assessments, particularly those of the larger institutions, also identified weaknesses in program delivery, including for risk-related projects. Institutions recognised tendencies for delays and changes in the scope of projects, and a lack of accountability for outcomes. Some of the largest institutions also acknowledged a propensity to cultivate complexity in what they do – systems, processes and policies – which hinders effective execution. This suggests further risks to effective execution of plans to address weaknesses.42

For the Westpac Reassessment43 – recent at June 2020 – among the conclusions was that shortcomings remained in relation to five root causes: • an organisational construct that creates complexity; • an immature and reactive risk culture in non-financial risk management • a three lines of defence model that is not well understood or embedded, particularly in the First Line; • a shortfall in sufficient non-financial risk management capability; and • challenges in execution and staying the course.44

The “key areas” Westpac identified for these shortcomings were: • • • •

Board and Executive oversight of non-financial risk; Risk culture; Risk boundaries, frameworks and capabilities; and First Line ownership and capability to manage risk.45

The final principal conclusion for the Westpac Reassessment was that the CGA Program required “a reset including more rigorous prioritisation, co-ordination and oversight” now named “CORE” – Customer Outcomes & Risk Excellence”.46 Thus, these emerging themes, execution risks and continuing shortcomings receive targeted attention from the bank-specific governance variables indexed and modelled in this Key Code and Advanced Handbook, in particular in relation to governance, accountability, remuneration, board characteristics, committees, conduct, bank and risk culture and the governance and management of risk, focussing on non-financial risks.

 Ibid, p 13.  Westpac Reassessment, above n 37. 44  Ibid, Chapter 3, Principal conclusions of the Reassessment, p 6. 45  Ibid. 46  Ibid. 42 43

1.4  Non-Financial Risk Definitions and Major Risk Classes

15

1.4 Non-Financial Risk Definitions and Major Risk Classes Banks use different risk definitions and risk classes. Perhaps the clearest among the published self-assessments for non-financial risk is that of the Westpac Review Team 2018: However, the primary focus on non-financial risk in the Review Team’s scope was consistent with the scope of the Prudential Inquiry. For the purposes of this assessment, “non-­financial risk” refers to operational risk (including data and technology risk), compliance, conduct risk and reputation risk.47

The Westpac Review Team’s major non-financial risk classes are: Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events and includes legal risk, but excludes strategic and reputation risk. Compliance risk is “the risk of legal or regulatory sanction, financial or reputational loss, arising from [Westpac’s] failure to abide by the compliance obligations required of [Westpac].” Conduct risk is “the risk that [Westpac’s] provision of services and products results in unsuitable or unfair outcomes for our stakeholders or undermines market integrity”. Reputation risk is “the risk of the loss of reputation, stakeholder confidence, or public trust and standing”.48

For ASIC, non-financial risk is defined by adapting APRA’s definitions from the APRA Final Report: We adapted APRA’s definition to cover more than just prudential institutions, so that it captures: operational risk – the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events and includes legal risk but excludes strategic and reputational risk compliance risk – the risk of legal or regulatory sanctions, material financial loss, or loss to reputation an organisation may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organisation standards and codes of conduct applicable to its activities conduct risk – the risk of inappropriate, unethical or unlawful behaviour on the part of an organisation’s management or employees. These risks, although called non-financial, may lead to very significant financial loss if they are not well managed.49

 Westpac Review Team 2018, above n 29, section 2.2.6, p 13 (footnotes omitted).  Ibid, section 2.2.7, p 13 (footnotes omitted and reformatted). 49  2019ASIC, above n 36, Note on Terminology, Non-financial Risk, p 9. 47 48

16

1  Aims and Approach to Examining the Governance of Banks in the Global Financial…

1.5 ‘Key Groupings’ of Governance Variables for ‘Accountability Mapping’ As noted above, the new bank-specific governance variables are also indexed and grouped by ‘Key Groupings’, prefixes or abbreviations – at the activity or function level – spanning one-hundred and fifty-nine (159) categories and including those with the following Groupings (Grouping, prefix or abbreviation in alphabetical order) brought forward from Table 10.1 of Chap. 10 (Table 1.1) below. Existing Stage 1 and new Stage 2 bank-specific governance variables are named, indexed, grouped/prefixed and abbreviated in Table 10.2 of Chapter 10, the ‘Bank Combined Coverage and Relational Proximity Table’. As explained in Chap. 20, the BEAR introduces in Australia an accountability regime or scheme for banking executives including the concepts of an ‘Accountability Statement’50 and an “Accountability Map’.51 These have a number of requirements in relation to ‘accountable persons’ including a comprehensive statement of the part of the bank’s operations of which the accountable person has actual or effective responsibility for management or control, the responsibilities of the accountable person and details of the reporting lines and lines of responsibility of those accountable persons. Thus, the Stage 2 governance variables – including their indexing and breakdown by the above Key Groupings, prefixes and abbreviations  – should be used to construct a detailed and comprehensive map of the bank’s governance, management, control and reporting structures, mechanisms and lines of responsibility and accountability as a fundamental part or basis of the ‘deep dive’ review of the bank described in this Key Code and Advanced Handbook.

1.6 Aims of Parts 1 and 2 Part 1 The aim of this Part 1 will be to review a number of theoretical and operational parts of the Stage 1 Model as an introduction to this Stage 2 which uses the same

 BEAR, above n 3, section 37FA.  Ibid, section 37FB. As stated in n 3, the Australian Treasury announced in a Proposals Paper of 22 January 2020 that it proposed to extend the BEAR to other APRA regulated entities in the insurance and superannuation industries with the introduction of the Financial Accountability Regime (FAR). See Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, accessed 17 February 2020, available at https://treasury.gov.au/sites/default/files/2020-01/ c2020-24974.pdf. See Attachment A – Summary of changes from the BEAR to the FAR, pp 11–13. The Government intends to introduce legislation by the end of 2020 to implement the FAR. See Proposal Paper, Next steps, p 3. Accountability Statements and Accountability Maps will remain obligations of the FAR.  See Proposal Paper, Accountability maps and statements, p  7 and Attachment A, p 12. 50 51

1.6  Aims of Parts 1 and 2

17

Table 1.1  Reproduction of Table 10.1: ‘Key Groupings’ of the Stage 2 Bank-Specific Governance Variables for Australian Banks Key Grouping, Prefix or No. Abbreviation (in alphabetical order) 1. AccFail 2. 3. 4. 5. 6. 7. 8.

APRA APRACult ASIC ASX AudCom Bank BEAR

9.

BEARAcc

10. 11.

BEARAccReas BEARDeferVarRem

12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28.

BEARIDAccPerson BEARKeyPers BEARNotify BRC Brd BrdCust BU CC and Comp Cm Codes CRO Cult CultFail ECm ECmFail ED Fail

29. 30. 31. 32. 33.

FSB FSBComp FSBCult FSBIS FSBRAF

Key Grouping or Meaning Failure of board oversight of accountability or responsibility Australian Prudential Regulation Authority APRA Information Paper 2019 on Risk Culture Australian Securities and Investments Commission Australian Securities Exchange Audit committee Banks generally Bank Executive Accountability Regime (BEAR) for authorised deposit-taking institutions or ADIs BEAR accountability obligations of the ADI and accountable person BEAR ‘reasonable steps’ provisions BEAR deferred remuneration obligations of the ADI BEAR identification of accountable persons BEAR key personnel obligations of the ADI BEAR notification obligations of the ADI Board risk committee Board of directors Board failure in relation to customers Business units Compensation/remuneration committee Committees generally Codes of conduct and ethics Chief Risk Officer Bank and risk culture Failure of bank culture Executive Committee Failure of executive committee Executive directors Failure of board oversight of risk management and other governance variables Financial Stability Board FSB Principles for Sound Compensation Practices FSB Elements of an Effective Risk Culture FSB Implementation Standards FSB Principles for an Effective Risk Appetite Framework (continued)

18

1  Aims and Approach to Examining the Governance of Banks in the Global Financial…

Table 1.1 (continued) Key Grouping, Prefix or No. Abbreviation (in alphabetical order) 34. FSBSupp

35. 36.

FSRC FSRCAcc

37.

FSRCCult

38.

FSRCGov

39.

FSRCPriority

40. 41. 42. 43. 44. 45. 46. 47. 48.

HighEnd NAB NABAcc NABAudCom NABBRC NABBrdAgenda NABBrdChall NABBrdCm NABBrdOseeRem

49. 50. 51. 52.

NABBrdRep NABCC and NABComp NABCodesNEDCust NABCompConseqMan

53. 54.

NABCompRemConseq NABCompRisk&Cond

55. 56. 57. 58. 59. 60.

NABCultInhib NABCultLever NABCultMeas NABCultTone NABCultValues&Behave NABELT

61. 62. 63.

NABNomGov NABPriority NABRedFlag

Key Grouping or Meaning FSB Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, the use of compensation tools to address misconduct risk Financial Services Royal Commission FSRC Final Report recommendations and commentary on accountability FSRC Final Report recommendations and commentary on culture FSRC Final Report recommendations and commentary on governance FSRC Final Report recommendations and commentary on priorities Executives and ‘high end’ employees NAB Self-Assessment 2018 NAB board accountability NAB Audit Committee NAB Board Risk Committee NAB board agenda-setting function NAB board challenge and closure of issues NAB Board and Committees NAB board oversight of remuneration policies and practices NAB reporting to the Board generally NAB Compensation/Remuneration Committee NAB Codes Customer Outcomes Committee NAB consequence management for variable remuneration NAB application of remuneration consequence NAB risk and conduct within the remuneration framework NAB cultural inhibitors to targeted culture NAB cultural levers for desired culture NAB measuring risk culture NAB board role-modelling of tone-from-the-top NAB values and behaviours NAB oversight of Executive Leadership Team (ELT) NAB Nomination and Governance Committee NAB financial objectives and prioritisation NAB board oversight of risk management in relation to failure to escalate problems or ‘red flags’ (continued)

1.6  Aims of Parts 1 and 2

19

Table 1.1 (continued) Key Grouping, Prefix or No. Abbreviation (in alphabetical order) 64. NABRedFlagComplyBr

5.

NABRedFlagCustComplain

66.

NABRedFlagOpRisk

67. 68. 69. 70. 71.

NABRiskMan NEChair NED NEDDiv NFRAccFail

72. 73.

NFRCm NFRMan

74.

NFRWeak

75. 76. 77. 78. 79.

RAS RedAud Remed SecLine Sedg

80. 81.

SMan SManRedFlag

82. 83.

TransTime WBCAllocateInvest

84.

WBCAudFail

85. 86. 87. 88. 89. 90. 91.

WBCBRC WBCBrdCust WBCBrdRep WBCBU WBCComp WBCCultCare WBCCultCollab

Key Grouping or Meaning NAB board oversight of risk management in relation to compliance breach assessment and reporting NAB board oversight of risk management in relation to capture and reporting of customer complaints NAB board oversight of risk management in relation to operational risk management policy NAB risk management and compliance Non-executive chairperson Non-executive directors generally Non-executive directors – diversity APRA’s Improvements for Non-financial Risk Accountabilities Not Being Clear, Cascaded and Enforced APRA’s Non-financial Risk Committee APRA’s Non-Financial Risk Management – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks APRA’s Non-Financial Risk Weaknesses – Failings in Non-Financial Risks Risk appetite statement Red audit reports Remediation of risk 2nd line risk management function Retail Banking Remuneration Review Report of 2017 by Stephen Sedgwick Senior management generally Risk management – failure by senior management to escalate problems or ‘red flags’ Transparency and timing of reporting Westpac financial prioritisation – investment allocation decisions Westpac audit committee and board oversight of risk management – reporting from Group Audit Westpac Board Risk Committee Westpac customer complaint reporting to the Board Westpac reporting to the Board Westpac business units – operation of Line 1 Westpac Compensation/Remuneration Committee Westpac culture – caring culture Westpac culture – collaboration (continued)

20

1  Aims and Approach to Examining the Governance of Banks in the Global Financial…

Table 1.1 (continued) Key Grouping, Prefix or No. Abbreviation (in alphabetical order) 92. WBCCultComplete 93. 94.

WBCCultConcept WBCCultLearn

95. 96.

WBCCultNFR WBCCultNoChall

97. 98.

WBCCultOwn WBCCultPriority

99.

WBCCultRelation

100. WBCCultTopClear 101. WBCCustRedFlag 102. WBCETRISKCO 103. WBCExecTeam 104. WBCFailAllocateInvest

105. WBCFailInvest 106. WBCFinPriority 107. WBCIssueMan 108. WBCNonRem 109. WBCProjectDel 110. WBCRiskMan and WBCSecLine 111. WBCWhistleRedFlag 112. 220BrdRisk 113. 220BusPlan 114. 220HeadRisk 115. 116. 117. 118. 119. 120.

220Pol&Proc 220RAS 220RMF 220RMS 220SecLine 510AudCom

Key Grouping or Meaning Westpac culture – completeness or “maximalism” in approach to work Westpac culture – conceptualising Westpac culture – institutional learning and reflection Westpac culture – non-financial risk Westpac culture – challenge culture/environment failure Westpac culture – personal ownership Westpac culture – prioritising, making decisions and saying “no” Westpac culture – relationships integral to risk matters Westpac culture – vision, values and strategy at top are clear Westpac customer complaints Westpac oversight of Executive Team – oversight of group-wide risk through RISKCO Westpac oversight of Executive Team Westpac financial prioritisation – investment allocation decisions – Enterprise Investment Pool (EIP) Westpac financial prioritisation Westpac financial prioritisation – financial prioritisation over risk Westpac issue and incident management Westpac non-remuneration consequence management Westpac financial prioritisation – project delivery Westpac Risk Management and Compliance – Second Line Risk Management Function Westpac Issues Identified by Whistleblowers APRA Board Oversight of Risk Management APRA Business Plan APRA Head of Group Oversight of Risk Management APRA Policies and Procedures APRA Risk Appetite Statement APRA Risk Management Framework APRA Risk Management Strategy APRA 2nd Line Risk Management Function APRA Audit Committee (continued)

1.6  Aims of Parts 1 and 2

21

Table 1.1 (continued) No. 121. 122. 123. 124. 125. 126. 127. 128. 129.

Key Grouping, Prefix or Abbreviation (in alphabetical order) 510BRC 510Brd 510BrdReview 510Compose 510Head 510Indep 510NED 510RemPol 511BrdRole

130. 511CC 131. 511Defer&Claw 132. 511OtherReq 133. 511RemDesign 134. 511RemFrame 135. 136. 137. 138.

511RemOuts 511SpecRole 520FitProp 520FitPropInfo

139. 140. 141. 142. 143. 144. 145. 146. 147. 148. 149. 150. 151. 152.

520FitPropWhistle 2019ASICBRC 2019ASICInfo 2019ASICRAS 2019ASXAudCom 2019ASXBRC 2019ASXBrd 2019ASXCC 2019ASXCD 2019ASXDiversity 2019ASXNED 2019ASXNomGov 2019ASXRights 2020WBC

153. 2020WBCCultNFR 154. 2020WBCLine1

Key Grouping or Meaning APRA Board Risk Committee APRA Board of an APRA-regulated Institution APRA Review of the Board APRA Board Composition Requirements APRA Head of a Group APRA Independent Director APRA Non-Executive Director APRA Remuneration Policy APRA Role of the Board in the Remuneration Framework APRA Compensation/Remuneration Committee APRA Deferral and Clawback of Variable Remuneration APRA Other Requirements APRA Design of Variable Remuneration APRA Remuneration Framework of APRA-­ regulated Entity APRA Variable Remuneration Outcomes APRA Specified Roles APRA Fit and Proper Persons APRA Fit and Proper Information to be Provided to APRA APRA Fit and Proper Persons Whistleblowing ASIC Board Risk Committee ASIC Information Flows ASIC Risk Appetite Statement ASX Audit Committee ASX Board Risk Committee ASX Board of Directors ASX Compensation/Remuneration Committee ASX Continuous Disclosure ASX Diversity Policy ASX Non-executive Directors ASX Nomination and Governance Committee ASX Rights for Security Holders Westpac Reassessment of the Culture, Governance and Accountability Remediation Plan Westpac Reassessment Culture for Non-Financial Risk Westpac Reassessment Business Units – Operation of Line 1 (continued)

22

1  Aims and Approach to Examining the Governance of Banks in the Global Financial…

Table 1.1 (continued) Key Grouping, Prefix or No. Abbreviation (in alphabetical order) 155. 2020WBCNFR 156. 157. 158. 159.

2020WBCPillar1 2020WBCPillar2 2020WBCPillar3 2020WBCSecLine

Key Grouping or Meaning Westpac Reassessment Oversight of Non-Financial Risk Westpac Reassessment CORE Program Pillar 1 Westpac Reassessment CORE Program Pillar 2 Westpac Reassessment CORE Program Pillar 3 Westpac Reassessment 2nd Line Risk Management Function

components. We review the structure of the Stage 1 Relational Approach Model and – for the construction of the bank-specific governance variables in this Stage 2 Key Code and Advanced Handbook – the construction of the [BrdSkills] (+) and [TransTimeMon] (+) Key/Core governance variables in section 1.1 above. In Chap. 4, we introduce a ‘User Guide’ for the Key Code and Advanced Handbook comprising a plain-English guide to what the Stage 2 Model does and how to use it. This includes, in Sect. 4.2, how we determine the relative importance/ strength of a governance variable. In Sect. 4.3, we review how to use the ‘Bank Combined Coverage and Relational Proximity Table 10.2’ to determine the coverage/rating of a Stage 2 bank-specific variable. This includes: • the indexing and description of the variable, source, abbreviation and ‘Key Grouping’ (Sect. 4.4); • the Stage 1 ‘Key’ or ‘Core’ variable (Sect. 4.5); and • the ‘target’ or ‘hypothesised’ coverage/rating (Sect. 4.6). In Sect. 4.7, we then describe a ‘mapping’ procedure in four (4) steps for the review of an Australian bank’s governance, management, control and reporting structures, mechanisms, processes, protocols and lines of responsibility and bank and risk culture. In Sects. 4.8–4.12, we present some useful ‘rules of thumb’ to keep in mind relating to the use of the Stage 1 Key/Core variables and their target or hypothesised coverages/ratings in the construction or modelling of the Stage 2 bank-specific variables. Chapter 5 concludes Part 1 with our ‘Quick-Reference Guide’. This should be tabbed by the reader for use throughout the Key Code and Advanced Handbook. It defines or explains the main terms which recur regularly in the application of the Model. Part 2 The first aim of Part 2 is to identify the key questions and enquiries which the Stage 2 Key Code and Advanced Handbook will ask in examining the behaviour and failure of bank governance variables in the GFC and beyond to the Australian Banking Royal Commission Inquiry into banking misconduct.

1.6  Aims of Parts 1 and 2

23

Second is to identify in introductory terms the multiple failures in governance variables that Major Bank, Supervisor/Regulator, governmental and market participant reviews and commentator studies identified in relation to banks in the GFC and beyond. The introductory quotation from the OECD explains some of the differences between banks and non-bank firms. So third will be to distinguish the features of banks and financial firms from those of firms generally and the consequences of those distinguishing features. Which features call for a re-examination, alteration or confirmation of some of the existing governance factors and/or governance variables from Stage 1 or call for new governance factors and governance variables? One of the themes of Stage 2 is that – on account of the distinguishing features of banks in Chap. 7 – the specific, more detailed targeting of new governance variables related to risk identification, measurement/assessment, control/management, reporting, remuneration and bank and risk culture add a level of specificity of operation which complements the original Stage 1 Model and specifically applies it to Australian major banks. Thus, one of the existing governance factors – ‘Monitoring & Audit Factor No 5’  – is re-named in Chap. 2 below52 as ‘Risk Management, Monitoring & Audit Factor No 5’ to re-emphasise the risk management aspect of the internal monitoring function as it applies to banks.

52

 See discussion in Sect. 2.4 below of Chap. 2.

Chapter 2

The Theoretical and Operational Parts of the Stage 1 Relational Approach and Model Abstract  In this Chap. 2 of this Stage 2 Key Code and Advanced Handbook the reader/user is introduced to the key components and tables of the Relational Corporate Governance Approach Model for Australian Banks. This comprises an introduction to how the components are combined to predict the relational proximity (relative effect) of ‘governance variables’ on the sustainability of the bank. Next, the reader/user is introduced to the ‘original’ four Key Fields which simulate the ‘real world’ sphere of corporate governance available to the reader in the First Stage of the Relational Corporate Governance Approach Model Project. They are (1) Principal Theories of the Firm; (2) Enron and Hastie Corporate Collapses; (3) Comparative Corporate Governance Codes and (4) Empirical Field Studies of the effectiveness of governance variables in reducing (or increasing) agency costs and enhancing (or reducing) the long-term efficiency and survival/sustainability of the firm/bank measured by firm/bank cost of capital, firm/bank operating performance/ profit, firm/bank value/share price and the likelihood of earnings manipulation. Chapter 2 then moves to describe the principal components of the Model  – ‘the three relational axes of good governance’, the governance variables and the eight ‘governance factors’. The theoretical ‘weighing mechanism’ of the relational approach and its results are comprised of four components – the three relational axes of good governance, the eight governance factors, the two interrelationship schemes and the relational effect path for each governance variable. The three relational axes of good governance are like a set of scales for weighing the objectives (Axis No. 1), behaviours (Axis No. 2) and positional conflict (Axis No. 3) of the insiders and outsiders (See Sect. 2.2 of this Chap. 2). The eight governance factors are the ‘backbone’ of the relational approach and so are critical to the theoretical components and the operational tables. The governance factors represent the most significant recurring and underpinning firm-­specific or firm-level themes or aims of ‘good’ corporate governance represented by the four Stage 1 Key Fields (this Stage 2 adds the fifth Key Field) and thus the 39 original governance variables (Stage 2 has 1699 variables) to which the Fields give rise. The hypothesised or predicted interrelationships between the eight governance factors are set out in the interrelationship schemes. The number of, and manner and direction in which, these factors are affected, switched-on or influenced by the gov© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_2

25

26

2  The Theoretical and Operational Parts of the Stage 1 Relational Approach and Model

ernance variables are depicted in relational effect paths. These paths determine the relative importance or strength  – known as the ‘relational proximity rating’ or ‘rprox’ – of those variables in affecting the shareholder wealth measures. Keywords  Relational approach · Relational model · Conceptual and theoretical components · Three relational axes of good governance · Objectives Axis no 1 · Behaviours Axis no 2 · Positional conflict Axis no 3 · Governance variables · Governance factors Using the Relational Approach or Model in Fig. 2.1 of Stage 1 A walk-through Fig. 2.1 of Stage 11 sets out how the relational approach works from the perspective of the reader/user and sets out how the components are combined to predict the relational proximity (relative effect) of ‘governance variables’ on the sustainability of the bank. Figure 2.1 below (reproducing Fig. 2.1 of Stage 1) depicts how the components and tables which comprise the relational approach are constructed. As can be seen from the Figure, all these components and tables originate from an examination of the ‘original’ four Key Fields on the left-hand side of the diagram introduced in Stage 1. The four Key Fields simulate the ‘real world’ sphere of corporate governance available to the reader in the First Stage of the Relational Corporate Governance Approach Model Project. They are: 1. Principal Theories of the Firm: Application of the principal theories of the firm to the relational approach including corporate social responsibility or CSR interests that affect or influence the stakeholder model; 2. Enron and Hastie Corporate Collapses: National and international corporate collapses with case study ‘autopsies’ of the pre-GFC Enron and post-GFC Hastie corporate collapses; 3. Comparative Corporate Governance Codes: International/cross-border and national comparative corporate governance codes including corporate governance requirements for listed companies in the US (NYSE), UK (FRC) and Australia (ASX); and 4. Empirical Field Studies of the effectiveness of governance variables: Empirical studies of the effectiveness of governance variables in reducing (or  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 1

2  The Theoretical and Operational Parts of the Stage 1 Relational Approach and Model The Four Key Fields

The Eight Governance Factors and the 39 Governance Variables

No. 1: Application of the principal firm theories to the relational approach

No. 2: Case Study ‘Autopsies’ of the Enron and Hastie Corporate Collapses

No. 3: Comparative Corporate Governance Codes including NYSE, FRC and ASX

No. 4: Empirical Studies of the Effectiveness of Governance Variables

Weighing Mechanism to Weigh Governance Factors affected by a Governance Variable

‘Coverage’ and ‘Relational Proximity’ Results

Three Relational Axes of Good Governance (Sections 2.3.1 – 2.3.3):

Relational Proximity Table (Table 3.2)

1. Profit and Value Max vs Assessment, Reporting and Value Preservation

Rating Governance Variables in Order of Relative Importance in Reducing Agency Costs and Enhancing Firm Sustainability

2. Innovation and Risk vs Management, Control and Accountability Eight Governance Factors: No.1: Reporting No. 2: Compliance No. 3: Alignment No. 4: Compensation No. 5 Risk Management, Monitoring & Audit No. 6: Stakeholders No. 7: Decision-making No. 8: Responsibility

3. Internal Stakeholders vs External Stakeholders Coverage Table (Table 3.1)

The 2 Interrelationship Schemes: 39 Governance Variables (Table 2.1)

27

Displays the Identity, Number and Direction of Governance Factors Affected by a Governance Variable

These show the Hypothesised Interrelationships between Governance Factors: Shareholder Primacy Interrelationship Scheme (Figure 2.6) Stakeholder Model Interrelationship Scheme (Figure 2.7)

Relational Effect Path for each Governance Variable

Fig. 2.1  Reproduction of Stage 1 Fig. 2.1 – Using the Relational Corporate Governance Approach (Table References are to Stage 1)

increasing) agency costs and enhancing (or reducing) the long-term efficiency and survival/sustainability of the firm measured by firm cost of capital, firm operating performance/profit, firm value/share price and the likelihood of earnings manipulation.

28

2  The Theoretical and Operational Parts of the Stage 1 Relational Approach and Model

As noted in Stage 1, the articles, working-papers and other works comprising these Key Fields are drawn from the SSRN platform.2 These four Key Fields contain the 39 governance variables which are examined in the relational approach.3 These are the 39 governance and management structures, mechanisms, processes and protocols (called governance variables) which seek to deter or punish management misconduct or which align the interests of the management with those of the outside dispersed shareholders. This Stage 2 introduces the fifth Key Field of the relational approach and Model – Governance of Banks in the GFC and Beyond – which has six Parts in this Key Code and Advanced Handbook. As the relational approach is based on predicting the interrelationships between these 39 governance variables, the aim at this point is to identify what those interrelationships are. These interrelationships are represented by the eight ‘governance factors’ which are the eight firm-specific or firm-level recurring or underpinning aims and themes of firm-level corporate governance. Themes and considerations from each of the four original Key Fields are used in Stage 1 to construct each of the governance factors: Reporting – Transparency, timing and integrity of financial and other reports; Compliance – Corporate governance and legal compliance; Alignment – Alignment of management and shareholder interests; Compensation – Board, CEO and management compensation and incentives; Risk Management, Monitoring & Audit  – Risk management, internal and external/audit monitoring quality; 6. Stakeholders  – Identification, participation and protection of stakeholder interests; 7 . Decision-making  – Quality of board, CEO and management decision-­ making; and 8 . Responsibility  – Delineation and disclosure of powers, duties and lines of responsibility. 1. 2. 3. 4. 5.

These governance factors provide the firm-specific or firm-level factors, themes or considerations which are relevant to any decision to employ individual ‘good’ governance variables. The aim now is to determine – by hypothesis – how these 39 governance variables affect each other. This aim is achieved by proxy. The interrelationships between the 39 governance variables must be the interrelationships between the eight governance factors which underpin those governance variables. To determine the interrelationships between the governance factors, the relational approach uses the ‘weighing mechanism’ of the three relational axes of good governance introduced and constructed in Sect. 2.2 of this Chap. 2. The interrelationships produced

 See http://www.ssrn.com  These governance variables are set out in Sect. 3.4 of Chap. 3 below.

2 3

2.1  The Conceptual/Theoretical Components of the Relational Model and How They…

29

by this weighing are already calculated and presented for the reader – these are the two ‘interrelationship schemes’. The examination of the individual governance factors then moves to the construction of these two interrelationship schemes. These two schemes are diagrams setting out the hypothesised interrelationships between all of the eight firm-specific or firm-level governance factors. There are two schemes – one based on the shareholder primacy model and the other based on the stakeholder model of corporate governance. Next to be determined is how the employment (or omission) of each governance variable affects each other governance variable. The relational approach recognises at this time the pre-eminence of the shareholder primacy model of corporate governance.4 Thus, the ‘Shareholder Primacy Interrelationship Scheme’ diagram is the basis of a relational effect path produced for each governance variable. These paths depict the identity, number and direction of the governance factors affected, ‘switched-on’ or influenced by each of the 39 governance variables. In short, the greater the number of governance factors affected, switched-on or influenced by a governance variable  – in the manner set out in the Shareholder Primacy Interrelationship Scheme  – then the greater is that governance variable’s relative importance/strength compared to other governance variables in reducing (increasing) agency costs and enhancing (reducing) the long-term efficiency and survival or sustainability of the firm. The final step is to present the results of the governance factors affected, switched-on or influenced by each of the 39 governance variables and the direction of that effect in a ‘relational effect path’ for each of the 39 governance variables. This is depicted in the operational table in Sect. 3.4 below – the ‘Revised Stage 1 Combined Coverage and Relational Proximity Table’. Each of the 39 relational effect paths are constructed and summarised in this Table. This Table then presents the ‘relational proximity rating’ of the governance variables  – their relative importance/strength in affecting, switching-on or influencing the governance factors and, thus, the long-term efficiency and survival/sustainability of the bank.

2.1 The Conceptual/Theoretical Components of the Relational Model and How They Are Used in Practice Chapters 1 and 2 of Stage 1 establish the theoretical or conceptual components of the relational approach Model as represented in the above Fig. 2.1 of Stage 1. The conceptual parts are important from a research point of view because they will be examined by other researchers to evaluate the integrity/application of the components and the explanatory power/usefulness of the Model. So Stage 1 spends a  See discussion in Sect. 3.1 of Chap. 3.

4

30

2  The Theoretical and Operational Parts of the Stage 1 Relational Approach and Model

number of chapters on construction of the conceptual components – particularly, Chaps. 1 and 2. If the conceptual components do not have theoretical integrity, the operational parts will be less useful in predicting and enhancing the bank’s longterm sustainability measured by firm cost of capital, firm operating performance/ profit, firm value/share price and the likelihood of earnings management/ manipulation. But the conceptual components are not used from scratch each time by the user to predict the relative importance/strength or relational proximity rating of the governance variables. All the relational proximity ratings are calculated and presented for the user in Table 10.2 below, the Bank Combined Coverage and Relational Proximity Table. All the following components are described in the Stage 1 Model and book. And a discussion of the Model begins with the theoretical components so that users understand the importance of how they work to determine the relative importance/ strength of the governance variables for banks in this Stage 2. Again, these components provide the foundations or scaffolding/framework of the Model and are not used by the user to calculate the relational proximity ratings of the 1749 bank-­ specific governance variables. How to determine these relative importance/strength ratings – already calculated for the user – is explained in the ‘User Guide’ in Chap. 4 and the ‘Quick-Reference Guide’ in Chap. 5. The theoretical ‘weighing mechanism’ of the relational approach and its results are comprised of four components – the three relational axes of good governance, the eight governance factors, the two interrelationship schemes and the relational effect path for each governance variable. The three relational axes of good governance are like a set of scales for weighing the objectives (Axis No. 1), behaviours (Axis No. 2) and positional conflict (Axis No. 3) of the insiders and outsiders.5 The eight governance factors are the ‘backbone’ of the relational approach and so are critical to the theoretical components and the operational tables. The governance factors represent the most significant recurring and underpinning firm-­specific or firm-level themes or aims of ‘good’ corporate governance represented by the four Stage 1 Key Fields (this Stage 2 adds the fifth Key Field) and thus the 39 original governance variables (Stage 2 has 1699 variables) to which the Fields give rise. The hypothesised or predicted interrelationships between the eight governance factors are set out in the interrelationship schemes. The number of, and manner and direction in which, these factors are affected, switched-on or influenced by the governance variables are depicted in relational effect paths. These paths determine the relative importance or strength  – known as the ‘relational proximity rating’ or ‘rprox’ – of those variables in affecting the shareholder wealth measures. This Chap. 2 now turns to examine in detail the theoretical components.

 See Sect. 2.2 of this Chap. 2.

5

2.2  The ‘Three Relational Axes of Good Governance’

31

2.2 The ‘Three Relational Axes of Good Governance’ This is the definition of the theoretical weighing mechanism in sections 2.3.1–2.3.3 of Stage 1. The definition of relational corporate governance seeks to balance the competing aims, behaviours and interests of insiders such as the directors, CEO and management with traditional outsiders such as shareholders and other wider stakeholders6: 1. Objectives Axis On one axis, the freedom of a company’s management to pursue (profit-­ maximising) objectives (value enhancement) at one end is balanced against the interests of the shareholders (owners) in monitoring management’s performance (performance assessment and reporting) and seeing that a company’s resources are not dissipated (value preservation). 2. Behaviours Axis On another axis, ‘entrepreneurism’ and ‘innovation’ (risk-taking) are balanced against risk management, ‘control’ and ‘accountability’ (responsibility). 3. Positional Conflict Axis Lastly, the interests of those ‘within’ the company such as the board, CEO and executives/management (internal stakeholders) are balanced against the interests of those ‘outside’ the company such as shareholders/investors, employees, lenders, suppliers, government legislators and regulators and social interests including the environment and the general public (external stakeholders). Objectives Axis No. 1 and Behaviours Axis No. 2 Diagrammatically, as shown in Fig. 2.2 below, Relational Axes Nos. 1 and 2 operate on the same plane of three-dimensional space. While there is clearly some overlap between these Axes, they are not identical. On the one hand, Objectives Axis No. 1 is cast in terms of functional objectives – for example, profit maximisation, value enhancement and value preservation. On the other hand, Behaviours Axis No. 2 denotes functional behaviours such as innovation, risk-taking, risk management and control. Axes 1(a) and 2(a) represent the aim/objective and behavioural drivers of firm profitability and value and, therefore, long-term efficiency and sustainability. By contrast – and this is not meant in a negative sense – Axes 1(b) and 2(b) represent the checks and balances which are equally necessary to attain or enhance these efficiency and sustainability outcomes. Positional Conflict Axis No. 3 The third Axis is quite different. It is known as the ‘Positional Conflict Axis No. 3’. It is not concerned with functions or activities. Instead, it represents the positional conflict between different stakeholders – insiders and outsiders – and, in addition, between the insiders and outsiders inter se. Thus, again represented  Stage 1, above n 1, pp 28–31.

6

32

2  The Theoretical and Operational Parts of the Stage 1 Relational Approach and Model

Positional Conflict Axis No. 3 3(a). Internal Stakeholders – Board, CEO and Management

3(b). External Stakeholders – Shareholders, Employees, Lenders, Suppliers, Government Legislators and Regulators and Social Interests (incl. the Environment and the General Public)

Objectives Axis No. 1 1(a). Profit Maximisation and Value Enhancement.

Behaviours Axis No. 2 2(a). Entrepreneurism, Innovation and Risk-Taking

1(b). Performance Assessment and Reporting and Value Preservation

2(b). Risk Management, Control, Accountability and Responsibility

Fig. 2.2  Reproduction of Fig. 2.3 of Stage 1 – The Three Relational Axes of Good Governance

three-­dimensionally, this Axis ‘hovers’ above Axes Nos. 1 and 2 for the purpose of demarcating or delineating the parties or interests to be protected by those Axes. The three relational axes are represented diagrammatically in Fig. 2.3 of Stage 1 and Fig. 2.2 above. On a practical level, the definition is not used in the operational parts described below. It is a way of explaining that corporate governance requires a balancing of different objectives (Axis 1), behaviours (Axis 2) and interests (Axis 3 – insiders v outsiders). Thus, it is like a set of scales – but only conceptually. It is not used from scratch each time by the user to determine the relative importance/strength of the governance variables. Again, how to determine these relative importance/strength ratings – already calculated for the user – is explained in the concluding User Guide in Chap. 4 and the Quick-Reference Guide in Chap. 5.

2.3 Governance Variables (Also Part of the Operation of the Stage 1 Model Below) In the relational approach and Model, these are the governance and management structures (eg., independent directors, audit committee, equity and option plans, etc.), mechanisms, processes and protocols which essentially perform three functions  – they (1) punish or (2) deter directors, the CEO and management from

2.4  Governance Factors

33

engaging in value-reducing behaviours or, alternatively, they (3) align the interests of the board, CEO and management with the (traditionally) outside shareholders. The Stage 1 relational approach introduces, defines and explains thirty-nine (39) of these mechanisms including how they affect, switch-on or influence the firm’s eight ‘governance factors’ (next). The governance variables are summarised in Table 2.1 of Stage 1 – Summary of governance variables.7 Table 3.1 of Stage 1 – Coverage Table: Hypothesised significant coverage effect and direction of interrelationship between governance variables and governance factors – sets out the results for the ‘coverage’ of the Stage 1 governance variables.8 These results are reproduced below in Sect. 3.4 of Chap. 3. The entire field – the existing thirty-nine governance variables from Stage 1 and the new bank-specific governance variables from Stage 2 – are set out with their description, section reference and target or hypothesised coverage/rating in Table 10.2 of Chap. 10 of this Stage 2 Key Code and Advanced Handbook in the Bank Combined Coverage and Relational Proximity Table.

2.4 Governance Factors The Eight Governance Factors These are the eight (8) underpinning or recurring themes or aims of ‘good’ corporate governance in the Stage 1 relational approach and Model. By this, the relational approach means that these are the eight aims or objectives (direct and indirect) of corporate governance that the Model – in both Stage 1 and Stage 2 – sets out to achieve: No. 1 Reporting  – Transparency, Timing and Integrity of Financial and Other Reports; No. 2 Compliance – Corporate Governance and Legal Compliance; No. 3 Alignment – Alignment of Management and Shareholder Interests; No. 4 Compensation – Board, CEO and Management Compensation and Incentives; No. 5 Risk Management, Monitoring & Audit – Risk Management and Internal and External/Audit Monitoring Quality; No. 6 Stakeholders  – Identification, Participation and Protection of Stakeholder Interests; No. 7 Decision-making  – Quality of Board, CEO and Management Decision-­ making and No. 8 Responsibility – Delineation and Disclosure of Powers, Duties and Lines of Responsibility.9  Stage 1, above n 1, Table 2.1, Summary of governance variables, pp 32–34.  Ibid, Table 3.1, Coverage Table: Hypothesised significant coverage effect and direction of interrelationship between governance variables and governance factors, pp 69–70. 9  The governance factors are constructed in Stage 1, above n 1, sections 2.6.1–2.6.8, pp 36–62. 7 8

34

2  The Theoretical and Operational Parts of the Stage 1 Relational Approach and Model

As noted above, a governance factor is a firm-specific or firm-level underlying and recurring theme or aim of ‘good’ corporate governance derived from within the four Key Fields. In other words, it is, in itself, an object, purpose or end of firm-specific or firm-level ‘good governance’. It may also be considered to be an intermediate step or combination of steps to achieve such an object, purpose or end or to avoid harming good governance outcomes. For example, improving the quality of board, CEO and management decision-­ making (Decision-making Factor No. 7) is clearly an object, purpose or end of firmspecific or firm-level good governance. That end is also assisted by improving the transparency, timing and integrity of financial and other reports (Reporting Factor No. 1) and the delineation and disclosure of powers, duties and lines of responsibility (Responsibility Factor No. 8). Similarly, alignment of management and shareholder interests (Alignment Factor No. 3) is another end of firm-specific or firm-level good governance. It can be achieved, in one way, by the design of board, CEO and management compensation and incentives (Compensation Factor No. 4). Re-naming of Risk Management, Monitoring & Audit Factor No 5: Risk Management and Internal and External/Audit Monitoring Quality This Stage 2 asks which features call for a re-examination, alteration or confirmation of some of the existing governance factors and/or governance variables from Stage 1 or call for new governance factors and governance variables? Section 2.6.5 of Stage 1 had already included risk assessment, reporting and management procedures and financial and other internal controls within the then-­ named Monitoring & Audit Factor No 5: Internal and external audit monitoring quality is a wide concept in the relational approach. As its terms indicate, it includes, on the one hand, notions of internal audit and, on the other hand, third-party ‘independent’ audit. But Monitoring & Audit Factor No 5 is not limited to internal and external audit. Its terms deliberately extend to consider matters including financial and other internal controls, risk assessment, reporting and management procedures, governance and ethical codes of conduct or guidelines (as control devices). Critically, Monitoring & Audit Factor No 5 extends to the nature, operation and quality (strength) of the board and management’s inquiry, supervisory and monitoring duties. And this in turn extends to all aspects of the firm’s financial, operational and governance activities and obligations. Monitoring & Audit Factor No 5 is a significant theme emerging from all four Key Fields as set out in Table 2.4.10

Looking ahead in Part 4 of Stage 2, a significant number of bank-specific governance variables are identified in relation to variable performance-based equity, option and bonus compensation of executives and ‘high end’ employees which are linked to risk. These include variables which, on the one hand, are designed to align the risk-taking of management with the risk preferences of shareholders or, on the other hand, give rise to a level of risk-taking beyond the bank’s risk appetite and thus increase the likelihood of bank losses and/or failure.

10

 See discussion in Sect. 2.6.5 of Stage 1, ibid. (emphasis added).

2.4  Governance Factors

35

Also looking ahead to Part 6 of this Stage 2, the relational approach will examine in detail the governance of risk during the GFC and beyond as part of the Governance of Banks in the GFC and Beyond Key Field No 5 (Part 6). As a real-world example from the GFC, the OECD Key Findings 2009, examined in Part 6, considered the financial crisis to be a “widespread failure of risk management” with: • some boards ignorant of the risks facing the company; • financial firms needing to devote greater management time due to the volatility of risk, maturity transformation (borrowing short and lending long) and systemic risk; • risk needing a whole of enterprise approach rather than individual business units; • greater need for board review to align corporate strategy, risk appetite and the internal risk management structure; • need for risk management and control to be separate from profit centres; • the need for the Chief Risk Officer (CRO) to report directly to the board; • need for material risk factors to be disclosed in a “transparent and understandable fashion” and ranked in order of importance; and • risk management not being sufficiently covered by existing governance codes of the time.11 The EC Green Paper 2010 summarized the main failings with respect to risk management: • a lack of understanding of the risks on the part of those involved in the risk management chain and insufficient training for those employees responsible for distributing risk products; • a lack of authority on the part of the risk management function. Financial institutions have not always granted their risk management function sufficient powers and authority to be able to curb the activities of risk-takers and traders; • lack of expertise or insufficiently wide-ranging experience in risk management. Too often, the expertise considered necessary for the risk management function was limited to those categories of risk considered priorities and did not cover the entire range of risks to be monitored; [and] • a lack of real-time information on risks. To allow those involved to react quickly to changes in risk exposures, clear and correct information on risk should be available rapidly at all relevant levels of the financial institution.12

Thus, to better represent risk identification, measurement/assessment, control/ management and reporting – demonstrated as critical failures during the GFC and beyond in Part 6 – Governance Factor No 5 will be re-named “Risk Management,  OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis: Key Findings and Main Messages, June 2009, approved for publication 29 May 2009, accessed 12 April 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/43056196. pdf, (‘OECD Key Findings 2009’), Effective implementation of risk management, pp 8–9. 12  European Commission, Green Paper, Corporate Governance in Financial Institutions and Remuneration Policies, COM(2010) 284 final, Brussels, 2 June 2010, accessed 23 March 2017 at http://www.ecgi.org/commission/documents/green_paper_com2010_284_en.pdf (‘EC Green Paper 2010’), Sect. 3.4, p 7 (footnote omitted). 11

36

2  The Theoretical and Operational Parts of the Stage 1 Relational Approach and Model

Monitoring & Audit Factor No 5: Risk Management and Internal and External/ Audit Monitoring Quality”. This more closely targets the distinguishing features of banks and financial firms examined in Chap. 7 below and explains the relational effect paths of the bank-specific governance variables introduced in Table 10.2 of Chap. 10 below.

Chapter 3

Determining the Effects of Governance Variables in the Relational Approach

Abstract  In this Chap. 3 of this Stage 2 the reader/user is introduced to determining the effects of ‘governance variables’ in the Relational Corporate Governance Approach Model for Australian Banks. The conceptual result of mixing or combining the components in Chap. 2 is that eight ‘governance factors’ are ‘weighed’ in the conceptual ‘scales’ of the ‘three relational axes of good governance’ to obtain or derive the hypothesised or predicted interrelationships between the original thirty-­ nine governance variables. This is achieved using an additional key component – a diagram called the ‘Shareholder-Primacy Interrelationship Scheme’. Thus, the Interrelationship Scheme gives the relational approach its name of relational corporate governance  – each of the thirty-nine governance variables affect each other according to the hypothesised or predicted interrelationships set out in this diagram below. The Shareholder-Primacy Interrelationship Scheme is used to build an hypothesised or predicted ‘relational effect path’ for each governance variable. The Key Code sets out each hypothesised or predicted relational effect path of each governance variable identifying the governance factor affected and the direction of the effect culminating in two operational tables, the ‘Coverage Table’ and the ‘Relational Proximity Table’. The hypothesised or predicted relational proximity rating of each governance variable is akin to the ‘Richter scale’ for earthquakes. Relational proximity does not give the user a dollar value of the effect of the governance variables on each other and the firm’s/bank’s value/share price, operating performance/profit or likelihood of earnings manipulation. Instead, it gives the user a relative measure out of 100 of the importance/strength of the governance variable in affecting those measures. Keywords  Shareholder-primacy interrelationship scheme · Firm value/share Price · Firm operating performance/profit · Relational effect path · The revised Stage 1 combined coverage and relational proximity table · Spine of relational effect paths · Board skills mix variable · Transparency and timing of reporting · Monitoring effect variable

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_3

37

38

3  Determining the Effects of Governance Variables in the Relational Approach

It will be recalled that one concept of the relational approach and Model which is used to explain the governance variables is a hypothesis that these governance variables affect each other and other governance and management structures in the company or bank. So how are those effects determined? The answer is that the thirty-nine Stage 11 governance variables are extracted from the literature, case studies, governance codes and empirical studies comprising the four original ‘Key Fields’ introduced above: (1) the application of the theoretical models of the firm to the relational approach; (2) Enron and Hastie corporate collapse literature; (3) international and national governance codes of the US, UK and Australia and (4) empirical/field studies actually undertaken by other commentators and researchers in examining the effectiveness or ability of the governance variables in reducing agency costs, enhancing firm value/share price and operating performance/profit and reducing the likelihood of earnings management/misstatement. The assumption or hypothesis is that, as the thirty-nine governance variables are drawn from the four original Key Fields, the relationships between the Key Fields must be the same as the relationships between the thirty-nine variables. Hence, a significant portion of Chapter 2 of Stage 1 is used to justify that the eight governance factors are the recurring themes, tensions and interrelationships over and between the Key Fields and therefore the thirty-nine governance variables. Thus, sections 2.6.1–2.6.8 of Stage 1 examine in detail the identification, construction and articulation of the eight governance factors by explaining how they are recurring themes or tensions in one or more of the original Key Fields.2

3.1 Shareholder-Primacy Interrelationship Scheme Thus, the conceptual result of mixing or combining the components in Sects. 2.1– 2.4 of Chap. 2 above is that the eight governance factors are ‘weighed’ in the conceptual ‘scales’ of the three relational axes to obtain or derive the hypothesised or predicted interrelationships between the thirty-nine governance variables. Again, the user does not need to undertake this hypothesised or predicted ‘weighing’ exercise – the Stage 1 Model has already done this for the user in a diagram called the ‘Shareholder-Primacy Interrelationship Scheme’ in Fig. 2.6 of Stage 1.3 Thus, the Interrelationship Scheme gives the relational approach its name of relational

 Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 2  Stage 1, ibid., Sects. 2.6.1–2.6.8, pp 36–62. 3  Ibid, Fig. 2.6, p 63. 1

3.1  Shareholder-Primacy Interrelationship Scheme

39

corporate governance  – each of the thirty-nine governance variables affect each other according to the hypothesised or predicted interrelationships set out in this diagram below. This is the reason that Stage 1 uses such an extensive conceptual space/effort building the framework of the Stage 1 Model. It is critical to the integrity of the components to achieve the end result – to determine the hypothesised or predicted relative importance/strength of the governance variables in enhancing (reducing) the long-term efficiency and survival/sustainability of the firm or, in the case of Stage 2, the bank. The Shareholder Primacy Interrelationship Scheme in Fig.  2.6 of Stage 1 is reproduced in Fig. 3.1 below. The Direction of the ‘Effect’ in the Interrelationship Schemes An arrow connecting two (or more) governance factors in Fig. 3.1 of this Chap. 3 above depicts an hypothesised interrelationship between the relevant firm-specific or firm-level governance factors. In practical terms, this represents a hypothesis that one governance factor affects, switches-on or influences another governance factor in the direction of the arrow. A ‘two-way’ arrow hypothesises that the relevant governance factors affect each other. Again, such an interrelationship is described as reflexive. Now, to determine the hypothesised or predicted relative importance/strength or effect (called ‘relational proximity rating’ or ‘rprox’) of each governance variable in affecting firm value or share price, firm operating performance/profit and the likelihood of earnings manipulation or management – proxies for firm long-term efficiency and thus survival or sustainability – the user enters the operational or practical part of the Stage 1 Model which is considered next. Compliance Factor No. 2: Corporate Governance and Legal Compliance

Alignment Factor No. 3: Alignment of Management and Shareholder Interests

Stakeholders Factor No.6: Identification, Participation and Protection of Stakeholder Interests

Reporting Factor No. 1: Transparency, Timing and Integrity of Financial and Other Reports

Risk Management, Monitoring & Audit Factor No. 5: Risk Management and Internal and External/Audit Monitoring Quality

Compensation Factor No. 4: Board, CEO and Management Compensation and Incentives

Responsibility Factor No. 8: Delineation and Disclosure of Powers, Duties and Lines of Responsibility

Decision-making Factor No. 7: Quality of Board, CEO and Management Decision-making

Fig. 3.1  Reproduction of Stage 1 Fig. 2.6: Shareholder Primacy Interrelationship Scheme

40

3  Determining the Effects of Governance Variables in the Relational Approach

3.2 Operational or Practical Use of the Stage 1 Model – How to Determine/Predict the Effect of the Governance Variables in Affecting Firm Value/Share Price and Operating Performance/Profit Chapter 3 of the Stage 1 Model demonstrates how the user determines the hypothesised or predicted (relative) relational proximity rating of each governance variable. Again, the user is not required to do this – it is done by. Chapter 3 of Stage 1 culminating in two tables – the Coverage Table and the Relational Proximity Table.

3.3 ‘Relational Effect Path’ of Each Governance Variable This hypothesised or predicted pathway or configuration displays the identity, number and direction of each of the eight governance factors affected, switched-on or influenced by each governance variable and, therefore, the effect of the governance variables on each other. For each governance variable, the Shareholder-Primacy Interrelationship Scheme in Fig. 3.1 above is combined with the extensive research on each governance variable itself in Chaps. 7–10 of Stage 1 to build an hypothesised or predicted relational effect path for each governance variable. Again, the user is not required to undertake this process – the Stage 1 Model sets out each hypothesised or predicted relational effect path of each governance variable identifying the governance factor affected and the direction of the effect. This is set out in Sects. 3.1–3.3 of Stage 1 culminating in two operational tables. Again, these tables are already prepared for the user.

3.4 The Coverage Table (Table 3.1 in the Stage 1 Model) The Stage 1 Coverage Table This Table lists all thirty-nine Stage 1 governance variables and summarises the hypothetical or predicted relational effect path of each variable. The Table demonstrates to the user the section in Chaps. 7–10 of the Stage 1 Model that the governance variable’s behaviour is analysed and its relational effect path set out. Dots (‘•’) appear under each governance factor in the columns 1–8 at the top of the Coverage Table. Thus, if 7 out of 8 governance factors are affected by a governance variable, the ‘coverage’ will be 7 and a direction is shown as negative (−), positive (+) or dual directional (+/−). Thus, again, all the hypothesised or predicted interrelationships between the governance variables and therefore the relational effect paths and the ‘coverage’ (or zone, range or area of operation or effect) of

3.4  The Coverage Table (Table 3.1 in the Stage 1 Model)

41

Table 3.1  Revision of Tables 3.1 and 3.2 of Stage 1  – Combined Coverage and Relational Proximity Table – Hypothesised Significant Coverage Effect, Relational Proximity and Direction of Interrelationship between Governance Variables and Governance Factors Governance Factor (Sections 2.6.1–2.6.8 of Stage 1)

Governance Variable No. (Table 2.1 of Stage 1) 1. AudAccEarn Audit committee – Accounting expertise – Earnings manipulation reduction effect 2. AudCom Audit committee – presence, operation and frequency 3. AudExpAcc Audit committee – financial expertise (accounting) 4. AudFree Audit committee – nonaccounting expertise – ‘free rider’ effect 5. AudIndFreq Audit committee – Independence in combination with frequency of meeting – Reduction in earnings manipulation effect 6. AudIndInfo Audit committee – Independence – information flow and decision quality ‘Trade-off’ 7. AudIndMon Audit committee – Independence – Monitoring effect 8. AudShortOpts Audit committee – Short term options granted to outside directors – Reduction in monitoring effect 9. BlockCosts Block shareholding – Other shareholder agency costs

Direct-­ ion of Effect (+) (+/−) (−) +

1 ●

2 3 4 5 6 ● ● ● ●

7 8 ●

Total Governance Variable Coverage and Relational Proximity Rating (rprox) +6/75.00

+

●

● ● ● ●

●

+6/75.00

+

●

● ● ● ●

●

+6/75.00

−

●

● ● ● ●

●

−6/75.00

+

●

−

●

+

●

● ● ● ● ● ● +7/87.50

−

●

● ● ● ● ● ● −7/87.50

−

●

● ● ● ● ●

● ● ● ● ● ● +7/87.50

●

● ● −4/50.00

−6/75.00

(continued)

42

3  Determining the Effects of Governance Variables in the Relational Approach

Table 3.1 (continued) Governance Factor (Sections 2.6.1–2.6.8 of Stage 1)

Governance Variable No. (Table 2.1 of Stage 1) 10. BlockMon Block shareholding – Monitoring effect 11. BrdAttend Board – Attendance level (high) 12. BrdCmEarn Board and committee (non-audit) size – Earnings manipulation effect 13. BrdCmSize Board and committee size 14. BrdIndInfo Board independent director: Executive director proportion – Information flow and decision quality ‘trade-off’ 15. BrdIndMon Board independent director: Executive director proportion – Monitoring effect 16. BrdReview Board – Annual review 17. BrdSkills Board – Director skills ‘mix’ 18. CompCom Compensation committee – presence, operation and frequency 19. DirCEO$ Director/CEO compensation levels 20. DualDismiss Duality of CEO/chair positions – CEO dismissal probability

Total Governance Variable Coverage and Relational Proximity Rating (rprox) +6/75.00

Direct-­ ion of Effect (+) (+/−) (−) +

1 ●

+

●

+/−

●

● ● ● ●

●

+/−6/75.00

+/−

●

● ● ● ●

●

+/−6/75.00

−

●

●

+

●

● ● ● ● ● ● +7/87.50

+

●

● ● ● ● ● ● +7/87.50

+

●

● ● ● ● ● ● +7/87.50

+/−

●

● ● ● ● ● ● +/−7/87.50

+/−

●

● ● ● ● ● ● +/−7/87.50

−

●

● ● ● ● ● ● −7/87.50

2

3 4 5 6 7 8 ● ● ● ● ●

● ● ● ● ● ● +7/87.50

● ● −4/50.00

(continued)

43

3.4  The Coverage Table (Table 3.1 in the Stage 1 Model) Table 3.1 (continued) Governance Factor (Sections 2.6.1–2.6.8 of Stage 1)

Governance Variable No. (Table 2.1 of Stage 1) 21. DualEarn Duality of CEO/chair positions – Probability of earnings manipulation 22. DualStrat Duality of CEO/chair positions – Effect on strategic decision-making 23. DualTrade Duality of CEO/chair positions – Monitoring and decision-quality ‘trade-off’ 24. EqOptIncent Equity/option plans and Holdings of Directors/ executives – Incentive/ ‘alignment’ effect (excludes short-term options) 25. EqOptEntrch Equity/option plans and Holdings of Directors/ executives – ‘Entrenchment’ effect (excludes short-term options) 26. ExtAudEarn External/independent audit function 27. NationGov National Governance/ Shareholder protection regime 28. NomCom Nominating committee – presence, operation and frequency 29. NomInd Nominating committee – Independence proportion

Total Governance Variable Coverage and Relational Proximity Rating 3 4 5 6 7 8 (rprox) ● ● ● ● ● ● −7/87.50

Direct-­ ion of Effect (+) (+/−) (−) −

1 ●

−

●

+/−

●

● ● ● ● ● ● +/−7/87.50

+

●

● ● ● ● ● ● +7/87.50

−

●

● ● ● ● ● ● −7/87.50

+

●

● ● ● ● ● ● +7/87.50

+

●

+/−

●

● ● ● ● ● ● +/−7/87.50

+

●

● ● ● ● ● ● +7/87.50

2

●

● ● −4/50.00

● ● ● ● ● ● ● +8/100.00

(continued)

44

3  Determining the Effects of Governance Variables in the Relational Approach

Table 3.1 (continued) Governance Factor (Sections 2.6.1–2.6.8 of Stage 1)

Governance Variable No. (Table 2.1 of Stage 1) 30. NonAuditS Non-audit Services of External Auditor 31. OtherATMs Other anti-takeover mechanisms (excludes staggered board elections) 32. OutBrdPos Outside board positions of independent directors 33. OutBrdAdv Outside/external board advisers 34. ReputDiscl Reputational constraints – ‘Disclosure standards’ 35. ReputRep Reputational constraints – ‘Transparent reporting’ 36. StagBrdElect Staggered board elections 37. ShortTOpts Short-term option holdings/ plans of directors and executives 38. TransTimeMon Transparency and timing of reporting – Monitoring effect 39. TransTimeRedn Transparency and timing of reporting – Information flow reduction effect

Total Governance Variable Coverage and Relational Proximity Rating 3 4 5 6 7 8 (rprox) ● ● ● ● ● ● −7/87.50

Direct-­ ion of Effect (+) (+/−) (−) −

1 ●

2

−

●

● ● ● ● ● ● ● −8/100.00

−

●

● ● ● ● ●

+

●

● ● ● ● ● ● +7/87.50

+

●

● ● ● ● ● ● ● +8/100.00

+

●

● ● ● ● ● ● ● +8/100.00

−

●

● ● ● ● ● ● ● −8/100.00

−

●

+

●

−

●

−6/75.00

● ● ● ● ● ● −7/87.50

● ● ● ● ● ● ● +8/100.00 ●

● ● −4/50.00

governance factors covered by each governance variable is already determined for the user. The Revised Stage 1 Combined Coverage and Relational Proximity Table Table 3.1 of Stage 1 is reproduced above in Table 3.1 with the addition of the description of the governance variable and the relational proximity rating (rprox) calculation from Table 3.2 of Stage 1.

3.6  The ‘Spine’ of Relational Effect Paths and the Comparator Variable: [BrdSkills]…

45

3.5 The Relational Proximity Table (Table 3.2 in the Stage 1 Model) This is the conclusion or climax of the Stage 1 relational approach and Model which, again, is already determined for the user. This Table sets out each original governance variable and its total hypothesised or predicted ‘coverage’ (again, the number of governance factors affected, switched­on or influenced by that governance variable from Table  3.1 of Stage 1 and the direction +, − or +/−). The governance variables are set out or grouped in descending order of the same coverage. The ‘relational proximity rating’ or ‘rprox’ of each governance variable is a simple calculation like percentages – so a coverage of 4 out of 8 is 50.00 rprox. A coverage of 6 out of 8 is 75.00 rprox. A coverage of 7 out of 8 factors is 87.50 rprox. The calculation is (total hypothesised or predicted coverage) divided by (total number of governance factors = 8) x 100. Thus, a coverage of +7 gives rise to a relational proximity of (+7 divided by 8) x 100 = + 87.50 rprox. Thus, the hypothesised or predicted relational proximity rating of each governance variable is akin to the ‘Richter scale’ for earthquakes. Relational proximity does not give the user a dollar value of the effect of the governance variables on each other and the firm’s value/share price, operating performance/profit or likelihood of earnings manipulation. Instead, it gives the user a relative measure out of 100 of the importance/strength of the governance variable in affecting those measures. Most of the thirty-nine governance variables have high coverages/relational proximities of +/−6/75.00 rprox to +/−8/100.00 rprox because they are some of the most commonly researched and written-about governance variables. Thus, high relational proximities are expected.

3.6 The ‘Spine’ of Relational Effect Paths and the Comparator Variable: [BrdSkills] (+)  – Board – Skills ‘Mix’ To determine the relational effect paths of many bank-specific governance variables in the Bank Combined Coverage and Relational Proximity Table in Table 10.2 of Chap. 10, it is apt to review the construction of the ‘spine’ of all relational effect paths and the governance variable used to explain this path, [BrdSkills] (+)  – Board – Skills ‘Mix’ in section 7.3.1.2.1 of Stage 1 which is essentially restated here. As noted in Sect. 1.1 of Chap. 1 above, this is one of the Key/Core variables of the relational approach upon which many bank-specific governance variables are based or modelled. The studies in section 7.3.1.2 of Stage 1 highlight the importance within the ‘grouped’/‘multiple’ variables of the skills ‘mix’ of the board. Thus, the

46

3  Determining the Effects of Governance Variables in the Relational Approach

GF 1

GF 5

GF 8

GF 7

Fig. 3.2  Reproduction of Fig. 7.1 of Stage 1 – Relational effect path spine

interrelationships depicted in the relational effect path for this governance variable are used as the model or spine for many governance variables. The grouped variable or multi-variable studies in section 7.3.1.2 of Stage 1 seek to link, most directly, this skills mix with both enhancement of the risk management and monitoring function (Risk Management, Monitoring & Audit Factor No 54) and the quality of decision-making (Decision-making Factor No 7).5 As the relational approach has demonstrated6 the interrelationship between these governance factors is a close one in which the two themes inform and shape each other in a continuous cycle. Indeed, Risk Management, Monitoring & Audit Factor No 5 and Decision-­ making Factor No 7 are part of the following configuration of governance factors which forms the ‘spine’ of the relational effect paths of a large number of governance variables (Fig. 3.2 above). This spine of the relational effect paths is, like all relational effect paths, derived from the Shareholder Primacy Interrelationship Scheme in Fig. 2.6 of Stage 17 and Fig. 3.1 above (albeit depicted in a simplified manner for explanatory purposes). Now, from that Interrelationship Scheme, Reporting Factor No 18 and Responsibility Factor No 89 are the additional factors in the spine. The maintenance and enhancement of Reporting Factor No 1 is dependent on the effectiveness of all the components of Risk Management, Monitoring & Audit Factor No 5. Responsibility Factor No 8 is critical to the operation of many other governance factors, in particular Decision-making Factor No 7 and Risk Management, Monitoring & Audit Factor No 5.10 As the relational approach shows in the following section, this spinal configuration of interrelationships between governance factors Nos 1, 5, 8 and 7 is the foundation of the [BrdSkills] (+) variable. Thus, this governance variable will be used as a foundation-block in the construction and analysis of many other bank-specific governance variables.

 See discussion in Sect. 2.6.5 of Stage 1, above n 1, pp 47–51.  See discussion in Sect. 2.6.7 of Stage 1, above n 1, pp 51–58. 6  See Fig. 2.6 and the discussion in Sect. 2.7.2 of Stage 1, above n 1, pp 62–65. 7  See Fig. 2.6 and Sect. 2.7.2 of Stage 1, above n 1, pp 62–65. 8  See discussion in Sect. 2.6.1 of Stage 1, above n 1, pp 54–59. 9  See discussion in Sect. 2.6.8 of Stage 1, above n 1, pp 36–41. 10  Ibid. 4 5

3.6  The ‘Spine’ of Relational Effect Paths and the Comparator Variable: [BrdSkills…

GF 1

GF 5

GF 8

47

GF 7

GF 3 GF 6 GF 4

Fig. 3.3  Reproduction of Fig. 7.2 of Stage 1 – [BrdSkills] (+) variable relational effect path

Board Skills Mix Variable: [BrdSkills] (+) Variable Relational Effect Path Thus, the [BrdSkills] (+) variable’s relational effect path is positive (+) and begins with Risk Management, Monitoring & Audit Factor No 5 and the Decision-making Factor No 7. As noted above, each of these governance factors has a reflexive relationship with the other as described in section 2.6.7 of Stage 111 and the shareholder primacy interrelationship scheme in Fig. 2.6 of Stage 112 and Fig. 3.1 above. The factors are depicted in the following reproduction of Fig.  7.2 of Stage 1 (Fig. 3.3 above). In the Shareholder Primacy Interrelationship Scheme in Fig. 2.6 of Stage 1, there is a reflexive relationship between Risk Management, Monitoring & Audit Factor No 5 and Reporting Factor No 1 as described in section 2.6.5 of Stage 1.13 The effect of Decision-making Factor No 7 is hypothesised to be both significant and extensive. It extends to all other governance factors except the overriding nature of Compliance Factor No 214 (as shown in Compliance Factor No 2 Interrelationships in Fig. 2.4 and section 2.6.2 of Stage 1). Compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of ‘hard’, ‘soft’ or ‘hybrid’ laws – is hypothesised not to be affected by the skills mix of the board. Compliance Factor No 2 remains constant and cannot be modified by the decision-making or actions of the directors. Decision-making Factor No 7’s zone of effect reflexively affects Alignment Factor No 3, Compensation Factor No 4 and Responsibility Factor No 8. Decision-making Factor No 7 also directly affects in a single direction Stakeholders Factor No 6. What is the effect of this within the bank or financial institution? The example in section 7.3.1.2.1 of Stage 1 would be a bank which has devoted resources to the risk management, internal monitoring, internal audit and external audit functions (Risk Management, Monitoring & Audit Factor No 5). The diagram shows that such a bank is more likely to have more timely reports with higher information quality,  See discussion in Sect. 2.6.7 of Stage 1, above n 1, pp 51–58.  See Fig. 2.6 and the discussion in Sect. 2.7.2 of Stage 1, above n 1, pp 62–65. 13  See discussion in Sect. 2.6.5 of Stage 1, above n 1, pp 47–51. 14  See discussion in Sect. 2.6.2 of Stage 1, above n 1, pp 41–43. 11 12

48

3  Determining the Effects of Governance Variables in the Relational Approach

transparency and integrity (Reporting Factor No 1). Such reporting will thus increase the quality of external or market monitoring of the bank with consequential improvement in risk management, internal monitoring and, again, improvement in the transparency and timing of financial and other reports. Thus, the diagram shows that Risk Management, Monitoring & Audit Factor No 5 affects Reporting Factor No 1 in a reflexive manner, that is, these factors affect each other. But how are the risk management, monitoring, internal audit and external audit functions improved in the first place? The diagram shows that skills of the board affect these functions in a positive direction beginning with Risk Management, Monitoring & Audit Factor No 5. Thus, increases in board skills, qualifications and expertise (the [BrdSkills] (+) variable) will positively affect risk management, monitoring and audit within and outside the bank and the transparency, quality and timing of reporting. Therefore, the [BrdSkills] (+) variable is hypothesised to affect all governance factors except the overriding Compliance Factor No 2 (Corporate Governance and Legal Compliance). This equates to a coverage/rating of +7/87.50 rprox in the Coverage Table (Table 3.1 of Stage 1) and the Relational Proximity Table (Table 3.2 of Stage 1).

3.7 [TransTimeMon] (+) – Transparency and Timing of Reporting – Monitoring Effect For explanatory purposes of the relational effect paths of many bank-specific governance variables in this Stage 2, it is also necessary to review another Key/Core governance variable from Sect. 1.1 of Chap. 1 above – the [TransTimeMon] (+) variable from section 9.1.2.1 of Stage 1, again restated here. This governance variable represents the enhanced (+) monitoring effect of transparency and timing of reporting. The studies described in section 9.1.2 of Stage 1 seek to link, most directly, the transparency and timing of reporting with both enhancement of the monitoring function (Risk Management, Monitoring & Audit Factor No. 515) and the quality of decision-making (Decision-making Factor No. 716). Given its focus on monitoring and decision-making, the [TransTimeMon] (+) variable’s relational effect path is positive (+) and the zone of effect of that relational effect path is hypothesised to be similar to that of the [BrdSkills] (+)17 and [BrdIndMon] (+)18 variables but with an additional overriding requirement of the Compliance Factor No. 2 (Corporate Governance and Legal Compliance19). Compliance Factor No. 2 is present because of the substantial guidance in governance codes relating to the access, timeliness,  See discussion in section 2.6.5 of chapter 2 of Stage 1, above n 1.  See discussion in section 2.6.7 of chapter 2 of Stage 1, above n 1. 17  Board – Director Skills ‘Mix’ – see Fig. 7.2 and discussion in section 7.3.1.2.1 of chapter 7, Stage 1, above n 1. 18  Board Independent Director: Executive Director Proportion – Monitoring Effect – see discussion in sections 7.3.2.1.1 and 7.3.2.1.2 of chapter 7, Stage 1, above n 1. 19  See discussion in section 2.6.2 of chapter 2, Stage 1, above n 1. 15 16

3.7  [TransTimeMon] (+) – Transparency and Timing of Reporting – Monitoring Effect

GF 1

GF 5

GF 8

49

GF 7

GF 3 GF 2

GF 6

GF 4

Fig. 3.4  Reproduction of Fig. 9.1 of Stage 1 – [TransTimeMon] (+) variable relational effect path

quality and reliability of information. The features listed in Governance Code Table 6.2 of Stage 1 are examples of the width of this requirement. The Compliance Factor No. 2 is also significant in the [TransTimeMon] (+) variable because of its (very) direct influence on the Reporting Factor No. 1 (Transparency, Timing and Integrity of Financial and Other Reports). In this respect, Compliance Factor No. 2 provides much of the (mandated and other) content for the financial and other reports contemplated by the Reporting Factor No. 1. For example, the overriding themes of Compliance Factor No. 2 include the requirements of the international/cross-border and national (US, UK and Australian) corporate Governance Codes (Comparative Corporate Governance Codes Key Field No. 3) again presented in Chapter 6 of Stage 1. Similarly direct (and strong) is the influence of the Compliance Factor No. 2 on the Risk Management, Monitoring & Audit Factor No. 5 as described in Fig.  2.4 of Stage 1 (Compliance Factor No. 2 Interrelationships20). In that diagram, the Compliance Factor No. 2 affects all other governance factors. An alternative way to consider the presence of the Compliance Factor No. 2 is to liken the effect of the [TransTimeMon] (+) variable to the operation of the [NationGov*] (+) variable.21 In the case of the [NationGov*] (+) variable, the Compliance Factor No. 2 is hypothesised to be affected. This is because changes in the content of this variable will actually change the requirements of ‘hard’, ‘soft’ or ‘hybrid’ laws22 which apply to the bank. Similarly, the nature and operation of the transparency and timing of reporting contemplated by the [TransTimeMon] (+) variable can also change with changes in the law. In other words, the [TransTimeMon] (+) variable is like the [NationGov*] (+) variable but only insofar as the provisions which govern the transparency/quality, content and timing of financial and other reports. Thus, the relational effect path for the [TransTimeMon] (+) variable is hypothesised to be as follows (Fig. 3.4 above).

 Ibid.  See discussion in section 7.3.1.3.2 of chapter 7, Stage 1, above n 1. 22  See discussion in section 6.1.3.1 of chapter 6, Stage 1, above n 1. 20 21

50

3  Determining the Effects of Governance Variables in the Relational Approach

What does this reveal about this variable? First, that the relational effect path of [TransTimeMon] (+) is similar (but with an additional Compliance Factor No. 2) to the relational effect paths for [BrdSkills] (+)23 and [BrdIndMon] (+).24 But this is not to engage in ‘double-counting’. This is because both the [BrdSkills] (+) and [BrdIndMon] (+) variables are hypothesised to begin with the Risk Management, Monitoring & Audit Factor No. 5 and the Decision-making Factor No. 7. Each of these governance factors has a reflexive relationship with the other as described in subsection 2.6.7 of chapter 2 of Stage 1. So how is the [TransTimeMon] (+) variable different from this? Instead and significant in the case of the [TransTimeMon] (+) variable is that the relational effect path is hypothesised to begin with the Reporting Factor No. 1 and the Compliance Factor No. 2 as the ‘drivers’ of this zone of effect. For example, as noted above, the effect of the Compliance Factor No. 2 on the Reporting Factor No. 1 is significant on account of the requirements of governance codes. Thus the access, relevance and quality and reliability measures of Vishwanath and Kaufmann25 are translated into the relational approach and flow in part from the Compliance Factor No. 2. There is also a reflexive relationship between the Reporting Factor No. 1 and the Risk Management, Monitoring & Audit Factor No. 5 as described in subsection 2.6.5 of chapter 2 of Stage 1. Thus, these two governance factors inform each other. For example, if the bank applies additional resources to the board, CEO and management monitoring functions  – including internal and external audit  – then the relational approach predicts an improvement in the quality and reliability of information which flows to the board and, therefore, the market. This, in turn, enhances the quality of external or market monitoring of the board with, it is predicted, improvements in internal monitoring. Thus, it is the Compliance Factor No. 2 and the reflexive relationship between the Reporting Factor No. 1 and the Risk Management, Monitoring & Audit Factor No. 5 which are hypothesised to be the ‘sources’ of the positive influence represented in Fig.  9.1 of Stage 1 for [TransTimeMon] (+). Therefore, the [TransTimeMon] (+) variable is hypothesised to affect all governance factors including the Compliance Factor No. 2’s overriding effect on the Reporting Factor No. 1 and the Risk Management, Monitoring & Audit Factor No. 5. This equates to a coverage/rating of +8/100.00 rprox in the Coverage Table (Table 3.1 of Stage 1) and the Relational Proximity Table (Table 3.2 of Stage 1).

 Board – Director Skills ‘Mix’ – see Fig. 7.2 and discussion in section 7.3.1.2.1 of chapter 7 Stage 1, above n 1. 24  Board Independent Director: Executive Director Proportion – Monitoring Effect – see discussion in sections 7.3.2.1.1 and 7.3.2.1.2 of chapter 7, Stage 1, above n 1. 25  Tara Vishwanath and Daniel Kaufmann, ‘Towards Transparency in Finance and Governance’ (September 1999), accessed 4 March 2015 at SSRN: http://ssrn.com/abstract=258978, pp 2–4. 23

3.8  Introduction to the Chap. 4 User Guide and Chap. 5 Quick-Reference Guide

51

3.8 Introduction to the Chap. 4 User Guide and Chap. 5 Quick-Reference Guide Thus, to this point, all the determinations are already completed for the user. So how does the user use the Stage 2 Key Code and Advanced Handbook in governance ‘mapping’ or reviewing an Australian bank  – by the bank itself, a Supervisor/ Regulator or advisory firm? This is considered next in Chap. 4: • User Guide (Chap. 4); • how do we determine the relative strength of a governance variable? (Sect. 4.2); • how do we determine the coverage/rating of a Stage 2 bank-specific variable? (Sect. 4.3); • the description of the variable, source, abbreviation and ‘Key Grouping’ (Sect. 4.4); • the Stage 1 ‘Key’ or ‘Core’ variable (Sect. 4.5); and • the ‘target’ or ‘hypothesised’ coverage/rating (Sect. 4.6). In Sect. 4.7, we then describe a ‘mapping’ procedure in four (4) steps for the review of an Australian bank’s governance, management, control and reporting structures, mechanisms, processes, protocols and lines of responsibility and bank and risk culture. In Sect. 4.8, we present some useful ‘rules of thumb’ to keep in mind relating to the use of the Stage 1 Key/Core variables and their target or hypothesised coverages/ratings in the construction or modelling of the Stage 2 bank-specific variables. Chap. 5 concludes Part 1 with our ‘Quick-Reference Guide’. This should be tabbed by the reader for use throughout the Key Code and Advanced Handbook. It defines or explains the main terms which recur regularly in the application of the Model.

Chapter 4

Key Code and Advanced Handbook User Guide

Abstract  In this Stage 2 Key Code and Advanced Handbook, Chap. 4 introduces a ‘User Guide’ comprising a plain-English guide to using the bank-specific Relational Corporate Governance Approach Model for Australian major banks. This includes how the user determines the relative importance/strength of a governance variable using the Bank Combined Coverage and Relational Proximity Table to determine the ‘coverage’ and ‘relational proximity rating’ of a bank-specific variable. This includes the description of the variable, source, abbreviation and ‘Key Grouping’, the Stage 1 ‘Key’ or ‘Core’ variable upon which the bank-specific governance variable is modelled and the ‘target’ or ‘hypothesised’ coverage/rating. We then describe a ‘mapping’ procedure in four (4) steps for the review of an Australian major bank’s governance, management, control and reporting structures, mechanisms, processes, protocols and lines of responsibility and accountability and bank and risk culture. We present some useful ‘rules of thumb’ to keep in mind relating to the use of the Stage 1 Key/Core variables and their target or hypothesised coverages/ratings in the construction or modelling of the bank-specific variables. Keywords  User guide · Mapping an Australian major Bank · Reviewing an Australian major Bank · Governance variable · Governance variable source · Governance variable key grouping · Stage 1 Key or Core variable · Target/ hypothesised coverage/rating · Mapping the Bank · User guide rules of thumb

4.1 Using the Stage 2 Key Code and Advanced Handbook for the Governance ‘Mapping’ or Reviewing of an Australian Major Bank This User Guide Should be Tabbed by the Reader for Reference Throughout the Key Code So far in this Part 1 of the Key Code and Advanced Handbook we have examined in overview the main theoretical components and diagrams which make up the

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_4

53

54

4  Key Code and Advanced Handbook User Guide

relational approach and Model. That is, the foundations and the scaffolding have been constructed. But what does the Model do and how do we use it? The theoretical components and diagrams build or construct the Model, but they are not used to determine the identity, nature/behaviour or strength of a Stage 2 bank-specific governance variable.

4.2 How Do We Determine the Relative Strength of a Governance Variable? This is done by counting the governance factors affected, ‘switched-on’ or influenced by a variable and the direction (+ or – or +/−) of the effect. But this is all done for the user by the Model itself. ‘Governance factors’ represent the eight principal, main or dominant underlying or foundational aims or themes of corporate governance. In other words, they are the eight most important aims that ‘good’ corporate governance tries to achieve. That sphere or field of corporate governance is represented by the five ‘Key Fields’ – four original Key Fields from Stage 11 and the fifth Key Field from this Stage 2: 1. Principal ‘law and economics’ theories of the firm; 2. Enron and Hastie corporate collapses; 3. Comparative corporate governance codes from the international/cross-border and national sectors; 4. Empirical field studies of the effectiveness of governance variables – mostly statistical in nature  – measured by firm cost of capital, firm operating performance/profit, firm value/share price and the likelihood of earnings manipulation; and 5. Governance of banks in the GFC and beyond to the Australian Banking Royal Commission Inquiry into banking misconduct. And these eight governance factors are: 1. 2. 3. 4.

Reporting – Transparency, timing and integrity of financial and other reports; Compliance – Corporate governance and legal compliance; Alignment – Alignment of management and shareholder interests; Compensation – Board, CEO and management compensation and incentives;

 Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 1

4.2  How Do We Determine the Relative Strength of a Governance Variable?

55

5. Risk Management, Monitoring & Audit – Risk Management and internal and external/audit monitoring quality; 6. Stakeholders  – Identification, participation and protection of stakeholder interests; 7. Decision-making  – Quality of board, CEO and management decision-­ making; and 8. Responsibility  – Delineation and disclosure of powers, duties and lines of responsibility. There may well be – indeed there are – more than eight aims of corporate governance. But these are the eight most important ones for determining the relative strength of variables which arise when viewing the sphere of corporate governance as a whole. The number, identity, configuration and direction of the governance factors affected, switched-on or influenced by a governance variable is that variable’s ‘relational effect path’. All relational effect paths were summarised in the diagram of pathways called the ‘Shareholder Primacy Interrelationship Scheme’.2 It shows the layout of the pathways linking the eight governance factors. Measuring the relative strength of governance variables – how strong a variable is compared to another variable – is difficult to determine in the absence of computerised statistical studies. Why the relational approach is so useful is that it calculates this relative strength using only the Model itself. That is, on a rating scale invented by and self-contained in the Model. So, the relative strength of a governance variable depends on how many of these eight governance factors are affected, switched-on or influenced by the variable and the direction of the effect, switching-on or influence. We call that ‘coverage’. If a variable affects 4 out of the 8 factors, then the coverage is 4. If the variable affects 6 out of the 8 factors, then the coverage is 6. For making comparisons between the variables, that relative strength or coverage is then converted to a number or percentage out of 100.00 units. We call that number ‘relational proximity’ or ‘rprox’. It is a simple calculation like percentages – so a coverage of 4 out of 8 is 50.00 rprox. A coverage of 6 out of 8 is 75.00 rprox. A coverage of 7 out of 8 factors is 87.50 rprox. For direction, a positive (+) sign represents an enhancement/improvement in the aims represented by the governance factors. A negative (−) direction sign signifies that those aims are reduced or diminished. So, for example, a coverage/rating of +8/100.00 rprox means a coverage of 8 (i.e., all governance factors are affected, switched-on or influenced by the variable), a relational proximity rating of 100.00 (the maximum) in the positive (+) direction (signifying all governance factors are enhanced/improved by this variable.)

 See Fig. 3.1 of Chap. 3 above.

2

56

4  Key Code and Advanced Handbook User Guide

4.3 Using Table 10.2 – How Do We Determine the Coverage/ Rating of a Stage 2 Bank-Specific Variable? This Table forms the actual Key Code for governance ‘mapping’ or reviewing an Australian major bank  – indexing and encompassing the reports and pronouncements in Sect. 1.2 above – at a very practical level. Another important advantage of the Key Code is that the user does not need to calculate the target or hypothesised coverage or relational proximities of the bankspecific governance variables. These are all calculated in Table 10.2 for the user just like a mathematical table used by maths students. What does Table 10.2  – the Bank Combined Coverage and Relational Proximity Table  – tell us about the 1749 governance variables for banks? (Table 4.1 below).

4.4 Variable, Source, Abbreviation and Key Grouping First – each variable has a number – there are 1749 variables. Second – we get the description of the variable, its source and its abbreviation. The description and/or the abbreviation starts with a number of characters which tell us which Stage 2 ‘Key Grouping’ the governance variable belongs to. The list of Key Groupings is shown in Table 10.1 of Chap. 10. These are subsets or sub-categories – each based on a structure, mechanism or process area within the bank – in which the variables are indexed and divided so that the variables can be examined by activity or function for a ‘deep dive’ review of that activity. The Key Table 4.1  Extract from Table 10.2 – Bank Combined Coverage and Relational Proximity Table

Governance Variable and No Description and Source 1. Banks – Board oversight of accountability – Failure “about accountability for risks and issues across business units” – Failure of clear lines of accountability/responsibility for outcome – Failure of information flow – reduction in quality of risk management and internal monitoring and decision-making (APRA)

Abbreviation (Alphabetical) and Key/ Core Variable from Stage 1 from which the Stage 2 Variable is Derived or Modelled AccFailAcrossBUs (−) [TransTimeMon] (+) in the negative direction

Target/ Hypoth­esised Coverage/ Relational Proximity Rating rprox −8/100.00

Chapter and Section Ref. (Relational Effect Path in bold) Stage 2 45.15

4.5  Stage 1 ‘Key’ or ‘Core’ Variable

57

Grouping also allows the Key Code to index and track compliance with the requirements of particular government, regulatory/supervisory, bank or market participant reports, reviews and documents in Sect. 1.2 above.

4.5 Stage 1 ‘Key’ or ‘Core’ Variable Third – under the Stage 2 variable’s abbreviation, we see the abbreviation of the Stage 1 ‘Key’ or ‘Core’ variable that the Stage 2 variable is constructed or modelled-­on. In other words, there are seven (7) Key/Core governance variables from the original thirty-nine (39) variables of Stage 1. These Stage 1 governance variables are: • [AudCom] (+) – Audit Committee – Presence, Operation and Frequency (relational effect path section 8.4.2 of Stage 1) (+6/75.00 rprox) (Table 10.2, No 23); • [BrdIndInfo] (−) – Board Independent Director: Executive Director Proportion – Information Flow and Decision Quality ‘Trade-off’ (relational effect path section 7.3.2.1.3 of Stage 1) (−4/50.00 rprox) (Table 10.2, No 201); • [BrdIndMon] (+) – Board Independent Director: Executive Director Proportion – Monitoring Effect (relational effect path sections 7.3.2.1.1–7.3.2.1.2 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 203); • [BrdSkills] (+) – Board – Director Skills ‘Mix’ (relational effect path section 7.3.1.2.1 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 209); • [EqOptEntrch] (−) – Equity/Option Plans and Holdings of Directors/ Executives  – ‘Entrenchment’ Effect (excludes short-term options) (relational effect path section 10.2.4 of Stage 1) (−7/87.50 rprox) (Table 10.2, No 434); • [EqOptIncent] (+) – Equity/Option Plans and Holdings of Directors/ Executives  – Incentive/‘Alignment’ Effect (excludes short-term options) (relational effect path section 10.2.4 of Stage 1) (+7/87.50 rprox) (Table  10.2, No 435); and • [TransTimeMon] (+)  – Transparency and Timing of Reporting  – Monitoring Effect (relational effect path section 9.1.2.1 of Stage 1) (+8/100.00 rprox) (Table 10.2, No 1203). So, every Stage 2 bank-specific variable is modelled-on one of these seven Stage 1 Key/Core variables. Fourth – the description under the Key/Core variable tells us whether there is any change to the ‘relational effect path’ of the Key/Core variable in order to construct the Stage 2 variable., i.e., whether there are any additional/fewer governance factors. For example, “[AudCom] (+) with additional Responsibility Factor No 8”. As for the direction, this may also change and is also described below the Key/ Core variable. For example, “[TransTimeMon] (+) in the negative direction”.

58

4  Key Code and Advanced Handbook User Guide

4.6 Target or Hypothesised Coverage/Rating Fifth – we get the target or hypothesised coverage and rating for each bank-specific variable. This will be the coverage/rating of the Key/Core variable adjusted by any change in the number of governance factors and/or change in direction. So, using one of the above examples, where the Key/Core variable is described as “[TransTimeMon] (+) in negative direction”, then the target/hypothesised coverage/rating will be −8/100.00 rprox. This represents the coverage/rating of the [TransTimeMon] (+) variable of +8/100.00 rprox but reversed to the negative direction giving rise to −8/100.00 rprox. Finally – the final column gives the chapter and section reference of this Stage 2 Key Code and Advanced Handbook that the variable is discussed in. Bold references signify where the relational effect path of the variable is constructed and explained.

4.7 “Mapping” the Bank – How Do We Determine the Existence of a Governance Variable in the Bank and Then Verify it is Performing or Behaving as Predicted or Contemplated by the Model? This is also determined in steps. But these are undertaken by the user using Table 10.2 and making enquiries. Step 1 – Build the Existing Map of the Bank The first step is to build a detailed and comprehensive map of the bank’s governance, management, control and reporting structures, mechanisms, processes, protocols and lines of responsibility and accountability as they presently exist. Indeed, such an exercise is currently at the time of writing an obligation of the Accountability Statement and Accountability Map of the BEAR examined in Chap. 20.3

 See discussion in Sect. 20.5 of Chap. 20 below, Section 37F – Notification Obligations of an ADI and Governance Variables. The Australian Treasury announced in a Proposals Paper of 22 January 2020 that it proposed to extend the BEAR to other APRA regulated entities in the insurance and superannuation industries with the introduction of the Financial Accountability Regime (FAR). See Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, accessed 17 February 2020, available at https://treasury.gov.au/sites/default/files/2020-01/c2020-24974.pdf. See Attachment A – Summary of changes from the BEAR to the FAR, pp 11–13. The Government intends to introduce legislation by the end of 2020 to implement the FAR. See Proposal Paper, Next steps, p 3. Accountability Statements and Accountability Maps will remain obligations of the FAR. See Proposal Paper, Accountability maps and statements, p 7 and Attachment A, p 12. 3

4.7  “Mapping” the Bank – How Do We Determine the Existence of a Governance…

59

Step 2 – Compare the Existing Bank Map to the List of Stage 2 Variables Each Stage 2 governance variable is a prompt, question or enquiry as to the whether that governance variable appears in the existing map of the bank. The description of the governance variable from Table 10.2 tells us the ‘nuts and bolts’ nature or requirement of the structure, mechanism, process, protocol or line of responsibility/accountability required at the practical bank level. Step 3 – Add Variables that are Missing If a positive (+) governance variable does not presently exist within the map of the bank, it must be added to support the governance structure of the bank. Each governance variable in Table 10.2 is required or contemplated by the reports and pronouncements introduced in Sect. 1.2 above. Remember that the governance variables are grouped by Key Grouping – these divide the variables into subsets of structures, mechanisms or process areas of activities of functions within the bank. Thus, Step 2 will establish if any pathways required or envisaged by the reports and pronouncements in Sect. 1.2 – including the BEAR – are missing, unconnected or underdeveloped. Step 4 – Check Examination and Evaluation Points Each existing (and added) governance variable in Steps 2 and 3 is then examined for operation, direction, behaviour, extent and effectiveness at each examination and evaluation point represented by one of the Stage 2 governance variables. This means that the user must investigate, verify or check whether the particular governance variable affects or switches-on the governance factors pertaining to the Stage 1 Key/Core variable that the Stage 2 variable is modelled on. How is that done? (i) positive variables Positive variables show a target or hypothesised enhancement in the attainment of the aims in the governance factors. Positive variables are predicted or hypothesised to enhance the bank’s long-term efficiency and survival/ sustainability measured by firm cost of capital, firm operating performance/profit, firm value/share price and the likelihood of earnings manipulation. Take the [TransTimeMon] (+) Key/Core variable with a target or hypothesised coverage/rating of +8/100.00 rprox. Table 10.2 tells us that its relational effect path is constructed in Stage 1 section 9.1.2.1. This Stage 1 variable’s target/hypothesised coverage/rating affects or switches-on all eight governance factors in the positive direction signifying an enhancement/improvement of each of those governance factors. So the user must check that any Stage 2 governance variable based or modelled-­on the [TransTimeMon] (+) Key/Core variable is connected to one or more governance or management structures, mechanisms, processes, protocols or lines of responsibility and accountability which achieve each of those eight aims represented by the eight governance factors. Similarly, take the [BrdSkills] (+) Key/Core variable with a target or hypothesised coverage/rating of +7/87.50 rprox. Table 10.2 tells us that its relational effect

60

4  Key Code and Advanced Handbook User Guide

path is constructed in Stage 1 section 7.3.1.2.1. This Stage 1 variable’s target/ hypothesised coverage/rating affects, switches-on or influences all governance factors except Compliance Factor No 2. So, any Stage 2 variable based or modelled on the [BrdSkills] (+) Key/Core variable should be connected to governance or management structures, mechanisms, processes, protocols or lines of responsibility and accountability which achieve the other seven governance factors. (ii) negative variables Negative variables are different. They show a target or hypothesised diminution or reduction in the attainment of the aims in the governance factors. The Model hypothesises that negative governance variables reduce the long-term efficiency and survival/sustainability of the bank. So, for negative variables, the user is seeking to remediate or counter the negative effect on the governance factors by eliminating the variable within the map of the bank or by changing or adding to the governance or management structures, mechanisms, processes, protocols or lines of responsibility and accountability surrounding that variable.

4.8 Some User Guide ‘Rules of Thumb’ Having completed this introduction to the Key Code, there are a number of observations which can be made even before the examination of the Key Code itself in Table 10.2.

4.9 ‘Board Skills’ Key/Core Variable [BrdSkills] (+)  – Board  – Director Skills ‘Mix’ (relational effect path section 7.3.1.2.1 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 209). Here, the coverage/rating is +7/87.50 rprox. This means that, invariably, Stage 2 bank-specific governance variables modelled-on this Key/Core variable will have a target or hypothesised coverage/rating of +7/87.50 rprox also. So, even before entering into the Key Code itself, variables which affect board skills – such as qualifications, bank-specific knowledge or experience, accounting and financial expertise, fit and proper person requirements, induction, training, status or stature, diversity and codes of conduct and ethics – score a coverage of +7 and a rating of +87.50 rprox. So, board skills-like variables are highly desirable to enhance bank long-term efficiency and survival/sustainability. Of course, the absence or reverse of such variables has the opposite effect – a coverage/rating of −7/87.50 rprox – indicating a reduction in bank sustainability and an increase in the likelihood of bank failure.

4.11  Non-executive/Independent Directors

61

4.10 The ‘Compensation and Incentive’ Key/Core Variables Two Stage 1 Key/Core variables are relevant here: • [EqOptEntrch] (−) – Equity/Option Plans and Holdings of Directors/ Executives  – ‘Entrenchment’ Effect (excludes short-term options) (relational effect path section 10.2.4 of Stage 1) (−7/87.50 rprox) (Table 10.2, No 434); and • [EqOptIncent] (+) – Equity/Option Plans and Holdings of Directors/Executives – Incentive/‘Alignment’ Effect (excludes short-term options) (relational effect path section 10.2.4 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 435). We will see that these two Key/Core variables are the model for the very prominent bank counterpart compensation variables which affect risk-taking in banks: • [EqOptRiskAlignHighEnd] (+) – Equity and Options for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests (relational effect path Sect. 12.5 of Stage 2) (+7/87.50 rprox) (Table 10.2, No 436); and • [EqOptRiskFailHighEnd] (−) – Equity and Options for Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (relational effect path Sect. 12.5 of Stage 2) (−7/87.50 rprox) (Table 10.2, No 437). Two things to notice from the start. First, bank-specific variables relating to the compensation mix/composition and performance-based equity compensation or incentives – such as the relevant holdings, plans, structures, procedures, policies, benchmarks, metrics (such as the share price), adjustments, restrictions, delay, deferral, lock-up and clawback – are high coverage/rating variables. All are at the positive (+) or negative (−) 7/87.50 rprox coverage/rating. Second, the bank-specific compensation variables are concerned with risk-­ taking. Compare the descriptions of the bank-specific variables. The dividing line is between, on the one hand, a level of equity and options giving rise to risk-taking in alignment with shareholder interests and, on the other, a level of equity and options giving rise to risk taking which increases the likelihood of bank failure. And, as the descriptions indicate, the dividing line is set at the bank’s risk appetite level.

4.11 Non-executive/Independent Directors As we saw in Stage 1, non-executive/independent directors (NEDs) are a focus of contemporary corporate governance: • [BrdIndMon] (+) – Board Independent Director: Executive Director Proportion – Monitoring Effect (relational effect path sections 7.3.2.1.1–7.3.2.1.2 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 203). Again, first, we will see a coverage/rating at the high end of +7/87.50 rprox for Stage 2 bank-specific variables modelled on the [BrdIndMon] (+) variable.

62

4  Key Code and Advanced Handbook User Guide

Second, a large number of banking-specific variables in Part 5 go to enhancing risk management and monitoring  – i.e., Risk Management, Monitoring & Audit Factor No 5. As a large number of new variables pertain to NEDs, the ‘independence’ ingredient of NEDs is used as a building block for these variables. Thus, in Sect. 22.3 of Chap. 22, there is a brief review of the [BrdIndMon] (+) variable from Stage 1. And there, we explain that the relational effect path of the [BrdIndMon] (+) variable is identical to the [BrdSkills] (+) variable.

4.12 Reporting, Information Flows and Escalation of ‘Red Flags’ [TransTimeMon] (+) – Transparency and Timing of Reporting – Monitoring Effect (relational effect path section 9.1.2.1 of Stage 1) (+8/100.00 rprox) (Table  10.2, No 1203). Variables which enhance the transparency, timing, content and ‘understandability’ (or ‘accessibility’) of reporting – including the flow of information escalated up through the business-unit levels of the bank to the senior management and board – enhance Risk Management, Monitoring & Audit Factor No 5, Reporting Factor No 1 and all other governance factors. So this has a maximum positive coverage/rating of +8/100.00 rprox. So the converse is of vital importance in bank governance. Coming as a lesson from the GFC, failings in variables which result in a reduction of information flow through the bank – such as a failure to escalate ‘red flags’ for risk exposures, events and issues (for example, whether the bank is inside or outside risk appetite) – have the highest possible negative effect on the survival and sustainability of the bank. This gives rise to a variable for failure to escalate problems or ‘red flags’, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailRedFlag] (−) – Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (OECD Key Findings 2009), (OECD Kirkpatrick Report 2009), (EC Green Paper 2010); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8. So, Part 6 identifies a large number of bank-specific variables representing failings in information flow  – including failings in metrics, stress-testing and non-­ financial risks  – based on the [FailRedFlag] (−) variable and, in turn, the [TransTimeMon] (+) variable in the negative (−) direction. Both give rise to a coverage/rating of −8/100.00 rprox, thus increasing the likelihood of bank failure.

Chapter 5

Quick-Reference Guide

Abstract  Chapter 5 of this Stage 2 Key Code and Advanced Handbook comprises a ‘Quick-Reference Guide’ which defines or explains the main terms which recur regularly in the application of the bank-specific Model to Australian major banks. In particular, the reader/user is reminded of the meanings of the principal components, the principal tables and the ratings scale applicable to the governance variables known as ‘coverage’ and ‘relational proximity rating’ or ‘rprox’. In addition, the method for measuring the relative strength of a governance variable is summarised including the effects of positive (+) and negative (−) governance variables on the long-term efficiency and survival/sustainability of a major bank. Keywords  Quick-reference guide · Principal terms · Principal components · Definitions · Explanations · Principal tables

This Quick-Reference Guide Should be Tabbed by the Reader for Reference Throughout the Key Code Terms appearing in bold type in the definition or explanation section are themselves defined elsewhere in this Quick-Reference Guide. Term Bank Combined Coverage and Relational Proximity Table Bank-specific governance variable Bank-specific governance reports and pronouncements

Definition or Explanation Table 10.2 of Chap. 10.

See Governance variable below. Table 10.2 lists 1749 bankspecific governance variables in this Stage 2 Model. The governmental, regulatory/supervisory, major bank and market participant reports, papers and pronouncements which together create the landscape of bank-level governance, accountability, remuneration, risk management and culture mapped by the Stage 2 Model. They are listed in Sects. 1.2 and 10.1. (continued)

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_5

63

64 Term Core variable Coverage of a governance variable

Governance factors

Governance variable

5  Quick-Reference Guide Definition or Explanation See Key/Core variable below. The number and identity of governance factors affected, ‘switched-on’ or influenced by a governance variable and the direction of the effect (+ or – or +/−). This is displayed in the relational effect path of a governance variable. The target or hypothesised coverage of a governance variable is displayed in Table 10.2, the Bank Combined Coverage and Relational Proximity Table. These represent the eight (8) principal, main or dominant underlying or foundational aims or themes of the sphere or field of corporate governance represented by the five (5) Key Fields. In other words, they are the eight most important aims or purposes that ‘good’ corporate governance tries to achieve: 1. Reporting – Transparency, timing and integrity of financial and other reports; 2. Compliance – Corporate governance and legal compliance; 3. Alignment – Alignment of management and shareholder interests; 4. Compensation – Board, CEO and management compensation and incentives; 5. Risk Management, Monitoring & Audit – Risk Management and internal and external/audit monitoring quality; 6. Stakeholders – Identification, participation and protection of stakeholder interests; 7. Decision-making – Quality of board, CEO and management decision-making; and 8. Responsibility – Delineation and disclosure of powers, duties and lines of responsibility. The governance and management structures, mechanisms, processes and protocols which are employed by a corporation to punish or deter management misconduct, to align the interests of corporate ‘insiders’ such as the directors, CEO and management with ‘outsiders’ such as widely-dispersed shareholders and otherwise to reduce agency costs and other shareholder value-reducing managerial behaviour or actions. Table 10.2 lists 1749 bank-specific governance variables in this Stage 2 Model. (continued)

5  Quick-Reference Guide Term Key/Core variable

Key Field

65 Definition or Explanation This is the Stage 1 ‘Key’ or ‘Core’ variable that the Stage 2 variable is constructed or modelled-on. There are seven (7) Key/ Core governance variables from the original thirty-nine (39) variables of Stage 1. These Stage 1 governance variables are: • [AudCom] (+) – Audit Committee – Presence, Operation and Frequency (relational effect path section 8.4.2 of Stage 1) (+6/75.00 rprox) (Table 10.2, No 23); • [BrdIndInfo] (−) – Board Independent Director: Executive Director Proportion – Information Flow and Decision Quality ‘Trade-off’ (relational effect path section 7.3.2.1.3 of Stage 1) (−4/50.00 rprox) (Table 10.2, No 201); • [BrdIndMon] (+) – Board Independent Director: Executive Director Proportion – Monitoring Effect (relational effect path Sects. 7.3.2.1.1 and -7.3.2.1.2 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 203); • [BrdSkills] (+) – Board – Director Skills ‘Mix’ (relational effect path section 7.3.1.2.1 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 209); • [EqOptEntrch] (−) – Equity/Option Plans and Holdings of Directors/Executives – ‘Entrenchment’ Effect (excludes short-term options) (relational effect path section 10.2.4 of Stage 1) (−7/87.50 rprox) (Table 10.2, No 434); • [EqOptIncent] (+) – Equity/Option Plans and Holdings of Directors/Executives – Incentive/’Alignment’ Effect (excludes short-term options) (relational effect path section 10.2.4 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 435); and • [TransTimeMon] (+) – Transparency and Timing of Reporting – Monitoring Effect (relational effect path section 9.1.2.1 of Stage 1) (+8/100.00 rprox) (Table 10.2, No 1203). Every Stage 2 bank-specific variable is modelled-on one of these seven (7) Stage 1 Key/Core variables. The sphere/field of corporate governance is represented by the research books, journal articles, literature, reports, reviews, pronouncements and other research materials in five ‘Key Fields’ – four original Key Fields from Stage 1 and the fifth Key Field from this Stage 2: 1. Principal ‘law and economics’ theories of the firm; 2. Enron and Hastie corporate collapses; 3. Comparative corporate governance codes from the international/ cross-border and national sectors; 4. Empirical field studies of the effectiveness of governance variables – mostly statistical in nature – measured by firm cost of capital, firm operating performance/profit, firm value/share price and the likelihood of earnings manipulation; and 5. Governance of banks in the GFC and beyond to the Australian Banking Royal Commission Inquiry into banking misconduct. (continued)

66

5  Quick-Reference Guide

Term Key Grouping

Definition or Explanation The description and/or the abbreviation of a governance variable starts with a number of characters which tell us which Stage 2 Key Grouping the governance variable belongs to. The list of Key Groupings is shown in Tables 1.1 and 10.1. These are subsets or sub-categories – each based on a structure, mechanism or process area within the bank – in which the variables are divided so that the variables can be examined by activity for a ‘deep dive’ review of that activity. The Key Grouping also allows the Model to index and track compliance with the requirements of particular government, regulatory/supervisory, bank or market participant reports, reviews and documents in Sects. 1.2 and 10.1. ‘Mapping’ the bank The 4 steps in Sect. 4.7 of Chap. 4 for determining the existence of a governance variable within the bank and then verifying it is performing or behaving as predicted or contemplated by the Model. Measuring the relative The relative strength of a governance variable depends on how strength of a governance many of the eight (8) governance factors are affected, ‘switched-on’ or influenced by the variable and the direction of the variable effect, switching-on or influence. We call that ‘coverage’. If a variable affects 4 out of the 8 factors, then the coverage is 4. If the variable affects 6 out of the 8 factors, then the coverage is 6. For making comparisons between the variables, that relative strength or coverage is then converted to a number or percentage out of 100.00 units. We call that number relational proximity or rprox. It is a simple calculation like percentages – so a coverage of 4 out of 8 is 50.00 rprox. A coverage of 6 out of 8 is 75.00 rprox. A coverage of 7 out of 8 factors is 87.50 rprox. For direction, a positive (+) sign represents an enhancement/ improvement in the aims represented by the governance factors. A negative (−) direction sign signifies that those aims are reduced or diminished. Some signs are dual-directional (+/−) and their final direction depends on the presence or absence of other variables or considerations. Negative governance They show a target or hypothesised diminution or reduction in the variables attainment of the aims in the governance factors. The Model hypothesises that negative governance variables reduce the long-term efficiency and survival/sustainability of the bank measured by firm cost of capital, firm operating performance/profit, firm value/share price and the likelihood of earnings manipulation. So, for negative variables, the user is seeking to remediate or counter the negative effect on the governance factors by eliminating the variable within the map of the bank or by changing or adding to the governance or management structures, mechanisms, processes, protocols or lines of responsibility and accountability surrounding that variable. Positive governance They show a target or hypothesised enhancement in the attainment variables of the aims in the governance factors. Positive variables are predicted or hypothesised to enhance the bank’s long-term efficiency and the survival/sustainability of the bank measured by firm cost of capital, firm operating performance/profit, firm value/ share price and the likelihood of earnings manipulation. (continued)

5  Quick-Reference Guide Term Relational effect path

Relational proximity rating or rprox

Shareholder Primacy Interrelationship Scheme

Survival or sustainability of the bank

Table 10.2 Target or hypothesised coverage/rating of a governance variable

67 Definition or Explanation The number, identity, configuration and direction of the governance factors affected, ‘switched-on’ or influenced by a governance variable is that variable’s relational effect path. All relational effect paths were summarised in the diagram of pathways called the Shareholder Primacy Interrelationship Scheme in Fig. 3.1. It shows the layout of the pathways linking the eight governance factors. For making comparisons between the governance variables, the relative strength or coverage of a governance variable is then converted to a number or percentage out of 100.00 units. We call that number the relational proximity rating or ‘rprox’. It is a simple calculation like percentages – so a coverage of 4 out of 8 is 50.00 rprox. A coverage of 6 out of 8 is 75.00 rprox. A coverage of 7 out of 8 factors is 87.50 rprox. The rating may be positive (+), negative (−) or dual-directional (+/−). A positive rating represents a prediction or hypothesis that the governance variable enhances the themes or aims represented by the eight (8) governance factors and therefore enhances the long-term efficiency and survival or sustainability of the bank measured by ‘proxies’ such as firm cost of capital, firm operating performance/ profit, firm value/share price and the likelihood of earnings manipulation or ‘management’. Figure 3.1 of Chap. 3 which is a reproduction of Stage 1 Figure 2.6. It shows the predicted or hypothesised pathways of the interrelationships between the eight (8) governance factors under the rubric of the shareholder primacy model of corporate governance and its associated shareholder wealth-maximisation principle. This concept is represented by ‘proxy’ or ‘substitute’ measures for (usually) shareholder welfare or wealth such as, most commonly, firm cost of capital, firm operating performance/profit, firm value/ share price and the likelihood of earnings manipulation or ‘management’. If these proxies can be maintained, improved or optimised over the long-run time-frame then, all other things being equal, the bank will continue as a ‘going concern’ or financially viable entity. In the relational model, the survival/sustainability of a bank is measured by the relational proximity rating or rprox. The Bank Combined Coverage and Relational Proximity Table in Table 10.2 of Chap. 10. For a bank-specific governance variable, this will be the coverage or rating of a Key/Core variable on which that bank-specific variable is modelled and then adjusted by any change in the number of governance factors and/or change in direction. For example, where the Key/Core variable is described as “[TransTimeMon] (+) in negative direction”, then the target/hypothesised coverage/rating will be -8/100.00 rprox. This represents the coverage/rating of the [TransTimeMon] (+) variable of +8/100.00 rprox but reversed to the negative direction giving rise to -8/100.00 rprox. The target or hypothesised coverage/rating of all governance variables is set out in Table 10.2, the Bank Combined Coverage and Relational Proximity Table.

Part II

Governance of Banks in the GFC and Beyond Key Field No 5 (Part 2): The Challenge for Relational Governance Variables for Australian Banks

Chapter 6

Key Questions and Core Failures in Bank Governance

Abstract  In Chapter 6 of the Key Code and Advanced Handbook we postulate the key questions for the governance and supervision of major banks in the GFC and beyond to the Australian Banking Royal Commission Inquiry into banking misconduct. In the GFC, Sahlman found five related systems which had failed – incentives, control and information technology, accounting, human capital and culture. We then identify the ‘core’ areas of corporate governance failures from the GFC and beyond including the securitisation of mortgage-backed securities. There follows an overview of multiple governance failures in banks – incentives, corporate/bank and risk culture, technology, boards, risk identification, assessment, control/management and reporting, (again) securitised mortgage products, the system of bank regulation and shareholders. We then examine failures identified in commentator studies and governmental and market participant reports – primarily incentives, board structure/ composition and processes and risk management. We find that these failures were exacerbated by complex and opaque bank structures, independence being emphasised at the expense of expertise and weaknesses leading to excessive risk-taking where risk management and compensation structures encouraged high risk. We identify excessive reliance on rating agencies and self-regulatory regulation, opaque corporate reporting, complexity, risk and valuation of new derivatives products. Keywords  Key questions · Core failures of corporate governance · Global Financial Crisis · Securitisation · Incentives · Risk culture · Independence · Expertise · Risk management · Significant causes

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_6

71

72

6  Key Questions and Core Failures in Bank Governance

6.1 The Key Questions for the Governance of Banks in the GFC and Beyond to the Australian Banking Royal Commission Inquiry into Banking Misconduct Like Stage 1,1 this Stage 2 Key Code and Advanced Handbook begins with a number of questions. This time, the questions are for ‘Key Field No 5’ – the behaviour and failures of governance variables for ‘Banks in the GFC and Beyond’ to the Australian Banking Royal Commission Inquiry into banking misconduct. In identifying relevant areas or issues in the crisis, Sahlman found five related systems which had failed: • Incentives – how risk and reward are shared; how people behave if they act in their own perceived best interests given the structure of pecuniary and non-­pecuniary payoffs • Control & Information Technology – how limits are placed on behavior; how information is captured and shared; how risk and reward are measured and how those assessments affect tactics and strategy • Accounting – how managers choose accounting policies; how managers measure economic profits & losses, as distinct from GAAP profits and losses • Human Capital – the process by which people with certain characteristics (skill, experience, networks, character, and attitude) are attracted and managed or encouraged to leave any organization • Culture – the values that guide individual and group decisions2

To improve these systems, the author provides a sequence of questions very apt in the introduction to the governance of banks in the GFC and beyond: • • • • • • •

What are the implicit and explicit incentives within the organization? How will individuals and groups behave in their own perceived best interest? Are the incentives and organizational objectives aligned? What behavior should be encouraged? Discouraged? Where is bad behavior most likely to occur and under what circumstances? To what degree do contextual factors (economy, competition, etc.) change incentives? Is there alignment with respect to the appropriate time horizon for meeting objectives and measuring performance? • Does the company accurately measure and report economic profits and losses? • Are the “right” people attracted and retained by the organization?

 Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 2  William Sahlman, “Management and the Financial Crisis (We Have Met the Enemy and He is Us …)” (October 28, 2009). Harvard Business School Entrepreneurial Management Working Paper No. 10–033, (28 October 2009), accessed 4 April 2017 at SSRN: http://ssrn.com/ abstract=1496526, 2. 1

6.2  ‘Core’ Areas of Corporate Governance Failures from Banks in the GFC and Beyond

73

• Are the “right” customers attracted and retained by the organization? • Given the incentives and people involved, what measurement and control systems must be in place? • What is the company culture and how does it exacerbate or ameliorate issues in incentives and controls? • What is the relative quality and status of people responsible for generating profits and people responsible for measuring profitability and controlling risks? • Who has responsibility for managing culture, human capital, incentives, controls and accounting within the organization?3

These questions supplement the questions in Stage 14 and are at the centre of the relational approach’s examination of the governance of banks in the crisis and beyond in Key Field No 5. The overall aim of Stage 2 is to review the behaviour and failures of the governance variables of Stage 1 in the GFC and to identify new governance variables from that period and beyond – to the Australian Banking Royal Commission Inquiry into banking misconduct. This will be particularly relevant for governance variables relating to governance, accountability, remuneration, board characteristics, committees, conduct and other non-financial risks, bank and risk culture and the governance and management of risk. Existing governance variables of the relational approach are defined in Stage 1, Appendix 1, Table A.1, Glossary of Governance Variables.5 And existing terms and components are defined in Stage 1, Appendix 2, Table A.2, Glossary of Relational Corporate Governance Approach Terms and Components.6 New bank-specific governance variables derived from the examination of the governance of banks in the GFC and beyond are added to the relational approach by Parts 3–6 of this Stage 2 Key Code and Advanced Handbook. Thus, in Chap. 10, existing and new bank-specific governance variables will appear in a new Table 10.2, the ‘Bank Combined Coverage and Relational Proximity Table’.

6.2 ‘Core’ Areas of Corporate Governance Failures from Banks in the GFC and Beyond The non-governance-related causes of the GFC and whether – and how – governments should have bailed-out financial firms to remedy the financial, political and social effects of the GFC are beyond the scope of this Stage 2 Key Code and

 Ibid, 28.  Stage 1, above n 1, p 2. 5  Ibid, pp 344–356. 6  Ibid, pp 357–366. 3 4

74

6  Key Questions and Core Failures in Bank Governance

Advanced Handbook and have been examined by other commentators7 including in relation to Australia.8 Also left to other commentators is a description and analysis of the timeline of events during the GFC that led to bank and financial firm failures.9 In this respect, it is enough for the purposes of this Key Code and Advanced Handbook to point to the sequence of four specific factors described by Blundell-Wignall, Atkinson and Lee which led banks to increase their activities in securitized or collateralized mortgage products – a recurring theme throughout the crisis: In 2004 four time specific factors came into play. (1) the Bush Administration ‘American Dream’ zero equity mortgage proposals became operative, helping low-income families to obtain mortgages; (2) the then regulator of Fannie Mae and Freddie Mac, the Office of Federal Housing Enterprise Oversight (OFHEO), imposed greater capital requirements and balance sheet  See, for example, Lucian A Bebchuk, “A Plan for Addressing the Financial Crisis” (2008) 5(5) The Economists’ Voice, Article 6, 2008; Harvard Law and Economics Discussion Paper No. 620, (September 2008), accessed 12 April 2017 at SSRN: http://ssrn.com/abstract=1273241; Lucian A Bebchuk, “How to Make TARP II Work”, Harvard Law and Economics Discussion Paper No. 626, (29 June 2009), accessed 12 April 2017 at SSRN: http://ssrn.com/abstract=1341939 and Lucian A Bebchuk, “Buying Troubled Assets” (2009) 26 Yale Journal on Regulation, 2009; Harvard Law and Economics Discussion Paper No. 636, (15 September 2009), accessed 12 April 2017 at SSRN: http://ssrn.com/abstract=1392808 8  Jennifer G Hill, “Why Did Australia Fare So Well in the Global Financial Crisis?” in The Regulatory Aftermath of The Global Financial Crisis, E Ferran, N Moloney, J G Hill, and J C Coffee, Jr., eds, Cambridge University Press, 2012, pp 203–300; Sydney Law School Research Paper No. 12/35, (20 May 2012), accessed 12 April 2017 at SSRN: http://ssrn.com/abstract=2063267 9  Institute of International Finance, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, Financial Services Industry Response to the Market Turmoil of 2007–2008, Washington, DC, July 2008, accessed 24 March 2017 at http://www.apec.org.au/docs/11_CON_GFC/IIF_Final_Report_of_the_Committee_on_Market_ Best_Practices.pdf (‘IIF Final Report 2008’), Appendix A, Analysis of Market Events: The Financial Stress and Its Key Features, pp 111–113; European Commission, The High-Level Group on Financial Supervision in the EU Chaired by Jacques de Larosière, Report of the de Larosière Group, Brussels, 25 February 2009, accessed 15 June 2017 at https://ec.europa.eu/internal_market/finances/docs/de_larosiere_report_en.pdf (‘de Larosière Report’), Chap. 1, pp  7–12; Grant Kirkpatrick, The Corporate Governance Lessons from the Financial Crisis, Report of the OECD Steering Group on Corporate Governance, 11 February 2009, Financial Market Trends, Vol 2009/1, ISSN 1995–2864, accessed 27 March 2017 at http://search.oecd.org/finance/financial-­ markets/42229620.pdf, (‘OECD Kirkpatrick Report 2009’), II. Background to the present situation, 4–5; Christopher M Bruner, “Corporate Governance Reform in a Time of Crisis” (2011) 36(2) Journal of Corporation Law 309; Washington & Lee Legal Studies Paper No. 2010–9, (30 May 2010), accessed 6 April 201at SSRN: http://ssrn.com/abstract=1617890, 312–316; Hussein Tarraf, “Literature Review on Corporate Governance and the Recent Financial Crisis” (27 December 2010), accessed 12 April 2017 at SSRN: http://ssrn.com/abstract=1731044, 3–4 and 6–7; Peter Yeoh, “Causes of the global financial crisis: Learning from the competing insights” (2010) 7(1) International Journal of Disclosure & Governance 42–69, (13 August 2009), accessed 8 April 2017 at http://web.b.ebscohost.com.proxy.library.adelaide.edu.au, 42–44 and William W Lang and Julapa Jagtiani, “The Mortgage and Financial Crises: The Role of Credit Risk Management and Corporate Governance”, Federal Reserve Bank of Philadelphia, accessed 10 April 2017 at http:// fic.wharton.upenn.edu/fic/papers/10/10-12.pdf, 4–8. 7

6.3  Securitisation of Mortgage-Backed Securities

75

controls on those two government-sponsored mortgage securitisation monoliths, opening the way for banks to move in on their “patch” with plenty of low income mortgages coming on stream; (3) the Basel II accord on international bank regulation was published and opened an arbitrage opportunity for banks that caused them to accelerate off-balance-sheet activity; and (4) the SEC agreed to allow investment banks (IB’s) voluntarily to benefit from regulation changes to manage their risk using capital calculations under the ‘consolidated supervised entities program’. (Prior to 2004 broker dealers were supervised by stringent rules allowing a 15:1 debt to net equity ratio. Under the new scheme investment banks could agree voluntarily to SEC consolidated oversight (not just broker dealer activities), but with less stringent rules that allowed them to increase their leverage ratio towards 40:1 in some cases.) The combination of these four changes in 2004 caused the banks to accelerate off-­ balance sheet mortgage securitisation as a key avenue to drive the revenue and the share price of banks.10

6.3 Securitisation of Mortgage-Backed Securities The securitized product activities of banks and financial firms are thus a recurring theme in the crisis. For Blundell-Wignall, Atkinson and Lee, there was a change in the banks’ business model. Securitisation was a way to grow revenue – which could be recognized “up-front” – and to grow return on capital and share prices: The business model for banks moved towards an equity culture with a focus on faster share price growth and earnings expansion during the 1990s. The previous model, based on balance sheets and old-fashioned spreads on loans, was not conducive to banks becoming “growth stocks”. So, the strategy switched more towards activity based on trading income and fees via securitisation which enabled banks to grow earnings while at the same time economising on capital by gaming the Basel system. Seen this way, the originate-to-­ distribute model and the securitisation process is not about risk spreading; rather it is a key part of the process to drive revenue, the return on capital and the share price higher. That is, it is more about increased risk taking, and up-front revenue recognition. Put another way, banking began to mix its traditional credit culture with an equity culture.11

Consequently, for the authors, compensation practices changed to increase the relative amount of bonuses on up-front revenue, options and share schemes all in the name of shareholder interest.12 Variable performance-based compensation – including equity and option compensation and bonuses – are also a recurring theme of the GFC and beyond and are examined in Part 4.

 Adrian Blundell-Wignall, Paul Atkinson and Se Hoon Lee, “The Current Financial Crisis: Causes and Policy Issues”, 2008, accessed 6 April 2017 at http://www.oecd.org/finance/financial-­ markets/41942872.pdf, 3–4 (footnote omitted and format altered). 11  Ibid, 5. 12  Ibid. 10

76

6  Key Questions and Core Failures in Bank Governance

6.4 Multiple Failures in Governance Variables in Banks During the GFC The approach of this Stage 2 Key Code and Advanced Handbook – like that used in Chapter 5 of Stage 1 in relation to the Enron and Hastie corporate collapses – will be to identify a wide range of themes and factors connected with the governance failures of banks in the financial crisis and beyond. The Key Code and Advanced Handbook will hone-in on those themes and factors which affect or confirm the existing governance variables of the relational approach and those which identify new bank-specific governance variables.

6.5 Overview of Multiple Governance Failures in Banks What is clear from commentator studies as well as governmental and market participant reports is that no one cause is identified. Instead multiple failures in the governance of banks and financial firms combined to cause the crisis as this section demonstrates. Looking ahead in this section, the underlying themes and tensions of the GFC that recur in commentator studies – including that of Sahlman in the introduction to this chapter – as well as governmental and market participant reports are: Incentives • incentives in compensation schemes and arrangements (Sahlman, Hopt, OECD): –– in particular, whether the structure, time horizon (short-term vs long-term) and amount of incentives led to excessive risk-taking (Sahlman, Kirkpatrick); and –– failure to match the strategy and risk appetite of the bank (Kirkpatrick); Corporate/Bank and Risk Culture • corporate culture of groups and individuals (Sahlman, BCBS Guidelines 2015): –– in particular, how culture affects incentives and controls (Sahlman); Technology • control and information technology (Sahlman); and • failures and inadequacies in computer risk modelling (Kirkpatrick); Boards • board structure/composition (Sahlman, Hopt); • board responsibilities, functions and processes (Hopt, OECD); • board independence emphasised at the expense of expertise (Hopt); and • ineffective board oversight (Kirkpatrick);

6.5  Overview of Multiple Governance Failures in Banks

77

Risk Identification, Assessment, Control/Management and Reporting • failures in risk management including internal controls (Hopt, Kirkpatrick, OECD): –– quality and status of those managing risk (Sahlman); –– in some cases, information identifying risks failed to be upwardly ‘escalated’ to reach the board or senior management (Kirkpatrick); –– risk management was activity or business unit based rather than across the entire bank organisation (Kirkpatrick); –– board failure to monitor strategy with appropriate metrics (Kirkpatrick); –– failures in disclosure of foreseeable risks and risk management systems (Kirkpatrick); and –– failings in risk identification, excessive leverage and underestimation on liquidity risks (Hopt); • complex and opaque bank structures – these exacerbated many of the other failures (Hopt); and • complexity and opaqueness in corporate reporting (Yeoh); Securitised Mortgage Products • complexity, risk and valuation of new derivatives products (Yeoh); and • excessive reliance on ratings agencies (Kirkpatrick, Yeoh); Bank Regulation • banking regulation which allowed banks to increase leverage (Yeoh); and • accounting and disclosure standards and regulatory rules (Kirkpatrick) including the measurement of economic profit and loss (Sahlman); and Shareholders • exercise of shareholder rights (OECD). These failures inform the structure of the Banks in the GFC and Beyond Key Field No 5 which culminates in the Australian Banking Royal Commission Inquiry into banking misconduct. The governance of incentives including bonuses, equity compensation, options and ‘enhanced benefits’ such as ‘golden parachutes’ is examined in Part 4. Board structure/composition, ownership structure, the responsibilities and processes of the board and bank and risk culture are examined in Part 5. The governance of risk – including risk identification, measurement, control/management and reporting – is examined in Part 6. The examination of the behaviour of ratings agencies will be examined – in overview – in relation to excessive reliance by banks on the ratings agencies rather than the conduct of ratings agencies themselves as ‘gate-keepers’. The exercise of (or failure to exercise) shareholder rights is beyond the scope of this Stage 2 Key Code and Advanced Handbook but will be examined in a proposed future stage. The governance failures are examined in more detail next.

78

6  Key Questions and Core Failures in Bank Governance

6.6 Failures Identified in Commentator Studies and Governmental and Market Participant Reports Incentives, Board Structure/Composition and Processes and Risk Management Hopt, for openers, identifies a wide range of factors in the crisis, each previously examined in Stage 1 outside the crisis setting – incentives, board structure and operational practices, risk management and internal controls: [W]hether failures in the corporate governance of banks were a major cause of the financial crisis is highly controversial. The fact is that there were wrong incentives inspired by compensation practices, deficiencies in board profile and practices (especially but not exclusively in state-owned banks), and risk management and internal control failures.13

Thus, these considerations contribute to the submission of this Key Code and Advanced Handbook that the Stage 1 analysis remains operative for the Stage 2 bank-specific analysis. Failures Exacerbated by Complex and Opaque Bank Structures For Hopt there was an exacerbating factor to these failures. The failures were “exacerbated by complex and opaque bank structures”.14 Independence Emphasised at the Expense of Expertise Again, for Hopt, the emphasis on director independence prior to the GFC has switched to expertise and qualifications for the sheer complexity of banking businesses.15 Weaknesses Leading to Excessive Risk-Taking Kirkpatrick, in a well-known report published by the OECD Steering Group on Corporate Governance, concluded that the financial crisis could be attributed to failures and weaknesses in corporate governance which did not “safeguard against excessive risk taking”.16 Thus, Kirkpatrick identified a number of weaknesses which failed to curb risk-taking. These included weaknesses and inadequacies in computer models, the failure to upwardly ‘escalate’ information about risk to the board or senior management and failure to monitor risk organization-wide. There were  Klaus J Hopt, “Corporate Governance of Banks after the Financial Crisis”, in E Wymeersch, K J Hopt, G Ferrarini, eds., Financial Regulation and Supervision, A post-crisis analysis, Oxford University Press 2012, pp 337–367; ECGI – Law Working Paper No. 181/2011, (29 August 2011), accessed 13 April 2017 at SSRN: http://ssrn.com/abstract=1918851, 3. 14  Klaus J Hopt, “Corporate Governance of Banks and Other Financial Institutions After the Financial Crisis”, (2013) 13(2) Journal of Corporate Law Studies 219–253 (Part B); “Corporate Governance of Banks after the Financial Crisis”, in E Wymeersch, K J Hopt and G Ferrarini, eds., Financial Regulation and Supervision, A post-crisis analysis, Oxford University Press 2012, pp 337–367 (Part A); ECGI – Law Working Paper No. 207. (1 April 2013), accessed 13 April 2017 at SSRN: http://ssrn.com/abstract=2212198, 12. 15  Ibid. 16  OECD Kirkpatrick Report 2009, above n 9, Main Conclusions, 2. 13

6.6  Failures Identified in Commentator Studies and Governmental and Market…

79

failures by the board to monitor strategy with appropriate metrics, failures in disclosure of risks and risk management systems and incentive structures that were not matched to bank strategy, risk appetite or the long-term interests of the bank.17 In Part 6, the Stage 2 relational approach will examine problems in risk management and internal control of banks. Hopt gives an overview of the problem – failings in risk identification, excessive leverage and underestimation on liquidity risks: …before the financial crisis three board failings concerning risk were found: the focus on the risk measurement at the expense of risk identification, the failure to check excessive leverage, and the gross underestimation of liquidity risks.18

Risk Management and Compensation Structures Encouraging High Risk Kirkpatrick identifies further significant failures to adhere to the OECD Principles – this time of risk management and compensation structures that encourage high risk taking – also relevant for non-financial firms: This article points to significant failures of risk management systems in some major financial institutions made worse by incentive systems that encouraged and rewarded high levels of risk taking. Since reviewing and guiding risk policy is a key function of the board, these deficiencies point to ineffective board oversight (principle VI.D). These concerns are also relevant for non-financial companies.19

But other problems – such as the actions of credit ratings agencies and failures in disclosure and accounting standards were more financial-firm-specific for Kirkpatrick.20 OECD Key Findings 2009 The OECD Key Findings 2009 identified four areas it considered linked to the governance failures of the GFC: • • • •

remuneration and incentive systems; risk management practices; the performance of boards; and the exercise of shareholder rights.21

Again, these considerations demonstrate that the Stage 1 analysis remains operative for Stage 2 banks (with shareholder empowerment to be considered in a proposed future stage).

 Ibid.  Hopt, above n 14, 11. 19  OECD Kirkpatrick Report 2009, above n 9, I.  Introduction, 3 (footnote omitted and emphasis added). 20  Ibid, I. Introduction, 3. 21  OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis: Key Findings and Main Messages, June 2009, approved for publication 29 May 2009, accessed 12 April 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/43056196. pdf, (‘OECD Key Findings 2009’), p 13. 17 18

80

6  Key Questions and Core Failures in Bank Governance

Excessive Reliance on Rating Agencies and Self-Regulatory Regulation For Yeoh, two causes to the crisis have received insufficient attention: This failure in turn is attributable to two insufficiently recognized causes, namely, the excessive reliance on a gatekeeper (or the credit rating agency) that succumbed to clientele pressure as a consequence of intense market pressures, and the drift towards more self-­ regulatory rules that induced banks to magnify leverage and curtailed diversification in response to competitive pressure.22

Thus, excessive reliance on ratings agencies (where, in effect, fees are paid to provide a rating) and self-regulatory rules in the banking sector which allowed banks to increase leverage are new to the analysis of the relational approach. Opaque Corporate Reporting In relation to banking sector governance, Yeoh saw the Bear Sterns case as “opaque corporate reporting”23 and that “[s]imilar bad corporate reporting practices occurred at Lehman Brothers”24: More important is the issue of whether management at Lehman was reasonably and proportionately transparent in its communications to investors and regulators.25

Thus, Lehman Brothers included a failure by management to be transparent which resounds with the Enron collapse in Stage 1. Complexity, Risk and Valuation of New Derivatives Products In the case of AIG, Yeoh identified its move from its traditional insurance business to the unknown complexities and extreme risks of derivatives business: It should be clear enough from insights gained thereafter that AIG diversified out of its historically viable and steady core insurance business to the more profitable but highly risky and toxic derivatives business without providing ample safeguards. Like the other market participants, AIG under-estimated the complexity and extreme risks associated with such newly developed financial innovations. When warnings were articulated by the internal and external auditors about the reasonableness of its valuation methods adopted for these derivatives, the company was probably caught way too deep and was probably buying time for events to change.26

Thus, the explosion in new derivative product business identified in Sect. 6.3 above – not just for AIG – is new to the relational approach for Stage 2 banks. Significant Causes Combined with Distinguishing Features of Banks Thus, there is a long list of suggested causes and influences that will be investigated in the remaining chapters of this Key Code and Advanced Handbook. What is significant for the relational approach is to examine the behaviour and failures of Stage 1 and new Stage 2 bank-specific governance variables in the GFC and beyond to

 Yeoh, above n 9, 52.  Ibid, 55. 24  Ibid. 25  Ibid, 56. 26  Ibid. 22 23

6.6  Failures Identified in Commentator Studies and Governmental and Market…

81

determine how they affect (in direction and relative strength/importance) the long-­ term efficiency and survival/sustainability of the for-profit bank. These causes, in isolation or as a slate of causes, while operative in the crisis and beyond, do not alone determine the behaviour of governance variables. What is significant in determining this behaviour and its extent, it is submitted, is the combination of these causes and the distinguishing features of banks and financial firms compared to non-financial firms. It is to these distinguishing features that the next Chap. 7 turns.

Chapter 7

Distinguishing Features of Banks for the Relational Approach

Abstract  Chapter 7 of the Stage 2 Key Code and Advanced Handbook examines the distinguishing feature of banks in the relational approach. We open by examining the similarities and differences with the Enron collapse examined in detail in Stage 1. Then the distinguishing features of banks are examined in detail  – the maturity of debt, liquidity, leverage and the interconnectedness of banks. There follows a review of deposit insurance, government bailout and risk-taking including Hopt’s risk-taking and free-riding and the recognition that depositors are stakeholders in banks. Systemic risk is then examined including the EC’s ‘domino effect’ and differing risk preferences for shareholders and depositors. Conflicts of Interest are identified and the perceived weaknesses in governance codes. The chapter concludes with the recognition that specific governance variables for the distinguishing features of banks and specialised bank regulation are needed to introduce the [BankPrudReg] (+) variable for banks – the regulatory, prudential and supervisory regime. Also proposed are bank-specific governance variables for deposit insurance, bailout and the effects of risk-taking, maturity transformation, liquidity and risk management. Keywords  Distinguishing features of banks · Maturity of debt · Liquidity · Leverage · Interconnectedness of banks · Deposit insurance · Government bailout · Risk-taking · Systemic risk · Governance variables for distinguishing features Of course, much of the GFC is explained in terms of the behaviour of banks and financial firms. After all, it was a financial crisis. Accordingly, in this Key Code and Advanced Handbook, much of the spotlight will be on the governance failures of banks and financial firms during the financial crisis. But the governance of financial firms alone is not the sole focus of the relational corporate governance approach. In this Key Field, bank and financial firm-specific failures will be highlighted. For the future will be to determine which of the governance failures of banks and financial firms should be transposed to non-banks and non-financial firms.

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_7

83

84

7  Distinguishing Features of Banks for the Relational Approach

7.1 Similarities and Differences with the Enron Collapse For Nordberg, there were some “eerie similarities” to the Enron collapse: Both involved hyperactive financial intermediaries. Both involved use of new instruments of finance to offload risk, and in particular the use of off-balance sheet entities to disguise (in the case of Enron) or just “distribute” (in the case of subprime CDOs) the risk. The accountants at Arthur Andersen, like others in the profession, pursued a business model using one set of fees  – audit  – to accelerate another  – consultancy. The subprime crisis involved banks using one set of fees – mortgage origination – to accelerate another – distribution – and with the added element that their capital would then be free to originate again, and distribute again, and again and again… If we compare Enron and the Sarbox response with the root causes of the subprime crisis, interesting lessons emerge….Many of the failings that we saw in Enron – the use of creative accounting through off-balance vehicles and the excessive faith in the modelling of market responses to complex financial instruments – recur in the subprime world.1

Thus, distinguishing features of note for Stage 2  in particular are the role of financial intermediaries, new financial instruments, off-balance-sheet vehicles, the use of one set of fees (mortgage origination) to “accelerate” another (distribution) and the extensive use of modelling. Other similarities abound for Nordberg. These other similarities included: • “Stock options based remuneration”; • “Use of derivatives to create structured products”; • “Creation of special purpose vehicles to take structured products off-­ balance sheet”; • “Deceptive reporting of ownership of SPEs, allowing it to avoid consolidation of accounts”; • “Use by SPEs of Enron stock and financial guarantees as collateral for hedges on illiquid investments, thus defeating the purpose of the hedge” – compared to, for the GFC, “distribution of debt instruments freed capital for repeated lending”; • “Write-downs of other assets, including telecommunications networks” – compared to, for the GFC, “write-downs eventually forced the collapse of Bear Stearns [and] need for recapitalization among other investment banks”; • “related party transactions”; and • “Fund managers misled by financial statements” – compared to, for the GFC, “fund managers misled by expert guidance on risk modelling”.2

 Donald Nordberg, “Waste Makes Haste: Sarbanes-Oxley, Competitiveness and the Subprime Crisis”, (10 May 10, 2008), accessed 3 April 2017 at SSRN: http://ssrn.com/abstract=1131674, 20–22 (reference to table omitted). 2  Ibid, Table 4, Enron and subprime compared, 22 (table format removed and bullet-points added). 1

7.2  Maturity of Debt, Liquidity, Leverage and the Interconnectedness of Banks

85

For Cheffins, however, there were some significant differences. Cheffins examines governance failures in the GFC by examining Factiva, a Dow Jones news database, in relation to 37 firms removed from the S&P 500 Index3: In contrast with the corporate governance scandals occurring at the beginning of the 2000s, even companies that were under considerable financial stress were largely fraud-free. Boards of directors generally performed satisfactorily enough to avoid public criticism and directors of troubled companies were not merely sitting on their hands, as CEO turnover greatly exceeded the norm. With respect to executive pay, once the financials are taken out of the equation, the arrangements in place generated little controversy. Finally, while mutual funds and pension funds were largely mute, a few hedge funds persevered with their particular brand of shareholder activism under what were far from optimal conditions.4

Thus, for Cheffins, Stage 2 bank collapses in the GFC were different to the Stage 15 Enron-like collapses as being “largely fraud-free”, that financial firms were criticised much more than any other sector, including in relation to executive pay,6 and CEO turnover was significantly up.

7.2 Maturity of Debt, Liquidity, Leverage and the Interconnectedness of Banks Turning to the distinguishing features of banks and financial firms themselves, there are for Hopt a number of features or elements not previously examined in the relational approach: There is vast practical experience and economic literature describing the special case of banks and the consequences for the regulation and supervision of banks as a regulated sector in contrast to normal firms. In a nutshell: What is unique for banks is the liquidity risk since they are involved in borrowing short and lending long (maturity transformation), combined with other risks arising from this, such as reputational risk and, finally, systemic risk. Public trust and confidence are the very essence of banking.7

 Brian R Cheffins, “Did Corporate Governance ‘Fail’ During the 2008 Stock Market Meltdown? The Case of the S&P 500” ECGI – Law Working Paper No. 124/2009, (1 May 2009), accessed 13 April 2017 at SSRN: http://ssrn.com/abstract=1396126, 1. 4  Ibid. 5  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 6  Cheffins, above n 3, 2. 7  Klaus J Hopt, “Corporate Governance of Banks and Other Financial Institutions After the Financial Crisis”, (2013) 13(2) Journal of Corporate Law Studies 219–253 (Part B); “Corporate Governance of Banks after the Financial Crisis”, in E Wymeersch, K J Hopt and G Ferrarini, eds., 3

86

7  Distinguishing Features of Banks for the Relational Approach

Thus, the maturity of bank debt (banks borrow ‘short’ funds from customers and lend ‘long’ known as ‘maturity transformation’), reputational risk and systemic risk are new to the relational approach (systemic risk is discussed in Sect. 7.4 of this Chap. 7 below). Returning to maturity transformation, this aspect is also highlighted by Mülbert.8 The author explains the banks’ consequent dependence on continuous access to liquidity which was cut-off for all banks during the crisis and required government intervention as well as revision of liquidity risk management practices: [T]he existence of banks depends crucially on uninterrupted continuous access to liquidity, be it deposits, short-term funding on the interbank market, funding on secured financing markets or funding from a central bank as the liquidity provider of last resort. The importance of banks’ access to liquidity was forcefully demonstrated in the financial crisis when all possible sources of liquidity dried up at the same time for all banks in (most) Western countries and central banks had to intervene to prevent a collapse of the banking systems in the countries affected. Hence, for regulators, one of the important lessons of the crisis is to provide for more demanding prudential regulation pertaining to banks’ liquidity risk and its management.9

Next for Mülbert is the high leverage of banks: Second, banks are highly leveraged institutions. Banks are compensated for accepting a maturity mismatch by a premium charged to creditors, i.e., a bank’s creditors have to pay a higher interest rate than the bank pays for its refinancing. Hence, ceteris paribus, a bank’s profit increases directly in proportion with the volume of lending to creditors. The upper bound for an increase in lending is derived from the marginal cost of a bank’s refinancing, given that an increase of the bank’s leverage will increase its probability of default, and depositors as well as other debtholders will demand a higher risk premium as compensation for the higher risk of insolvency, and from minimum capital requirements provided for by prudential regulation.10

Another aspect highlighted by Mülbert is the interconnectedness of banks. They are competitors but are also each other’s major business partners – including activities on the interbank, OTC derivates and foreign exchange markets – giving rise to counterparty risk and, in addition, the risk that a bank’s problems will spread to other banks.11

Financial Regulation and Supervision, A post-crisis analysis, Oxford University Press 2012, pp 337–367 (Part A); ECGI – Law Working Paper No. 207. (1 April 2013), accessed 13 April 2017 at SSRN: http://ssrn.com/abstract=2212198, 4 (footnotes omitted). 8  Peter O Mülbert, “Corporate Governance of Banks after the Financial Crisis – Theory, Evidence, Reforms”, ECGI  – Law Working Paper No. 130/2009, (April 2010), accessed 8 April 2017 at SSRN: https://ssrn.com/abstract=1448118 9  Ibid, 10 (footnote omitted). 10  Ibid. 11  Ibid.

7.3  Deposit Insurance, Government Bailout and Risk-Taking

87

7.3 Deposit Insurance, Government Bailout and Risk-Taking Hopt’s Risk-Taking and Free-Riding There are some further aspects of corporate governance in the financial crisis which – like the previous features – were not examined in the Stage 1 relational approach. In particular, there is the presence of deposit insurance and government bailout. For Hopt there is a balance – these increase risk-taking and free-riding, yet he believes these are essential for protection of depositors and curing systemic risk.12 For Tung and Wang, too, deposit insurance increases risk taking and requires prudential regulation to curb: Unlike industrial firms and even other financial institutions, commercial banks enjoy deposit insurance —an explicit government guarantee that covers substantial portions of their liabilities. The resulting moral hazard requires that banks be subject to a comprehensive framework of prudential regulation, whose principal goal is to constrain bank risk taking.13

For Bruner, deposit insurance gives depositors little incentive to monitor banks while bank shareholders “strongly prefer” risk taking due to reliance on limited liability and, again, deposit insurance.14 By contrast, governments have a high interest in monitoring  – to overcome moral hazard  – which, again, is accomplished through bank regulation and supervision, a continuing theme of this Stage 2: Deposit insurance itself, however, gives rise to an equal and opposite problem insufficient incentive to monitor risk exposure. Unlike typical corporate creditors, depositors secure in the knowledge that deposits are guaranteed by the government have little reason to concern themselves with how the bank is managed. Bank shareholders, for their part, strongly prefer risk-taking because, due to limited liability and deposit insurance, they can capture the entire upside while avoiding much of the downside. Governments, as the principal creditors of insured banks, would seem to have ample incentive to monitor, and have indeed imposed supervisory regimes and regulatory capital requirements to address the moral hazard problem created by deposit insurance.15

Thus, the views of authors in this section suggest to this Key Code and Advanced Handbook that there is a balance or weighing required. A system underscored by free-riding for depositors and risk-taking by shareholders must be balanced by the regulation and supervision of banks. For the relational approach, when this equation

 Klaus J Hopt, “Corporate Governance of Banks after the Financial Crisis”, in E Wymeersch, K J Hopt, G Ferrarini, eds., Financial Regulation and Supervision, A post-crisis analysis, Oxford University Press 2012, pp 337–367; ECGI – Law Working Paper No. 181/2011, (29 August 2011), accessed 13 April 2017 at SSRN: http://ssrn.com/abstract=1918851, 4. 13  Frederick Tung and Xue Wang, “Bank CEOs, Inside Debt Compensation, and the Global Financial Crisis”, Boston Univ. School of Law Working Paper No. 11–49, (11 December 2012), accessed 3 April 2017 at SSRN: http://ssrn.com/abstract=1570161, 1–2. 14  Christopher M Bruner, “Corporate Governance Reform in a Time of Crisis” (2011) 36(2) Journal of Corporation Law 309; Washington & Lee Legal Studies Paper No. 2010–9, (30 May 2010), accessed 6 April 201at SSRN: http://ssrn.com/abstract=1617890, 312. 15  Ibid. 12

7  Distinguishing Features of Banks for the Relational Approach

88

is out of balance is when the conditions for systemic risk failure described in Sect. 7.4 below are heightened as the GFC demonstrates. Depositors are Stakeholders in Banks Given the problems of risk-taking and free-riding, Hopt therefore recognizes good corporate governance as an important part of protecting bank savings depositors. In terms of the relational approach in Stage 1 – particularly ‘Stakeholders Factor No 6 Identification, Participation and Protection of Stakeholder Interests’16 – this is an interest of stakeholders beyond the bank’s shareholders: Since the financial crisis, the insight that banks have special corporate governance problems has gained momentum rather quickly. For the bank supervisory authorities, it has long been obvious that they should consider corporate governance as part of depositor protection (internal governance).17

Indeed, the Basel Committee on Banking Supervision (BCBS) explains that the primary objective of corporate governance for banks should be depositors’ interests even over the shareholders’ interests: The primary objective of corporate governance should be safeguarding stakeholders’ interest in conformity with public interest on a sustainable basis. Among stakeholders, particularly with respect to retail banks, shareholders’ interest would be secondary to depositors’ interest.18

And the interests of depositors are emphasised early in the BCBS Guidelines 2015. Paragraph 3 provides that corporate governance determines: [T]he allocation of authority and responsibilities by which the business and affairs of a bank are carried out by its board and senior management, including how they: • • • •

set the bank’s strategy and objectives; select and oversee personnel; operate the bank’s business on a day-to-day basis; protect the interests of depositors, meet shareholder obligations, and take into account the interests of other recognised stakeholders; • align corporate culture, corporate activities and behaviour with the expectation that the bank will operate in a safe and sound manner, with integrity and in compliance with applicable laws and regulations; and • establish control functions.19

Thus, again for the relational approach, a balancing or weighing is required. This time, the interests of depositors in the safeguarding of their deposits long-term must be weighed against the interests of shareholders in risk-taking to increase profitability and the share price.

 See the discussion in sections 2.6.1–2.6.8 of Stage 1, above n 5, pp 36–62 for the construction of the eight governance factors. 17  Hopt, above n 7, 5 (footnote omitted). 18  The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’), Para 2, p 3. 19  Ibid, Para 3, p 3 (emphasis added). 16

7.4  Systemic Risk

89

But, as stated above, this is not new to the relational approach. Stakeholders Factor No 620 already calls for a weighing of the interests of shareholders against the interests of non-shareholder stakeholders. In addition, the ‘Positional Conflict Axis No 3’ of the ‘three relational axes of good governance’21 weighs the interests of internal stakeholders (board, CEO and management) and external stakeholders (including for this discussion the interests of shareholders). But what is in point here is a positional conflict between external stakeholders inter se. Again, the GFC saw these equations significantly out of balance.

7.4 Systemic Risk Systemic Risk – The EC’s ‘Domino Effect’ The quote from Hopt in Sect. 7.2 above of this Chap. 7 also recognizes that banking firms are an example of ‘systemic’ risk – a bank’s failure (which causes it to suspend lending activities) can cause other banks dependent on the first bank’s credit to fail as well as non-bank customers of the bank.22 Indeed, for the BCBS, oversight of risk is one of the primary objectives of board supervision: One of the primary objectives of this revision is to explicitly reinforce the collective oversight and risk governance responsibilities of the board. Another important objective is to emphasise key components of risk governance such as risk culture, risk appetite and their relationship to a bank’s risk capacity. The revised guidance also delineates the specific roles of the board, board risk committees, senior management and the control functions, including the CRO and internal audit. Another key emphasis is strengthening banks’ overall checks and balances.23

The European Commission (EC) calls systemic risk the ‘domino effect’ which, on account of government bailouts, makes taxpayers a stakeholder in long-term bank governance: Due to the nature of their activities and interdependencies within the financial system, the bankruptcy of a financial institution, particularly a bank, can cause a domino effect, leading to the bankruptcy of other financial institutions. This can lead to an immediate contraction of credit and the start of an economic crisis due to lack of financing, as the recent financial crisis demonstrated. This systemic risk led governments to shore up the financial sector

 See the discussion in section 2.6.6 of Stage 1, above n 5, pp 47–54 for the construction of the Stakeholders Factor No 6: Identification, Participation and Protection of Stakeholder Interests. 21  See the discussion in sections 2.3.1–2.3.3 of Stage 1, above n 5, pp 28–31 for the construction of the ‘three relational axes of good governance’. 22  See also David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www. hm-treasury.gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), Para 1.23, p 30. 23  BCBS Guidelines 2015, above n 18, Para 11, p 4. 20

90

7  Distinguishing Features of Banks for the Relational Approach with public funding. As a result, taxpayers are inevitably stakeholders in the running of financial institutions, with the goal of financial stability and long-term economic growth.24

Thus, this quotation shows that systemic risk failure is very contagious. The bankruptcy or failure of a financial institution may cause a reduction in available credit between the financial institutions themselves causing further bankruptcy/failure. This shortage of credit then spreads to non-bank customers. Differing Risk Preferences for Shareholders and Depositors As noted above in Sect. 7.3 of this Chap. 7, both shareholders and depositors have little incentive to monitor banks on account of deposit insurance and government bailout. But this does not mean that they have the same risk preference. For the EC, depositors on the one hand and shareholders on the other, have different risk preferences. Shareholders want share price rises and so favour higher risk while depositors want their debts repaid in the long-term and so favour much lower risk: Shareholders benefit from a rise in the share price and maximisation of profits in the short term and are potentially less interested in too low a level of risk. For their part, depositors and other creditors are focused only on a financial institution’s ability to repay their deposits and other mature debts, and thus on its long-term viability. As a result, depositors can be expected to favour a very low level of risk.25

Thus, the effect of shareholder preferences for higher risk in combination with compensation incentive schemes based on rewarding executives (and higher-level employees) for short-term share price rises are features of bonus, equity and option variable compensation examined in Part 4 below.26

7.5 Conflicts of Interest Conflicts of interest in financial firms are not unique. But, in a number of ways, it may be magnified. The EC saw the GFC as a result of conflicts of interests within financial institutions  – in particular, in relation to exercising the “incompatible” roles of investment advisor, fund manager, investing for itself and in holding different mandates from different clients/institutions.27 In addition, there could be conflicts between financial institutions and their shareholders in the case of cross-shareholdings or in the business networks between investors and holding companies.28  European Commission, Green Paper, Corporate Governance in Financial Institutions and Remuneration Policies, COM(2010) 284 final, Brussels, 2 June 2010, accessed 23 March 2017 at http://www.ecgi.org/commission/documents/green_paper_com2010_284_en.pdf (‘EC Green Paper 2010’), section 2, p 4. 25  Ibid. 26  See discussion in Sect. 16.1 of Chap. 16 below. 27  EC Green Paper 2010, above n 24, section 3.1, p 5. 28  Ibid. 24

7.7  Summary – Governance Variables for Distinguishing Features and Bank…

91

7.6 Perceived Weaknesses in Governance Codes Of value to the relational approach, the EC also pointed to certain theories about weakness in the application of governance codes and principles of the type examined in Chapter 6 of Stage 1  in ‘Key Field No 3  – Comparative Corporate Governance Codes’:29 • the existing principles are too broad in scope and are not sufficiently precise. As a result, they gave financial institutions too much scope for interpretation...; • the lack of a clear allocation of roles and responsibilities with regard to implementing the principles, within both the financial institution and the supervisory authority; [and] • the non-binding nature of corporate enterprise principles…30

The governance variables of this Stage 2 bank-specific Key Code and Advanced Handbook are submitted in remediation of these perceived problems. Thus, they provide much less “wriggle-room” for Stage 2 Australian banks.

7.7 Summary – Governance Variables for Distinguishing Features and Bank Regulation Are Needed Thus, for the relational approach and Model, what the discussion in Sects. 7.2–7.4 of this Chap. 7 shows is that the system of bank prudential and supervisory regulation is an ingredient additional to the national shareholder protection regime operative for both banks and non-banks in Stage 1. In Stage 1, the governance variable representing the National Governance/Shareholder Protection Regime is [NationGov*] (+) with a coverage/rating of +8/100.00 rprox in the Coverage Table (Stage 1, Table 3.1) and Relational Proximity Table (Stage 1, Table 3.2).31 In this bank-specific Stage 2 for Australian banks, the [NationGov*] (+) variable remains operative. But the discussion in Sect. 28.10 of Chap. 28 below suggests that the operation of this variable may be suspended or of no effect in crisis times. Hence, the [NationGov*] (+) variable in Stage 2 (unlike Stage 1) is marked with an asterix (*) to denote this possibility. The [BankPrudReg] (+) variable – banks – regulatory, prudential and supervisory regime What is additional in the field of regulation is the regime of bank prudential regulation and supervision. Again, as the discussion in Sects. 7.2–7.4 of this Chap. 7 demonstrates, a variable for the bank prudential and supervisory regime is suggested for counteracting or accommodating the distinguishing features of:

 Stage 1, above n 5, pp 143–186.  EC Green Paper 2010, above n 24, section 3.2, p 6. 31  See discussion of the construction of the [NationGov] + variable in sections 7.3.1.3–7.3.1.3.2 of Stage 1, above n 5, pp 202–6. 29 30

92

7  Distinguishing Features of Banks for the Relational Approach

• the maturity of debt and the liquidity, leverage and interconnectedness of banks (7.2); • deposit insurance, government bailout, risk-taking by shareholders and free-­ riding by depositors (7.3); • the position of depositors as stakeholders in banks (7.3); and • systemic risk including the different risk preferences of shareholders and depositors (7.4). Thus, the new Stage 2 bank-specific governance variable representing the additional bank-specific regulation is: • [BankPrudReg] (+) – Banks – Regulatory, Prudential and Supervisory Regime. This variable represents the bank prudential and supervisory regime. Its relational effect path is identical to the relational effect path of the [NationGov*] (+) variable discussed in Sect. 7.3.1.3 and 7.3.1.3.2 of Stage 1.32 The [NationGov*] (+) variable represents the national shareholder protection regime and affects all eight governance factors. Thus, the [NationGov*] (+) variable has a coverage/rating of +8/100.00 rprox in the Coverage Table (Table  3.1 of Stage 1) and the Relational Proximity Table (Table 3.2 of Stage 1). This gives rise to a coverage/rating of +8/100.00 rprox in the single Bank Combined Coverage and Relational Proximity Table (Table 10.2 below) for the [BankPrudReg] (+) variable in this Stage 2 for Australian banks. Deposit Insurance, Bailout and the Effects of Risk-Taking On the other side of the coin, two governance variables reflecting the combination of variable performance-based compensation and the distinguishing features of banks set out above are set out in Sect. 11.7 of Chap. 11 of this Stage 2: • Banks – Deposit Insurance – Effects of Risk-Taking – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure  – [BankDepInsure] (−) in Sect. 11.7 (relational effect path)33; and • Banks – Government Bailout – Effects of Risk-Taking – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure – [BankGovBail] (−) in Sect. 11.7 (relational effect path).34 Maturity Transformation, Liquidity and Risk Management Still on the other side of the coin, new governance variables combining risk management and, again, the distinguishing features of banks are also set out in the Part 5 examination of board characteristics, committees, independence, expertise and bank and risk culture:

 See discussion in sections 7.3.1.3–7.3.1.3.2 of Stage 1, above n 5, pp 202–206.  See discussion in Sect. 11.7 (relational effect path) of Chap. 11 of this Stage 2 below. 34  Ibid. 32 33

7.7  Summary – Governance Variables for Distinguishing Features and Bank Regulati…

93

• the variables representing the ‘maturity transformation’ of bank debt  – banks borrow short from depositors and lend long to customers requiring a continuous supply of liquidity – [BankDebtTransRisk] (−)35 and [BankLiqRisk] (−)36; • a high level of bank leverage – [BankHighLevRisk] (−)37; • a high level of interconnectedness of banks – [BankConnect] (−)38; and • a high level of systemic risk – [BankSystRisk] (−).39 As demonstrated in Sects. 7.2–7.4 of this Chap. 7 above, a balancing or weighing is required. Thus, these negative (−) direction governance variables and the positive (+) direction [BankPrudReg] (+) variable form the relational approach and Model’s translation of the balancing equations dictated by the distinguishing governance features of banks and financial firms examined above. Again, the relational effect paths of these governance variables are identified in Part 5’s examination of board characteristics, committees, independence, expertise and bank and risk culture.

 See discussion in Sect. 28.3 (relational effect path) of Chap. 28 of this Stage 2 below.  Ibid. 37  See discussion in Sect. 28.2 (relational effect path) of Chap. 28 of this Stage 2 below. 38  See discussion in Sect. 28.4 (relational effect path) of Chap. 28 of this Stage 2 below. 39  See discussion in Sect. 28.5 (relational effect path) of Chap. 28 of this Stage 2 below. 35 36

Chapter 8

Maximising the ‘Default Standard’ of Shareholder Value

Abstract Chapter 8 of the Stage 2 Key Code and Advanced Handbook for Australian major banks examines the merits of maximising the ‘default standard’ of shareholder value. It asks “should the shareholder wealth-maximisation principle apply to banks and financial firms?” The discussion identifies that the market for corporate control may be weaker for banks than non-banks. We review the shareholder wealth maximisation principle and the short-term share price touching upon agency theory, shareholder primacy and the shareholder-wealth maximization principle. We ask whether the shareholder wealth-maximization principle exacerbated the severity of the financial crisis? We identify that, in the GFC, conservative risk strategies led to better survival outcomes in the crisis and we highlight the short-­ term danger of the emphasis on quarterly results. Keywords  Default standard · Shareholder value · Shareholder-wealth maximisation principle · Market for corporate control · Agency theory · Shareholder primacy · Severity of GFC · Risk strategies · Quarterly results

8.1 Should the Shareholder Wealth-Maximisation Principle Apply to Banks and Financial Firms? In the following chapters of this Key Code and Advanced Handbook, we will examine governance variables – existing and new Stage 2 bank-specific variables – relating to variable bonus, equity and option compensation (Part 4), board composition/ structure and processes, bank ownership and bank and risk culture (Part 5) and the governance and management of risk (Part 6). In creating the existing Stage 11 governance variables, the discussion in Chapter 4 of Stage 1 examined ‘Key Field No. 1  – The Application of the Principal

1  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’).

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_8

95

96

8  Maximising the ‘Default Standard’ of Shareholder Value

Theories of the Firm to the Relational Approach’. In particular, Chapter 4 of Stage 1 depicted how the relational approach seeks to complement and add explanatory power to the existing principal ‘law and economics’ theories and models of the firm – the nexus of contracts, agency theory, the shareholder primacy model, the stakeholder model and the director primacy model. Thus, Key Field No 1 underpins the theoretical framework of the relational approach, the structure of its principal components and the operation of its existing governance variables. So, given the distinguishing features of banks and final institutions examined in Chap. 7 above, are there any governance theories, principles or practices from Key Field No 1 which should be compensated for, altered or removed altogether? This is examined next.

8.2 The Market for Corporate Control May Be Weaker In sections 1.2.2 and 4.2.2 of Stage 1, the relational approach explained that the market for corporate control is a component of the efficient market hypothesis which itself assumes that all the publicly-available information relating to a company is reflected in the share price.2 But for Hopt, the market for corporate control for many banks is underdeveloped, particularly in Europe: In theory, the market for corporate control is the most important external control mechanism that disciplines management. Bad performance will result in lower share price and make takeovers cheaper and more probable, with the result that the old management risks being replaced if the takeover is successful. Yet the takeover markets are not well developed in many European countries. The takeover market for banks is especially weak and cannot be trusted to be a major disciplining force in bank corporate governance.3

Thus, such a weakness in the market-disciplining mechanism of the market for corporate control calls for a need of a ‘substitution effect’. As noted in section For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 2  Frank H Easterbrook and Daniel R Fischel, “The Corporate Contract” (1989) 89 Colum L Rev 1416, 1430–1 and Lawrence A Cunningham, “Behavioral Finance and Investor Governance” (2002) 59 Washington & Lee Law Review 767, accessed 14 April 2017 at SSRN: http://ssrn.com/ abstract=255778, 3. The author cites Donald C Langevoort, “Theories, Assumptions and Securities Regulation: Market Efficiency Revisited” (1992) 140 U Pa L Rev 85. See also, Eugene F Fama, Michael C Jensen, Lawrence Fisher and Richard Roll, “The Adjustment of Stock Prices to New Information” (1969) 10 International Economic Review 1–22, accessed 14 April 2017 at SSRN: http://ssrn.com/abstract=321524 3  Klaus J Hopt, “Corporate Governance of Banks and Other Financial Institutions After the Financial Crisis”, (2013) 13(2) Journal of Corporate Law Studies 219–253 (Part B); “Corporate Governance of Banks after the Financial Crisis”, in E Wymeersch, K J Hopt and G Ferrarini, eds., Financial Regulation and Supervision, A post-crisis analysis, Oxford University Press 2012, pp. 337–367 (Part A); ECGI – Law Working Paper No. 207. (1 April 2013), accessed 13 April 2017 at SSRN: http://ssrn.com/abstract=2212198, 9 (footnotes omitted).

8.3  The Shareholder Wealth-Maximisation Principle and the Short-Term Share Price

97

7.3.1.3.1 of Stage 1, additional internal or firm-level governance variables can – and are required to – compensate for weaknesses in external mechanisms such as the shareholder protection regime in low shareholder protection jurisdictions.4 In this case, the relational approach will submit new Stage 2 bank-specific governance variables as arising in Parts 3–6 to compensate for the perceived weakness in the market for corporate control.

8.3 The Shareholder Wealth-Maximisation Principle and the Short-Term Share Price Agency Theory, Shareholder Primacy and the Shareholder-Wealth Maximization Principle Further, in section 4.3.2 of Stage 1, in the shareholder primacy model of corporate governance, the shareholders are the only residual claimants.5 At this point, the shareholder wealth-maximisation principle aligns the interests of shareholders and managers as explained in section 4.3.2.1 again of Stage 1. And throughout the relational approach in Stage 1, firm value/share price, firm operating performance/profit and/or the likelihood of earnings manipulation or ‘management’ were used, among others, as proxies for shareholder wealth or welfare.6 De Graaf and Williams distinguish agency theory as espoused by economists from the strict meaning of an ‘agent’ in agency law.7 For economists, the ‘principal’ includes the shareholders themselves. But this may not be the case with other applications of agency, such as the concept in company law where the company, itself a separate legal entity, is principal.8

 V Bruno and Stijn Claessens, “Corporate Governance and Regulation: Can There Be Too Much of a Good Thing?” (March 1, 2007), World Bank Policy Research Working Paper No 4140, accessed 14 April 2017 at SSRN: http://ssrn.com/abstract=964802, 4. 5  Gerard J Charreaux, “Corporate Governance Theories: From Micro Theories to National Systems Theories” (January 2004), Universite de Bourgogne Fargo Working Paper No. 1040101, accessed 14 April 2017 at SSRN: http://ssrn.com/abstract=486522, 8 and Amir N Licht, “The Maximands of Corporate Governance: A Theory of Values and Cognitive Style” (November 2003), ECGI – Law Working Paper No. 16/2003, accessed 14 April 201 at SSRN: http://ssrn.com/abstract=469801 and (2004) 29(3) Delaware Journal of Corporate Law 649–746, accessed 14 April 2017 at SSRN: http://ssrn.com/abstract=764025, 4. 6  See, for example, Empirical studies Key Field No. 4 – Empirical studies of the effectiveness of governance variables Parts 1–4 in Chapters 7–10 of Stage 1, above n 1. 7  Frank Jan De Graaf and Cynthia A Williams, The intellectual foundations of the global financial crisis (2009) 32(2) UNSWLJ 390–415, accessed 8 April 2017 at http://www.unswlawjournal.unsw. edu.au/sites/default/files/27_jan_de_graaf_2009.pdf 8  Ibid, 403 (footnote omitted). The authors cite Michael C Jensen and William H Meckling, ‘Theory of the Firm: Managerial Behavior, Agency Costs and Ownership Structure’ (1976) 3(4) Journal of Financial Economics 305 and Eugene F Fama, ‘Agency Problems and the Theory of the Firm’ (1980) 88 Journal of Political Economics 288. 4

98

8  Maximising the ‘Default Standard’ of Shareholder Value

But the authors cite Fama to question whether the shareholders are indeed the residual claimants of the corporation and, consequently, whether this concept should in fact be sufficient to justify shareholder primacy as the dominant principle: Fama also recognised that fully diversified shareholders do not have ‘a special interest in [any one firm’s] viability,’ even though they are residual claimants, since – unlike labour and management  – shareholders can ‘shift among teams [firms] with relatively low ­transaction costs and to hedge against the failings of any given team by diversifying their holdings across teams.’ Yet, shareholders’ ‘ownership’ status, and/or position as residual claimants, have been the rationales for ‘shareholder primacy’ corporate governance theories.9

The authors conclude their appraisal of the shareholder primacy principle by explaining that it has not distinguished between short-term interests of fully-­ diversified shareholders and the long-term sustainability of the company and economies, a problem exposed by the financial crisis: Moreover, the emphasis on shareholders as residual claimants has not distinguished the short-term financial interests of fully-diversified portfolio investors from the long-term financial interests of stable, sustainable operating companies and economies. If markets promote fundamental value efficiency and the intelligent allocation of capital, there should be no difference between the short-term and long-term perspectives. But as recent events and evaluations have shown, markets are not operating in this way.10

Armour and Gordon’s solution is to suggest that the shareholder value-­ maximization principle be relaxed for such financial firms to avoid systemic risk to those other banks and non-financial firms as occurred during the crisis.11 In short, the authors submit that relaxing the shareholder wealth-maximisation principle will not increase agency costs in the case of systemic risks because financial firm diversified shareholders would not want bank managers to cause systemic failures (externalities) to the financial system.12 Thus, in such cases of systemic risk, financial firm managers should not seek to maximize profits and consequently the share price.13 The authors suggest director and officer liability rules should be imposed which make managers of financial firms more risk averse at such times, this being achieved by a derivative action for breach of the duty of care (i.e., negligence) owed to the firm – and in the favour of the firm – triggered whenever there are significant losses

 De Graaf and Williams, above n 7, 404 (footnote omitted). The authors cite Eugene Fama, ‘The Disciplining of Corporate Managers’ (Selected Paper No 56, Graduate School of Business University of Chicago, 1980), 4. 10  Ibid, 404. 11  John Armour and Jeffrey N Gordon, “Systemic Harms and Shareholder Value” (2014) 6(1) The Journal of Legal Analysis 35; ECGI – Law Working Paper No. 222; Columbia Law and Economics Working Paper No. 452, (11 July 2014), accessed 11 May 2017 at SSRN: http://ssrn.com/ abstract=2307959, 38–39. 12  Ibid. 13  Ibid. 9

8.4  Did the Shareholder Wealth-Maximization Principle Exacerbate the Severity…

99

to the firm.14 For the liability rules to be imposed, a three-pronged approach is suggested using: • board-level review to overcome managerial conflicts caused by performance incentives through a special committee; • board responsibility of the level of risk-taking of both operations and strategy; and • a negligence-based action.15 For the relational approach and Model, a detailed examination of a negligence-­ based action is outside the scope of this Key Field No 5 of Stage 2 although, conceivably if established, it would form part of the national shareholder protection regime examined in section 7.3.1.3 of Stage 1. However, what is examined in Sect. 20.2 of Chap. 20 below are the ‘accountability obligations’ of a bank and an ‘accountable person’ provided by the ‘Bank Executive Accountability Regime’ (‘BEAR’).16 The accountability obligations of a bank and an accountable person are set out in sections 37C and 37CA of the Banking Act 1959 (Cth).17 For both the bank and the accountable person, they are (among others) to take reasonable steps to conduct its business and by acting with honesty and integrity, and with due skill, care and diligence.

8.4 Did the Shareholder Wealth-Maximization Principle Exacerbate the Severity of the Financial Crisis? For highlighting in this Key Field No 5 of the bank-specific Stage 2 for Australian major banks, to what extent was the financial crisis exacerbated by the shareholder wealth-maximisation principle? In other words, what is the relationship between this principle and the risk-taking behaviour of managers (particularly) of banks and

 Ibid, 39–40.  Ibid, 64. 16  Being PART IIAA – THE BANKING EXECUTIVE ACCOUNTABILITY REGIME, Banking Act 1959 (Cth), ss 37 – 37KC accessed 28 February 2019, available at http://classic.austlii.edu.au/ au/legis/cth/consol_act/ba195972/index.html#s37g, (the ‘BEAR’). The Australian Treasury announced in a Proposals Paper of 22 January 2020 that it proposed to extend the BEAR to other APRA regulated entities in the insurance and superannuation industries with the introduction of the Financial Accountability Regime (FAR). See Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, accessed 17 February 2020, available at https://treasury.gov.au/sites/ default/files/2020-01/c2020-24974.pdf. See Attachment A – Summary of changes from the BEAR to the FAR, pp. 11–13. The Government intends to introduce legislation by the end of 2020 to implement the FAR.  See Proposal Paper, Next steps, p  3. Accountability Statements and Accountability Maps will remain obligations of the FAR. See Proposal Paper, Accountability maps and statements, p 7 and Attachment A, p 12. 17  Ibid, sections 37C and 37CA. 14 15

100

8  Maximising the ‘Default Standard’ of Shareholder Value

financial firms? And how is the equity component of executive and director compensation a contributing cause? Howson puts the dilemma thus: What is the key implication arising from this rather common sense in-sight? Simply this: insofar as much-celebrated corporate governance norms make firm managers responsible to their shareholders, the same mechanisms incentivize managers to be irresponsible vis à vis the entire system, implicating systemic risk.18

Issues and governance variables in relation to risk-taking by bank managers and bonus, equity and option variable compensation are examined in Part 4. Conservative Risk Strategies Led to Better Survival Outcomes in the Crisis In this regard, Howson gives us two contrasting accounts. First are the results achieved by Deutsche Bank and Société Generale (SocGen) from aligning “irresponsible risk-taking” behaviour of managers with shareholders to achieve short-­ term gains in the share price to give a “dynamic stock price”. Second is for banks like Banque National de Paris (BNP Paribas) which took a more conservative risk strategy before the GFC. Ultimately, BNP Paribas’ strategy served the bank better in surviving the crisis – much better than Deutsche Bank and SocGen – but, in the process, its managers were almost removed even though it pursued long-term viability.19 The Short-Term Danger of the Emphasis on Quarterly Results For Van Den Berghe there was great danger in the short-term approach banks and financial firms took in relation to share price, exacerbated by quarterly reporting pressures: But the short-term disease is more widespread than in this mortgage-crisis. Financial firms, capital markets, financial analysts and large shareholder organisations have put the accent far too much on creating short-term shareholder value, as if it was the ultimate goal of the firm. In the absence of long-term shareholders, most listed companies are driven, if not biased by the share price and sometimes worse, making important choices and decisions on the base of the potential effect on the next quarter results.20

For the author, blockholders who take a longer-term position in holding bank equity had a stabilizing effect during the crisis: The financial crisis showed that controlling shareholders or blockholders are – after all – not that bad when it comes to be a stabilising factor in times of turmoil, while giving prefer-

 Nicholas Calcina Howson, “When ‘Good’ Corporate Governance Makes ‘Bad’ (Financial) Firms: The Global Crisis and the Limits of Private Law” (2009) 108 Michigan Law Review, First Impressions 44; University of Michigan Law & Economics, Olin Working Paper No. 09–024, (17 November 2009), accessed 14 April 2017 at SSRN: http://ssrn.com/abstract=1511904, 48 (emphasis in original). 19  Ibid. 20  Lutgart A A Van Den Berghe, “To What Extent is the Financial Crisis a Governance Crisis? From Diagnosis to Possible Remedies”, (May 27, 2009), accessed 4 April 2017 at SSRN: http://ssrn. com/abstract=1410455, 9. 18

8.4  Did the Shareholder Wealth-Maximization Principle Exacerbate the Severity…

101

ence to the long-term value creation over the short-term optimisation. Long-term shareholders are considered to have a more disciplinary impact on risk appetite…, generating a more natural self-control…, because of their more concentrated risk and their more important exposure to the well-being of the company.21

The effects of ownership structure on the performance of banks during the crisis is examined in Sect. 28.9 of Chap. 28 below.

21

 Ibid.

Chapter 9

Overview of Stage 2 Bank-Specific Key Code and Advanced Handbook for Australian Banks Abstract  Chapter 9 of the Key Code and Advanced Handbook for Australian major banks contains an overview of the relational corporate governance approach and Model in Stage 2. Parts 1 and 2 contain an introduction to the bank-specific Stage 2 Key Code and Advanced Handbook chapters. Part 3 identifies the 1749 Stage 2 bank-specific relational corporate governance variables themselves and the 159 Key Groupings in which the variables are indexed and categorised for a ‘deep dive’ review of the governance and supervision of Australian major banks at the activity or function level. Part 4 discusses issues in executive compensation and accountability – incentives, equity and option compensation and the BEAR. In Part 5, we examine boards and committees, independence, expertise and bank and risk culture. Part 6 concludes the Stage 2 Key Code and Advanced Handbook with the governance and management of bank risk, risk appetite and risk culture. Keywords  Introduction to Key Code and Advanced Handbook · Bank-specific variables · Executive compensation · Accountability · Incentives · Boards and committees · Independence · Expertise · Risk management · Risk culture

9.1 Overview of the Relational Corporate Governance Approach and Model in Stage 2 The overview for Stage 2 for Australian major banks is that it serves as a bank-­ specific addition to the evaluation on a ‘first principles’ basis of the thirty-nine (39) governance variables examined in Stage 1.1 After the addition of new Stage 2 1  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27.

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_9

103

104

9  Overview of Stage 2 Bank-Specific Key Code and Advanced Handbook...

bank-­specific governance variables, the total number of governance variables stands at 1749. One of the themes of Stage 2 is that – on account of the distinguishing features of banks in Chap. 7 – the specific, more detailed targeting of new governance variables adds a level of specificity or granularity of operation which complements the original Stage 1 Model and specifically applies it to Australian major banks.

9.2 Introduction to Bank-Specific Stage 2 Key Code and Advanced Handbook Chapters for Australian Banks Part 3: Stage 2 Bank-Specific Relational Corporate Governance Variables Table 10.1 of Chap. 10 sets out the ‘Key Groupings’. These are the key Groupings, prefixes or abbreviations of the Stage 1 and new Stage 2 bank-specific governance variables – at the activity or function level – spanning 159 categories for a ‘deep dive’ review of each activity or function. These Groupings were introduced in Chap. 1. Table 10.2 of Chap. 10 is the ‘Bank Combined Coverage and Relational Proximity Table’. This Table contains the Key Grouping, prefix or abbreviation assigned to the governance variable in an Accountability Statement or Accountability Map required by the BEAR. As noted in Sect. 1.1 of Chap. 1 above, the description of each governance variable introduced in Table 10.2 gives the actual description of the enquiry step required at the ‘nuts and bolts’ bank level. Section references to this Stage 2 Key Code and Advanced Handbook for the analysis of commentators, government, Regulators/Supervisors, major bank and market participant reports and the relational effect path for each existing Stage 1 and new Stage 2 bank-specific governance variable are set out in the right-hand column of Table 10.2. Each governance variable in this Stage 2 has its origin identified from reports, papers and findings in Sect. 1.2 of Chap. 1. As noted in Sect. 1.1, Stage 2 is also a Key Code because all its Stage 2 bank-­ specific governance variables  – 1749  in number  – are modelled or based on, or derived from, a handful of ‘Key’ or ‘Core’ governance variables from the original thirty-nine variables of Stage 1. Thus Table 10.2 also contains a new feature – a reference to the Stage 1 Key or Core governance variable after which the Stage 2 governance variable is modelled or based. Foreshadowing the ‘relational proximity ratings’ for this Stage 2, the target or hypothesised coverage/rating of each Stage 1 and Stage 2 bank-specific governance variable is set out in the column headed ‘Target/Hypothesised Coverage/ Relational Proximity Rating rprox’ of Table 10.2. Part 4: Issues in Executive Compensation and Accountability – Incentives, Equity and Option Compensation and the BEAR In Part 4, the relational approach will examine the argument that the GFC saw a misalignment of the interests of management and widely-dispersed shareholders because, in acting in the interests of those shareholders to maximize the share price,

9.2  Introduction to Bank-Specific Stage 2 Key Code and Advanced Handbook…

105

managers in financial firms increased their risk-taking without consideration of the systemic risks. This condition was exacerbated, it will therefore be argued by many commentators, by the nature and components of executive compensation and, in particular, variable remuneration. A number of factors will be introduced into the relational approach which increase the ‘moral hazard’ for banks and increase risk-­ taking – deposit insurance, limited liability, short-term profit results and reporting. Importantly, Part 4 will introduce two new bank-specific governance variables critical to the examination of variable performance-based compensation in the GFC and the Australian Banking Royal Commission Inquiry into banking misconduct: • [EqOptRiskAlignHighEnd] (+) – Equity and Options for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests – coverage/rating + 7/87.50 rprox2; and • [EqOptRiskFailHighEnd] (−) – Equity and Options for Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure – coverage/rating − 7/87.50 rprox.3 Part 4 examines governance variables covering a wide range of failures in governance variables and other aspects identified by governmental, Supervisor/Regulator, major bank and market participant reviews and reports introduced in Sect. 1.2 and commentator studies. Based in the overwhelming number of cases on the above variables, these bank-specific – including Compensation/Remuneration Committee-­ sourced  – variables will measure the sustainability of the bank. Sustainability is demonstrated by showing the difference between, on the one hand, a level of equity and options for executives and high-end employees that gives rise to a level of risk-­ taking in alignment with outside shareholder interests and, on the other hand, a level of equity and options that give rises to a level of risk-taking exceeding the bank’s risk appetite and increasing the likelihood of bank failure. Section 11.1 of Chap. 11 contains an introduction to incentives, option-based and equity-based pay and risk-taking by banks including ‘core’ components of remuneration. Sections 11.6–11.9 of Chap. 11 contains a summary of studies and new governance variables for variable performance-based compensation and bank risk-taking. In Sections 12.1–12.3 of Chap. 12 below, a number of government and market participant reform report recommendations consequent on the GFC are examined. In Sects. 12.5–12.16 of Chap. 12 below, the relational approach constructs the relational effect paths of a number of governance variables suggested by these reform reports. Section 12.17 of Chap. 12 examines disclosure of bands and elements of compensation for executives and high end employees. Section 12.18 of Chap. 12 examines restrictions, delay, lock-up, deferral and clawback of incentive payments including their relational effect paths.

 See discussion in sect. 12.5 of Chap. 12 below.  Ibid.

2 3

106

9  Overview of Stage 2 Bank-Specific Key Code and Advanced Handbook...

In Chap. 13, Stage 2 examines the FSB Principles for Sound Compensation Practices (FSBP)4 and, in Sect. 13.4, the FSB Implementation Standards (FSBIS).5 In Chap. 14, Stage 2 examines the NAB Self-Assessment 20186 recommendations and commentary on remuneration. Chapter 15 then examines the Westpac Review Team 20187 recommendations and commentary on remuneration. Stage 2 then moves in Chap. 16 to review shareholder value maximisation in banks and financial firms. Chapter 17 reviews additional compensation/remuneration committee considerations. Chapter 18 examines compensation practices for misconduct risk including, in Sect. 18.1, the FSB’s Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, the use of compensation tools to address misconduct risk (‘FSBSupp’).8 Chapter 19 begins a review of the FSRC Final Report9 recommendations and commentary on executive remuneration. Following in Sect. 19.3, Stage 2 begins its consideration of the Sedgwick Review10 on retail bank remuneration. Chapter 20 is the penultimate chapter of Part 4 with a review of the BEAR – the Bank Executive Accountability Regime11 – including its requirements in relation to deferred variable remuneration.

 Financial Stability Board, FSB Principles for Sound Compensation Practices, 2 April 2009 accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/r_0904b.pdf (‘FSBP’). 5  Financial Stability Board, FSB Principles for Sound Compensation Practices Implementation Standards, 25 September 2009, accessed 28 February 2019, available at http://www.fsb.org/wp-­ content/uploads/r_090925c.pdf (‘FSBIS’). 6  NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/content/dam/nabrwd/documents/reports/corporate/nab-self-assessment-2018.pdf (‘NAB Self-Assessment 2018’). 7  Westpac Banking Corporation, Review Team, Governance, Accountability and Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-Assessment_Report_.pdf (‘Westpac Review Team 2018’). 8  Financial Stability Board, Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, The use of compensation tools to address misconduct risk, 9 March 2018, accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/ P090318-1.pdf (‘FSBSupp’). 9  Commonwealth of Australia, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 4 February 2019, accessed 5 February 2019, available at https://static.treasury.gov.au/uploads/sites/1/2019/02/fsrc-volume1.pdf, Volume 1, (‘FSRC Final Report’). 10  Stephen Sedgwick AO, Retail Banking Remuneration Review Report, 19 April 2017, accessed 28 February 2019, available at https://www.betterbanking.net.au/wp-content/uploads/2018/01/ FINAL_Rem-Review-Report.pdf (‘Sedgwick Review’). 11  Being PART IIAA – THE BANKING EXECUTIVE ACCOUNTABILITY REGIME, Banking Act 1959 (Cth), ss 37 – 37KC accessed 28 February 2019, available at http://classic.austlii.edu.au/ 4

9.2  Introduction to Bank-Specific Stage 2 Key Code and Advanced Handbook…

107

Chapter 21 concludes Part 4 with a review of APRA’s Revised Draft Prudential Standard 511 Remuneration of November 2020.12 Part 5: Boards and Committees, Independence, Expertise and Bank and Risk Culture Part 5 opens with a review of the responsibilities of the board in Sect. 22.2 of Chap. 22.

au/legis/cth/consol_act/ba195972/index.html#s37g, (the ‘BEAR’). The Australian Treasury announced in a Proposals Paper of 22 January 2020 that it proposed to extend the BEAR to other APRA regulated entities in the insurance and superannuation industries with the introduction of the Financial Accountability Regime (FAR). See Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, accessed 17 February 2020, available at https://treasury.gov.au/sites/ default/files/2020-01/c2020-24974.pdf. See Attachment A – Summary of changes from the BEAR to the FAR, pp  11–13. The Government intends to introduce legislation by the end of 2020 to implement the FAR.  See Proposal Paper, Next steps, p  3. Accountability Statements and Accountability Maps will remain obligations of the FAR. See Proposal Paper, Accountability maps and statements, p 7 and Attachment A, p 12. 12   Australian Prudential Regulation Authority, Revised Draft Prudential Standard CPS 511 Remuneration, November 2020, accessed 19 November 2020, available at: https://www.apra.gov. au/sites/default/files/%5Bdate%3Acustom%3AY%5D-%5Bdate%3Acustom%3Am%5D/Revised Draft Prudential Standard CPS 511 Remuneration – Clean – November 2020.pdf (“CPS 511”). For earlier versions of CPS 511,see Australian Prudential Regulation Authority, Draft Prudential Standard CPS 511 Remuneration, Draft July 2019 available at https://www.apra.gov. au/sites/default/files/draft_prudential_standard_cps_511_remuneration_v2.pdf, (‘CPS 511’). See also: • Consultation on Remuneration Requirements for all APRA-regulated entities, accessed 22 September 2019, available at https://www.apra.gov.au/consultation-remunerationrequirements-­all-apra-regulated-entities; and • Discussion paper: Strengthening prudential requirements for remuneration July 2019, accessed 22 September 2019, available at https://www.apra.gov.au/sites/default/files/ discussion_paper_strengthening_prudential_requirements_for_remuneration_july_2019_ v1.pdf. Recent pronouncements from APRA in January 2020 state that this draft will be finalised in the first half of 2020 with an expected effective date of July 2021. See: • Australian Prudential Regulation Authority, Information Paper, APRA’s Policy Priorities, January 2020, accessed 17 February 2020, available at https://www.apra.gov.au/apras-policy-­ priorities, section 2.1.2 Remuneration and Attachment B: Timelines; and • Australian Prudential Regulation Authority, Information Paper, APRA’s Supervision Priorities, January 2020, accessed 17 February 2020, available at https://www.apra.gov.au/apras-­ supervision-­priorities, section 2.3.3 Remuneration. In addition to finalisation of APRA’s Draft Prudential Standard 511 Remuneration, APRA has announced that it intends to consult on revised versions of Prudential Standard CPS 510 Governance, Prudential Standard CPS 220 Risk Management and Prudential Standard 520 Fit and Proper in the second half of 2020 with expected effective dates of 2022. See the above Information Paper, APRA’s Policy Priorities, section 2.1.1 Governance and risk management, section 2.1.3 Accountability and Attachment B: Timelines.

108

9  Overview of Stage 2 Bank-Specific Key Code and Advanced Handbook...

A large number of banking-specific variables in Part 5 go to enhancing risk management and monitoring – i.e., ‘Risk Management, Monitoring & Audit Factor No 5’. As a large number of new variables pertain to non-executive directors (or ‘NEDs’), the ‘independence’ ingredient of NEDs is used as a building block for these variables. The relational effect paths of a significant majority of new bank-­ specific variables in Part 5 are thus modelled on the configuration of the [BrdIndMon] (+) variable from Stage 1 – Board Independent: Executive Director Proportion – Monitoring Effect (sections 7.3.2–7.3.2.1.2 of Stage 1).13 Chapter 23 examines board characteristics. The chapter identifies governance failings of boards of directors in challenging decisions and examines board size, composition and qualification of directors. In Chapter 25, board diversity, including gender diversity, is examined and gives rise to a number of variables with ‘interim’ status. In Chap. 26, there is a detailed examination of independence, competence and the ‘fit and proper person’ tests including deficiencies in bank-specific knowledge. Chapter 27 examines failures in risk modelling and rating securitised products. Then, leverage and off-balance-sheet entities are examined in Sect. 27.3 of Chap. 27. Chapter 28 examines ownership, governance structure and government bailout. The composition and role of the board is examined in Chap. 29 including enhancing challenge, debate and testing in Sect. 29.1 and an examination of board culture and ‘tone at the top’ in Sect. 29.2 with related variables. New (again ‘interim’) variables are also introduced for codes of conduct, ethics and conflicts of interest. Section 29.3 examines the FSB’s Framework for Assessing Risk Culture14 including the FSB’s elements and indicators of a sound risk culture – tone from the top, accountability, effective communication and challenge and incentives. Section 29.4 examines the FSRC Final Report findings on governance, remuneration and culture and the FSRC’s recommendations on the role of the board, priorities, non-financial risks and accountability. Chapter 30 examines the NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac Reassessment on governance, accountability and culture. This includes the role of the board and senior management, operation of the board and its committees, reporting to the board, challenge and closure of issues, remuneration and consequence management, senior leadership oversight, accountability, cultural inhibitors and cultural ‘levers’.

 See discussion in sections 7.3.2–7.3.2.1.2 of Stage 1, above n 1, pp 206–211.  Financial Stability Board, Guidance on Supervisory Interaction with Financial Institutions on Risk Culture, A Framework for Assessing Risk Culture of 7 April 2014, accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/140407.pdf (‘FSBCult’). 13 14

9.2  Introduction to Bank-Specific Stage 2 Key Code and Advanced Handbook…

109

Chapter 31 reviews the NAB and Westpac recommendations and commentary on culture including, as part of this, the Westpac Review Team 2018 and Westpac Reassessment discussion on culture. Chapter 32 reviews the APRA Information Paper 2019 on risk culture. Chapter 33 examines financial and bank-specific expertise or a lack thereof leading to inadequate risk management and internal controls and the role, responsibilities and time commitment of the Chairperson in Chap. 34. The proportion of executive and non-executive directors on the board are examined in Chap. 35. Next in Chap. 36 is an examination of board committees including the audit committee (including shortcomings in the operation of this committee), nomination and governance committee, the ethics, compliance and reputation committee and the NAB Customer Outcomes Committee. Section 36.7 examines APRA’s identified failings in board committees. Chapter 37 examines the complexity of bank structures and off-balance-sheet entities and how these can affect the quality of decision-making by NEDs. Chapter 37 then also concludes the discussion in Part 5 with an examination of bank disclosure and transparency and structured products. Part 6: The Governance and Management of Bank Risk, Risk Appetite and Risk Culture Part 6 opens with a discussion of the link between risk management and governance in Sect. 38.1 and, in Sect. 38.2, a summary of the failings of risk management in the GFC and in the recent Australian Banking Royal Commission Inquiry into banking misconduct. Section 38.3 examines governance variables for board responsibilities in APRA’s Prudential Standard CPS 220 Risk Management.15 In Sections 38.4–38.23, twenty ‘failure’ variables are based on the risk management failures summarised at the start of Part 6. The Stage 2 relational approach will be to build a large number of governance variables based on the relational effect path of the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 116 but in the negative direction. Chapter 39 examines NAB and ASIC failures in issue identification, escalation and resolution. Chapter 40 examines risk culture, risk appetite and risk appetite statements including examining the required change in board culture and ‘tone at the top’. Section 40.1 examines elements of sound risk culture. The Stage 2 relational approach and Model for Australian major banks then turns to developing a ‘risk appetite’, ‘risk appetite statement’ (RAS) and ‘risk  Australian Prudential Regulation Authority, Prudential Standard CPS 220 Risk Management, July 2019, accessed 22 September 2019, available at https://www.apra.gov.au/sites/default/files/ cps_220_risk_management_effective_from_1_july_2019.pdf (‘CPS 220’). 16  See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 262–266. 15

110

9  Overview of Stage 2 Bank-Specific Key Code and Advanced Handbook...

management strategy’ (RMS) in Sects. 40.4–40.5. Here, the development of risk appetite – through a Risk Appetite Statement – will raise new governance variables for the Stage 2 relational approach which behave like a ‘strong’ version of the [BrdSkills] (+)17 variable in section 7.3.1.2.1 of Stage 1. Chapter 41 examines the FSB-issued guidance on a risk appetite framework (RAF) in its Principles for An Effective Risk Appetite Framework in November 2013.18 In Chap. 42, the relational approach will review the ‘first line of defence’ – business units including the Westpac Review Team 2018’s Line 1 function, the Westpac Reassessment on Line 1 ownership and capability to manage risk and the Westpac Reassessment on building Line 1 risk and control capability. Section 42.6 will examine high risk strategies and (improper) delegation of risk oversight. In Sect. 42.7, the examination will move to variables for inadequate oversight, risk management and complexity of financial products. Chapter 43 will examine the Board Risk Committee (BRC) and Chapter 44 will examine BRC composition including the Chief Risk Officer (CRO). The risk management function – the second line of defence – will be examined in Chap. 45. Communication of risk is introduced in Sect. 45.5 including principles for identification, escalation/communication and disclosure of risk. In Sect. 45.6, Stage 2 will examine the escalation of risk information upwards through ‘red flags’. Section 45.14 examines ‘compliance’ as part of the ‘second line of defence’ which raises a large number of ‘SecLineComply’-prefix variables. Section 45.15 continues the examination of risk management with a wide range of failings in accountability and responsibility identified by APRA. Chapter 46 identifies (only briefly) internal audit as an extensive area for a proposed future Key Field. Chapter 47 contains an examination of governance variables relating to remediation issues identified by APRA, including, in Sect. 47.1, APRA’s commentary on remediation attributes. Chapter 48 contains an examination of governance variables for APRA on risk management and compliance including the APRA risk management framework (RMF). Chapter 49 examines NAB’s RMF, first line risk and control ownership, second line risk management and risk reporting, second line compliance function, second line conduct risk and second line operational risk. This includes a review of ASX environmental and social risks.

 Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 1, pp 198–201. 18  Financial Stability Board, Principles for An Effective Risk Appetite Framework of 18 November 2013 accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/r_131118. pdf (‘FSBRAF’). 17

9.2  Introduction to Bank-Specific Stage 2 Key Code and Advanced Handbook…

111

Chapter 50 concludes Part 6 with governance variables for the Westpac Review Team 2018 on risk management and compliance including non-financial risk appetite, management of conduct and reputation risks, divisional approaches to manage risk and compliance and embedding group-wide policies. Finally, further detail from the Westpac Reassessment describes the “CORE” – Customer Outcomes & Risk Excellence  – Program introduced in response to the shortcomings in non-­ financial risk.

Part III

Governance of Banks in the GFC and Beyond Key Field No 5 (Part 3): Bank-­Specific Coverage and Relational Proximity Rating Results for Australian Banks

Chapter 10

Existing Stage 1 and New Stage 2 Bank-­ Specific Relational Corporate Governance Variables for Australian Banks

Abstract  Table 10.1 of Chap. 10 sets out the ‘Key Groupings’. These are the key Groupings, prefixes or abbreviations of the Stage 1 and new Stage 2 bank-specific governance variables – at the activity or function level – spanning 159 categories for a ‘deep dive’ review of each activity or function. These Groupings were introduced in Chap. 1. Table 10.2 of Chap. 10 is the ‘Bank Combined Coverage and Relational Proximity Table’. This Table contains the Key Grouping, prefix or abbreviation assigned to the governance variable in an Accountability Statement or Accountability Map required by the BEAR. As noted in Sect. 1.1 of Chap. 1 above, the description of each governance variable introduced in Table 10.2 gives the actual description of the enquiry step required at the ‘nuts and bolts’ bank level. Section references to this Stage 2 Key Code and Advanced Handbook for the analysis of commentators, government, Regulators/Supervisors, major bank and market participant reports and the relational effect path for each existing Stage 1 and new Stage 2 bank-specific governance variable are set out in the right-hand column of Table 10.2. Each governance variable in this Stage 2 has its origin identified from reports, papers and findings in Sect. 1.2 of Chap. 1. As noted in Sect. 1.1, Stage 2 is also a Key Code because all its Stage 2 bank-­ specific governance variables  – 1749  in number  – are modelled or based on, or derived from, a handful of ‘Key’ or ‘Core’ governance variables from the original thirty-nine variables of Stage 1. Thus Table 10.2 also contains a new feature – a reference to the Stage 1 Key or Core governance variable after which the Stage 2 governance variable is modelled or based. Foreshadowing the ‘relational proximity ratings’ for this Stage 2, the target or hypothesised coverage/rating of each Stage 1 and Stage 2 bank-specific governance variable is set out in the column headed ‘Target/Hypothesised Coverage/ Relational Proximity Rating rprox’ of Table 10.2. Keywords  Coverage and Relational Proximity Ratings · Stage 1 Key or Core Variables · Bank-Specific Governance Reports and Pronouncements · Key Groupings · Bank Combined Coverage and Relational Proximity Table · Table

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_10

115

116

10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

10.2 · Target or Hypothesised Coverage and Relational Proximity Rating · Actual Coverage and Relational Proximity Rating In section 2.4 of Stage 1, the thirty-nine (39) existing Stage 1 governance variables were introduced as: [T]he governance and management structures which seek to punish or deter director, CEO and management misconduct or which align the interests of those insiders with the interests of outside shareholders. They are critical to the relational approach because the approach is constructed on the basis that the governance variables affect one another – the operation of each governance variable is affected by the ‘zone of effect’ of each other governance variable. This zone of effect is represented by the relational effect path of that governance variable. The strength or otherwise of a governance variable’s zone of effect is thus measured by its relational proximity rating – its relative importance compared to other governance variables.1

One of the aims of this Chap. 10 will be to introduce the new ‘bank-specific governance variables’ of Stage 2 for Australian banks and additional references for the existing Stage 1 variables. The total number of governance variables from Stage 1 and Stage 2 together number 1749. ‘Key’ or ‘Core’ Governance Variables from Stage 1 As will be demonstrated in this Chap. 10, the relational effect paths of the new Stage 2 bank-specific variables for Australian banks are modelled on, or follow the configuration of, a number of existing – and significant – Stage 1 variables. Thus, Stage 2 will demonstrate that the relational effect paths of seven significant Stage 1 variables have high explanatory power when predicting the relational effect paths and behavior of the new bank-specific variables of Stage 2 for Australian banks. As noted in Sect. 1.1, the seven (7) Stage 1 Key/Core governance variables are: • [AudCom] (+) – Audit Committee – Presence, Operation and Frequency (relational effect path section 8.4.2 of Stage 1) (+6/75.00 rprox) (Table 10.2, No 23); • [BrdIndInfo] (−) – Board Independent Director: Executive Director Proportion – Information Flow and Decision Quality ‘Trade-off’ (relational effect path section 7.3.2.1.3 of Stage 1) (−4/50.00 rprox) (Table 10.2, No 201); • BrdIndMon] (+) – Board Independent Director: Executive Director Proportion – Monitoring Effect (relational effect path sections 7.3.2.1.1–7.3.2.1.2 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 203);

 See discussion in section 2.4 of Stage 1 in Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (“Stage 1”), p 31. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 1

10.1  Bank-Specific Governance Reports and Pronouncements

117

• [BrdSkills] (+) – Board – Director Skills ‘Mix’ (relational effect path section 7.3.1.2.1 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 209); • [EqOptEntrch] (−) – Equity/Option Plans and Holdings of Directors/ Executives  – ‘Entrenchment’ Effect (excludes short-term options) (relational effect path section 10.2.4 of Stage 1) (−7/87.50 rprox) (Table 10.2, No 434); • [EqOptIncent] (+) – Equity/Option Plans and Holdings of Directors/ Executives  – Incentive/‘Alignment’ Effect (excludes short-term options) (relational effect path section 10.2.4 of Stage 1) (+7/87.50 rprox) (Table  10.2, No 435); and • [TransTimeMon] (+)  – Transparency and Timing of Reporting  – Monitoring Effect (relational effect path section 9.1.2.1 of Stage 1) (+8/100.00 rprox) (Table 10.2, No 1203). Thus, for analytical purposes and to increase the explanatory power of the Stage 2 Model, Table  10.2 below  – the ‘Bank Combined Coverage and Relational Proximity Table’ – will display for each Stage 2 bank-specific governance variable the relevant Stage 1 Key/Core governance variable from which it is derived or modelled. Also displayed is whether the direction of the Stage 1 governance variable remains the same or is reversed. This is used instead of the dot (‘•’) markings of Stage 1. New to Stage 2, the ‘relational effect path’ of a Stage 2 bank-specific governance variable for Australian major banks is represented by the Key/Core variable from Stage 1. The relational effect paths of the Stage 1 governance variables have already been provided to the reader in Table 3.1 of Chap. 3 of this Stage 2. Thus, evident to the reader will be the number of times a particular Key/Core variable from Stage 1 is used to derive or model a Stage 2 bank-specific governance variable for Australian banks.

10.1 Bank-Specific Governance Reports and Pronouncements As noted in Sect. 1.2 of Chap. 1, significant in Stage 2 for Australian major banks will be the following reports, papers and pronouncements which together create the landscape of bank-level governance, accountability, remuneration, risk management and culture mapped by the Stage 2 Model: • the International Institute of Finance’s Final Report of the IIF Committee on Market Best Practices of 2008;2

 Institute of International Finance, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, Financial Services Industry Response to the Market Turmoil of 2007-2008, Washington, DC, July 2008, accessed 24 March 2017 at http://www.apec.org.au/docs/11_CON_GFC/IIF_Final_Report_of_the_Committee_on_Market_ Best_Practices.pdf (‘IIF Final Report 2008’). 2

118

10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

• the UK Walker Review’s A review of corporate governance in UK Banks and other financial industry entities, Final recommendations of 2009;3 • the OECD Steering Group on Corporate Governance’s Corporate Governance and the Financial Crisis: Key Findings and Main Messages of June 2009;4 • Grant Kirkpatrick’s Report for the OECD, Corporate Governance Lessons from the Financial Crisis of 2009;5 • the European Commission’s Green Paper, Corporate Governance in Financial Institutions and Remuneration Policies of 2010;6 • the OECD Steering Group on Corporate Governance’s, Corporate Governance and the Financial Crisis of 2010;7 • the European Commission’s Green Paper, The EU Corporate Governance Framework of 2011;8 • the Basel Committee on Banking Supervision’s Guidelines, Corporate Governance Principles for Banks of 2015;9 • the Financial Stability Board (FSB) Principles for Sound Compensation Practices of 2009;10

 David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’). 4  OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis: Key Findings and Main Messages, June 2009, approved for publication 29 May 2009, accessed 12 April 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/43056196. pdf, (‘OECD Key Findings 2009’). 5  Grant Kirkpatrick, The Corporate Governance Lessons from the Financial Crisis, Report of the OECD Steering Group on Corporate Governance, 11 February 2009, Financial Market Trends, Vol 2009/1, ISSN 1995-2864, accessed 27 March 2017 at http://search.oecd.org/finance/financial-­ markets/42229620.pdf, (‘OECD Kirkpatrick Report 2009’). 6  European Commission, Green Paper, Corporate Governance in Financial Institutions and Remuneration Policies, COM(2010) 284 final, Brussels, 2 June 2010, accessed 23 March 2017 at http://www.ecgi.org/commission/documents/green_paper_com2010_284_en.pdf (‘EC Green Paper 2010’). 7  OECD Directorate for Financial and Enterprise Affairs, OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis, Conclusions and emerging good practices to enhance implementation of the Principles, 24 February 2010, accessed 11 May 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/44679170.pdf, (‘OECD 2010 Conclusions and Practices’). 8  European Commission, Green Paper, The EU Corporate Governance Framework, COM (2011) 164 final, Brussels, 5 April 2011, accessed 1 May 2017 at ec.europa.eu/internal_market/company/ docs/modern/com2011-164_en.pdf, (‘EC Second Green Paper 2011’). 9   The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’). 10  Financial Stability Board, FSB Principles for Sound Compensation Practices, 2 April 2009 accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/r_0904b.pdf (‘FSBP’). 3

10.1  Bank-Specific Governance Reports and Pronouncements

119

• the FSB Principles for Sound Compensation Practices Implementation Standards also of 2009;11 • for bank and risk culture and misconduct risk: –– the FSB Principles for An Effective Risk Appetite Framework of 18 November 2013;12 –– the FSB Guidance on Supervisory Interaction with Financial Institutions on Risk Culture, A Framework for Assessing Risk Culture of 7 April 2014;13 and –– the FSB Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, the use of compensation tools to address misconduct risk of March 2018;14 • the Retail Banking Remuneration Review Report of April 2017 by Stephen Sedgwick AO;15 • the APRA Final Report;16 • the BEAR – Bank Executive Accountability Regime – contained in sections 37 – 37KC of the Banking Act 1959 (Cth);17 • the FSRC Interim Report;18  Financial Stability Board, FSB Principles for Sound Compensation Practices Implementation Standards, 25 September 2009, accessed 28 February 2019, available at http://www.fsb.org/wp-­ content/uploads/r_090925c.pdf (‘FSBIS’). 12  Financial Stability Board, Principles for An Effective Risk Appetite Framework of 18 November 2013 accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/r_131118. pdf (‘FSBRAF’). 13  Financial Stability Board, Guidance on Supervisory Interaction with Financial Institutions on Risk Culture, A Framework for Assessing Risk Culture of 7 April 2014, accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/140407.pdf (‘FSBCult’). 14  Financial Stability Board, Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, The use of compensation tools to address misconduct risk, 9 March 2018, accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/ P090318-1.pdf (‘FSBSupp’). 15  Stephen Sedgwick AO, Retail Banking Remuneration Review Report, 19 April 2017, accessed 28 February 2019, available at https://www.betterbanking.net.au/wp-content/uploads/2018/01/ FINAL_Rem-Review-Report.pdf (‘Sedgwick Review’). 16  Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (‘APRA Final Report’), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-Report_30042018.pdf. 17  Being PART IIAA - THE BANKING EXECUTIVE ACCOUNTABILITY REGIME, Banking Act 1959 (Cth), ss 37 – 37KC accessed 28 February 2019, available at http://classic.austlii.edu.au/ au/legis/cth/consol_act/ba195972/index.html#s37g, (the ‘BEAR’). The Australian Treasury announced in a Proposals Paper of 22 January 2020 that it proposed to extend the BEAR to other APRA regulated entities in the insurance and superannuation industries with the introduction of the Financial Accountability Regime (FAR). See Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, accessed 17 February 2020, available at https://treasury.gov.au/sites/ default/files/2020-01/c2020-24974.pdf. See Attachment A – Summary of changes from the BEAR to the FAR, pp  11–13. The Government intends to introduce legislation by the end of 2020 to implement the FAR. See Proposal Paper, Next steps, p 3. 18  Commonwealth of Australia, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Interim Report, 28 September 2018, accessed 11 December 2018, 11

120

10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

• the FSRC Final Report;19 • the NAB Self-Assessment 2018;20 • the Westpac Governance, Accountability and Culture Self-Assessment of November 2018;21 • the APRA Information Paper, Self-Assessments of Governance, Accountability and Culture of 22 May 2019;22 • APRA’s Prudential Standard CPS 220 Risk Management of July 2019;23 • APRA’s Prudential Standard CPS 510 Governance of July 2019;24 • APRA’s Prudential Standard CPS 520 Fit and Proper of July 2019;25 • APRA’s Revised Draft Prudential Standard 511 Remuneration of November 2020;26 available at https://financialservices.royalcommission.gov.au/Documents/interim-report/interim-­ report-­volume-1.pdf, Volume 1, Introduction, p 2, (‘FSRC Interim Report’). 19  Commonwealth of Australia, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 4 February 2019, accessed 5 February 2019, available at https://static.treasury.gov.au/uploads/sites/1/2019/02/fsrc-volume1.pdf, Volume 1, (‘FSRC Final Report’). 20  NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/content/dam/nabrwd/documents/reports/corporate/nab-self-assessment-2018.pdf (‘NAB Self-Assessment 2018’). 21  Westpac Banking Corporation, Review Team, Governance, Accountability and Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-Assessment_Report_.pdf (‘Westpac Review Team 2018’). 22  Australian Prudential Regulation Authority (APRA), Information Paper, Self-Assessments of Governance, Accountability and Culture, 22 May 2019, accessed 5 June 2019, available at https:// www.apra.gov.au/sites/default/files/information_paper_self-­assessment_of_governance_accountability_and_culture.pdf (APRA Information Paper 2019’). 23  Australian Prudential Regulation Authority, Prudential Standard CPS 220 Risk Management, July 2019, accessed 22 September 2019, available at https://www.apra.gov.au/sites/default/files/ cps_220_risk_management_effective_from_1_july_2019.pdf (‘CPS 220’). 24  Australian Prudential Regulation Authority, Prudential Standard CPS 510 Governance, July 2019, accessed 22 September 2019, available at: https://www.legislation.gov.au/Details/ F2019L00662/Download (‘CPS 510’). 25  Australian Prudential Regulation Authority, Prudential Standard CPS 520 Fit and Proper, July 2019, accessed 1 October 2019, available at: https://www.legislation.gov.au/Details/F2018L01390/ Download (‘CPS 520’). 26   Australian Prudential Regulation Authority, Revised Draft Prudential Standard CPS 511 Remuneration, November 2020, accessed 19 November 2020, available at: https://www.apra.gov. au/sites/default/files/%5Bdate%3Acustom%3AY%5D-%5Bdate%3Acustom%3Am%5D/Revised Draft Prudential Standard CPS 511 Remuneration - Clean - November 2020.pdf (“CPS 511”). For earlier versions of CPS 511, see Australian Prudential Regulation Authority, Draft Prudential Standard CPS 511 Remuneration, Draft July 2019 available at https://www.apra.gov. au/sites/default/files/draft_prudential_standard_cps_511_remuneration_v2.pdf, (‘CPS 511’). See also: • Consultation on Remuneration Requirements for all APRA-regulated entities, accessed 22 September 2019, available at https://www.apra.gov.au/consultation-remuneration-requirementsall-apra-regulated-entities;

10.1  Bank-Specific Governance Reports and Pronouncements

121

• the ASX’s Corporate Governance Principles and Recommendations, Fourth Edition of February 2019;27 • ASIC’s Corporate Governance Taskforce, Director and Officer Oversight of Non-financial Risk Report of October 2019;28 and • Westpac’s Reassessment of the Culture, Governance and Accountability Remediation Plan of June 2020.29 Again, a qualification to the above reports and pronouncements is that, in this Stage 2, the Key Code and Advanced Handbook applies to middle-to-higher level managers, senior executives, the ‘C-suite’, board of directors and chairperson. Bank-specific governance variables relating to ‘frontline’ or ‘customer-facing’ staff and their ‘near managers’ awaits a future stage. Table 10.1 and ‘Key Groupings’ of the Stage 2 Bank-Specific Governance Variables for Australian Banks As noted in Sect. 1.5 of Chap. 1, at a detailed operational level for planning and conducting governance reviews, the governance variables are linked by a ‘Key Grouping’, prefix or abbreviation for particular functions and activities. Thus, all related governance variables are grouped by one-hundred and fifty-nine (159) functions or activities for a ‘deep dive’ review of each activity. • Discussion paper: Strengthening prudential requirements for remuneration July 2019, accessed 22 September 2019, available at https://www.apra.gov.au/sites/default/files/discussion_paper_ strengthening_prudential_requirements_for_remuneration_july_2019_v1.pdf. Recent pronouncements from APRA in January 2020 state that this draft will be finalised in the first half of 2020 with an expected effective date of July 2021. See: • Australian Prudential Regulation Authority, Information Paper, APRA’s Policy Priorities, January 2020, accessed 17 February 2020, available at https://www.apra.gov.au/apras-policy-­ priorities, section 2.1.2 Remuneration and Attachment B: Timelines; and • Australian Prudential Regulation Authority, Information Paper, APRA’s Supervision Priorities, January 2020, accessed 17 February 2020, available at https://www.apra.gov.au/apras-­ supervision-­priorities, section 2.3.3 Remuneration. In addition to finalisation of APRA’s Draft Prudential Standard 511 Remuneration, APRA has announced that it intends to consult on revised versions of Prudential Standard CPS 510 Governance, Prudential Standard CPS 220 Risk Management and Prudential Standard 520 Fit and Proper in the second half of 2020 with expected effective dates of 2022. See the above Information Paper, APRA’s Policy Priorities, section 2.1.1 Governance and risk management, section 2.1.3 Accountability and Attachment B: Timelines. 27  Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition of February 2019 accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-principles-and-recommendationsfourth-­edn.pdf (‘2019ASX’). 28  Australian Securities and Investments Commission, ASIC Corporate Governance Taskforce, Director and Officer Oversight of Non-financial Risk Report, October 2019, accessed 15 April 2020, available at https://download.asic.gov.au/media/5290879/rep631-published-2-10-2019.pdf (‘2019ASIC’). 29  Westpac Banking Corporation, Reassessment of the Culture, Governance and Accountability Remediation Plan, June 2020, accessed 20 November 2020, available at https://www.westpac. com.au/content/dam/public/wbc/documents/pdf/aw/media/WBC_CGA_Reassessment.pdf (‘Westpac Reassessment’).

122

10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Table 10.1 ‘Key Groupings’ of the Stage 2 Bank-Specific Governance Variables for Australian Banks

No. 1.

Key Grouping, Prefix or Abbreviation (in alphabetical order) AccFail

2. 3. 4. 5. 6. 7. 8.

APRA APRACult ASIC ASX AudCom Bank BEAR

9.

BEARAcc

10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28.

BEARAccReas BEARDeferVarRem BEARIDAccPerson BEARKeyPers BEARNotify BRC Brd BrdCust BU CC and Comp Cm Codes CRO Cult CultFail ECm ECmFail ED Fail

29. 30. 31. 32. 33. 34.

FSB FSBComp FSBCult FSBIS FSBRAF FSBSupp

35.

FSRC

Key Grouping or Meaning Failure of board oversight of accountability or responsibility Australian Prudential Regulation Authority APRA Information Paper 2019 on Risk Culture Australian Securities and Investments Commission Australian Securities Exchange Audit committee Banks generally Bank Executive Accountability Regime (BEAR) for authorised deposit-taking institutions or ADIs BEAR accountability obligations of the ADI and accountable person BEAR ‘reasonable steps’ provisions BEAR deferred remuneration obligations of the ADI BEAR identification of accountable persons BEAR key personnel obligations of the ADI BEAR notification obligations of the ADI Board risk committee Board of directors Board failure in relation to customers Business units Compensation/remuneration committee Committees generally Codes of conduct and ethics Chief Risk Officer Bank and risk culture Failure of bank culture Executive Committee Failure of executive committee Executive directors Failure of board oversight of risk management and other governance variables Financial Stability Board FSB Principles for Sound Compensation Practices FSB Elements of an Effective Risk Culture FSB Implementation Standards FSB Principles for an Effective Risk Appetite Framework FSB Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, the use of compensation tools to address misconduct risk Financial Services Royal Commission (continued)

10.1  Bank-Specific Governance Reports and Pronouncements

123

Table 10.1 (continued)

No. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67.

Key Grouping, Prefix or Abbreviation (in alphabetical order) FSRCAcc

Key Grouping or Meaning FSRC Final Report recommendations and commentary on accountability FSRCCult FSRC Final Report recommendations and commentary on culture FSRCGov FSRC Final Report recommendations and commentary on governance FSRCPriority FSRC Final Report recommendations and commentary on priorities HighEnd Executives and ‘high end’ employees NAB NAB Self-Assessment 2018 NABAcc NAB board accountability NABAudCom NAB Audit Committee NABBRC NAB Board Risk Committee NABBrdAgenda NAB board agenda-setting function NABBrdChall NAB board challenge and closure of issues NABBrdCm NAB Board and Committees NABBrdOseeRem NAB board oversight of remuneration policies and practices NABBrdRep NAB reporting to the Board generally NABCC and NABComp NAB Compensation/Remuneration Committee NABCodesNEDCust NAB Codes Customer Outcomes Committee NABCompConseqMan NAB consequence management for variable remuneration NABCompRemConseq NAB application of remuneration consequence NABCompRisk&Cond NAB risk and conduct within the remuneration framework NABCultInhib NAB cultural inhibitors to targeted culture NABCultLever NAB cultural levers for desired culture NABCultMeas NAB measuring risk culture NABCultTone NAB board role-modelling of tone-from-the-top NABCultValues&Behave NAB values and behaviours NABELT NAB oversight of Executive Leadership Team (ELT) NABNomGov NAB Nomination and Governance Committee NABPriority NAB financial objectives and prioritisation NABRedFlag NAB board oversight of risk management in relation to failure to escalate problems or ‘red flags’ NABRedFlagComplyBr NAB board oversight of risk management in relation to compliance breach assessment and reporting NABRedFlagCustComplain NAB board oversight of risk management in relation to capture and reporting of customer complaints NABRedFlagOpRisk NAB board oversight of risk management in relation to operational risk management policy NABRiskMan NAB risk management and compliance (continued)

124

10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Table 10.1 (continued)

No. 68. 69. 70. 71.

Key Grouping, Prefix or Abbreviation (in alphabetical order) NEChair NED NEDDiv NFRAccFail

72. 73.

NFRCm NFRMan

74.

NFRWeak

75. 76. 77. 78. 79.

RAS RedAud Remed SecLine Sedg

80. 81.

SMan SManRedFlag

82. 83.

TransTime WBCAllocateInvest

84.

WBCAudFail

85. 86. 87. 88. 89. 90. 91. 92.

WBCBRC WBCBrdCust WBCBrdRep WBCBU WBCComp WBCCultCare WBCCultCollab WBCCultComplete

93. 94. 95. 96. 97. 98.

WBCCultConcept WBCCultLearn WBCCultNFR WBCCultNoChall WBCCultOwn WBCCultPriority

99.

WBCCultRelation

Key Grouping or Meaning Non-executive chairperson Non-executive directors generally Non-executive directors – diversity APRA’s Improvements for Non-financial Risk Accountabilities Not Being Clear, Cascaded and Enforced APRA’s Non-financial Risk Committee APRA’s Non-Financial Risk Management – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks APRA’s Non-Financial Risk Weaknesses – Failings in Non-Financial Risks Risk appetite statement Red audit reports Remediation of risk 2nd line risk management function Retail Banking Remuneration Review Report of 2017 by Stephen Sedgwick Senior management generally Risk management – failure by senior management to escalate problems or ‘red flags’ Transparency and timing of reporting Westpac financial prioritisation – investment allocation decisions Westpac audit committee and board oversight of risk management – reporting from Group Audit Westpac Board Risk Committee Westpac customer complaint reporting to the Board Westpac reporting to the Board Westpac business units – operation of Line 1 Westpac Compensation/Remuneration Committee Westpac culture – caring culture Westpac culture – collaboration Westpac culture – completeness or “maximalism” in approach to work Westpac culture – conceptualising Westpac culture – institutional learning and reflection Westpac culture – non-financial risk Westpac culture – challenge culture/environment failure Westpac culture – personal ownership Westpac culture – prioritising, making decisions and saying “no” Westpac culture – relationships integral to risk matters (continued)

10.1  Bank-Specific Governance Reports and Pronouncements

125

Table 10.1 (continued) Key Grouping, Prefix or Abbreviation (in alphabetical No. order) 100. WBCCultTopClear 101. WBCCustRedFlag 102. WBCETRISKCO 103. WBCExecTeam 104. WBCFailAllocateInvest 105. WBCFailInvest 106. WBCFinPriority 107. 108. 109. 110. 111. 112. 113. 114. 115. 116. 117. 118. 119. 120. 121. 122. 123. 124. 125. 126. 127. 128. 129. 130. 131. 132. 133. 134. 135. 136.

WBCIssueMan WBCNonRem WBCProjectDel WBCRiskMan and WBCSecLine WBCWhistleRedFlag 220BrdRisk 220BusPlan 220HeadRisk 220Pol&Proc 220RAS 220RMF 220RMS 220SecLine 510AudCom 510BRC 510Brd 510BrdReview 510Compose 510Head 510Indep 510NED 510RemPol 511BrdRole 511CC 511Defer&Claw 511OtherReq 511RemDesign 511RemFrame 511RemOuts 511SpecRoleCat

Key Grouping or Meaning Westpac culture – vision, values and strategy at top are clear Westpac customer complaints Westpac oversight of Executive Team – oversight of group-wide risk through RISKCO Westpac oversight of Executive Team Westpac financial prioritisation – investment allocation decisions – Enterprise Investment Pool (EIP) Westpac financial prioritisation Westpac financial prioritisation – financial prioritisation over risk Westpac issue and incident management Westpac non-remuneration consequence management Westpac financial prioritisation – project delivery Westpac Risk Management and Compliance – Second Line Risk Management Function Westpac Issues Identified by Whistleblowers APRA Board Oversight of Risk Management APRA Business Plan APRA Head of Group Oversight of Risk Management APRA Policies and Procedures APRA Risk Appetite Statement APRA Risk Management Framework APRA Risk Management Strategy APRA 2nd Line Risk Management Function APRA Audit Committee APRA Board Risk Committee APRA Board of an APRA-regulated Institution APRA Review of the Board APRA Board Composition Requirements APRA Head of a Group APRA Independent Director APRA Non-Executive Director APRA Remuneration Policy APRA Role of the Board in the Remuneration Framework APRA Compensation/Remuneration Committee APRA Deferral and Clawback of Variable Remuneration APRA Other Requirements APRA Design of Variable Remuneration APRA Remuneration Framework of APRA-regulated Entity APRA Variable Remuneration Outcomes APRA Special Role Categories (continued)

126

10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Table 10.1 (continued) Key Grouping, Prefix or Abbreviation (in alphabetical No. order) 137. 520FitProp 138. 520FitPropInfo 139. 140. 141. 142. 143. 144. 145. 146. 147. 148. 149. 150. 151. 152.

520FitPropWhistle 2019ASICBRC 2019ASICInfo 2019ASICRAS 2019ASXAudCom 2019ASXBRC 2019ASXBrd 2019ASXCC 2019ASXCD 2019ASXDiversity 2019ASXNED 2019ASXNomGov 2019ASXRights 2020WBC

153. 2020WBCCultNFR 154. 2020WBCLine1 155. 156. 157. 158. 159.

2020WBCNFR 2020WBCPillar1 2020WBCPillar2 2020WBCPillar3 2020WBCSecLine

Key Grouping or Meaning APRA Fit and Proper Persons APRA Fit and Proper Information to be Provided to APRA APRA Fit and Proper Persons Whistleblowing ASIC Board RiskCommittee ASIC Information Flows ASIC Risk Appetite Statement ASX Audit Committee ASX Board Risk Committee ASX Board of Directors ASX Compensation/Remuneration Committee ASX Continuous Disclosure ASX Diversity Policy ASX Non-executive Directors ASX Nomination and Governance Committee ASX Rights for Security Holders Westpac Reassessment of the Culture, Governance and Accountability Remediation Plan Westpac Reassessment Culture for Non-Financial Risk Westpac Reassessment Business Units – Operation of Line 1 Westpac Reassessment Oversight of Non-Financial Risk Westpac Reassessment CORE Program Pillar 1 Westpac Reassessment CORE Program Pillar 2 Westpac Reassessment CORE Program Pillar 3 Westpac Reassessment 2nd Line Risk Management Function

Table 10.1 above sets out the key prefixes or abbreviations (prefix or abbreviation in alphabetical order) forming the ‘Key Groupings’ in the Stage 2 bank-­ specific Model.

10.2 The Key Code – The Bank Combined Coverage and Relational Proximity Table 10.2 Displays the Target or Hypothesised Coverage and Relational Proximity Rating Existing Stage 1 and new Stage 2 bank-specific governance variables are named and abbreviated in Table  10.2 below. For analysis throughout the Key Code and Advanced Handbook, the ‘coverage’ and ‘relational proximity rating’ or ‘rprox’ of each governance variable is brought forward from Parts 4–6.

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity…

127

Target or Hypothesised Coverage and Relational Proximity Rating As noted in Sect. 1.1, the Stage 2 Key Code for Australian major banks itself is in this Table 10.2. This is the Bank Combined Coverage and Relational Proximity Table which gives a description of each governance variable with the results for the target or hypothesised ‘coverage’ and ‘relational proximity rating’ of those variables. The target or hypothesised coverage and relational proximity rating of each Stage 2 bank-specific governance variable is based on the coverage/rating of one of the above seven (7) Key/Core governance variables from the original thirtynine (39) variables of Stage 1. Thus, the target or hypothesised coverage/rating of each bank-specific governance variable is fixed in this Table  10.2 and does not change. Actual Coverage and Relational Proximity Rating Section 4.7 of Chap. 4 introduced how to undertake a governance ‘mapping’ or review of a major bank to determine the existence of a governance variable in the bank and then verify if it is performing or behaving as predicted or contemplated by the Model. This is determined in four steps undertaken by the user using Table  10.2 and making enquiries: Step 1 – build the existing map of the bank Step 2 – compare the existing bank map to the list of Stage 2 variables Step 3 – add variables that are missing Step 4 – check examination and evaluation points The description of each governance variable introduced in Table 10.2 gives an actual description of the enquiry step required at the ‘nuts and bolts’ bank level. Key Grouping The Key Groupings, prefixes or abbreviations from Table 10.1 above are displayed within the alphabetical listings of the governance variable abbreviations in Table 10.2. Key/Core Governance Variables Table 10.2 will also display for each Stage 2 bank-specific governance variable the relevant Stage 1 Key/Core governance variable from which it is derived or modelled. Also displayed is whether the direction of the Stage 1 governance variable remains the same, is reversed or is dual-directional.

4.

3.

2.

No 1.

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Governance variable and description and source Stage 2 Variable is Derived or Modelled rprox Banks – Board Oversight of Accountability – Failure “About AccFailAcrossBUs −8/100.00 Accountability for Risks and Issues Across Business Units” – Failure (−) of Clear Lines of Accountability/Responsibility for Outcome – [FailReviewStructCultInfoRisk] (−) Failure of Information Flow – Reduction in Quality of Risk variable based on Management and Internal Monitoring and Decision-making [TransTimeMon] (+) (APRA) in the negative direction Banks – Board Oversight of Accountability – Complexity Excuse – AccFailComplexExc −8/100.00 Failure of Accountability for “Risks Spanning Multiple Business (−) Units” – Failure of Clear Lines of Accountability/Responsibility for [FailReviewStructCultInfoRisk] (−) Outcome – Failure of Information Flow – Reduction in Quality of variable based on Risk Management and Internal Monitoring and Decision-making [TransTimeMon] (+) (APRA) in the negative direction Banks – Board Oversight of Accountability – Failure of “Consensus AccFailECmNatureScope −8/100.00 and Clear Vision of Accountability at the Executive Committee (−) Level”…“Regarding the Nature and Scope of Group Executive [FailReviewStructCultInfoRisk] (−) Accountability” – Failure of Clear Lines of Accountability/ variable based on Responsibility for Outcome – Failure of Information Flow – [TransTimeMon] (+) Reduction in Quality of Risk Management and Internal Monitoring in the negative direction and Decision-making (APRA) Banks – Board Oversight of Accountability – Failure of “End-ToAccFailEndToEndAssure −8/100.00 End Assurance” – Failure of Clear Lines of Accountability/ (−) Responsibility for Outcome – Failure of Information Flow – [FailReviewStructCultInfoRisk] (−) Reduction in Quality of Risk Management and Internal Monitoring variable based on and Decision-making [TransTimeMon] (+) (APRA) in the negative direction

Table 10.2  Key Code – Bank Combined Coverage and Relational Proximity Table

Stage 2 45.15

Stage 2 45.15

Stage 2 45.15

Section Ref. (Relational Effect Path in bold) Stage 2 45.15

128 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

9.

8.

7.

6.

5.

Banks – Board Oversight of Accountability – “Unclear End-To-End Ownership and Governance” – Failure of Clear Lines of Accountability/Responsibility for Outcome – Failure of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (APRA) Banks – Board Oversight of Accountability – Attribution to Second Line of First Line Emerging Risk – Failure of First Line to Own Risk Emerging from Business Unit – Failure of Clear Lines of Accountability/Responsibility for Outcome – Failure of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (APRA) Banks – Board Oversight of Accountability – Failure of “Awareness of the Roles and Responsibilities of Line 1 and Line 2” – Failure of Clear Lines of Accountability/Responsibility for Outcome – Failure of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (APRA) Banks – Board Oversight of Accountability – Failure of Adverse Risk or Compliance Outcome with Line 1 – Failure of Clear Lines of Accountability/Responsibility for Outcome – Failure of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (APRA) Banks – Board Oversight of Accountability – Failure of Oversight and Challenge of Line 1 by Line 2 – Failure of Clear Lines of Accountability/Responsibility for Outcome – Failure of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (APRA) AccFailL1&L2Roles&Resps (−) [FailReviewStructCultInfoRisk] (−) variable based on [TransTimeMon] (+) in the negative direction AccFailLine1RiskComplyOutcome (−) [FailReviewStructCultInfoRisk] (−) variable based on [TransTimeMon] (+) in the negative direction AccFailLine2RiskComplyOutcome (−) [FailReviewStructCultInfoRisk] (−) variable based on [TransTimeMon] (+) in negative direction

AccFailEndToEndOwn (−) [FailReviewStructCultInfoRisk] (−) variable based on [TransTimeMon] (+) in the negative direction AccFailFirstLineOwnEmergeRisk (−) [FailReviewStructCultInfoRisk] (−) variable based on [TransTimeMon] (+) in the negative direction Stage 2 45.15

Stage 2 45.15

Stage 2 45.15

Stage 2 45.15

−8/100.00

−8/100.00

−8/100.00

−8/100.00

(continued)

Stage 2 45.15

−8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 129

13.

12.

11.

Governance variable and description and source

Banks – Board Oversight of Accountability – Failure by ‘OverConsulting’ due to Unclear Ownership for Decision-Making Rights – Failure of Clear Lines of Accountability/Responsibility for Outcome – Failure of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (APRA) Banks – Board Oversight of Accountability – Failure of Clear Ownership of Risk System – Failure of Investment/Upgrade in Risk System – Failure of Clear Lines of Accountability/Responsibility for Outcome – Failure of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (APRA) Banks – Board Oversight of Accountability – Failure of Clear Ownership of Risk System – Failure of Management Oversight of Integrity of Risk System – Failure of Clear Lines of Accountability/ Responsibility for Outcome – Failure of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (APRA) Banks – Board Oversight of Accountability – Failure of Senior Executive Accountability where “Unclear Roles and Responsibilities at Lower Levels” or where “Specific Individuals Responsible for Specific Tasks” – Failure of Clear Lines of Accountability/ Responsibility for Outcome – Failure of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (APRA)

No

10.

Table 10.2 (continued)

AccFailSeniorRoles&Resps (−) [FailReviewStructCultInfoRisk] (−) variable based on [TransTimeMon] (+) in the negative direction

AccFailOverConsult (−) [FailReviewStructCultInfoRisk] (−) variable based on [TransTimeMon] (+) in the negative direction AccFailRiskSystOwnInvest (−) [FailReviewStructCultInfoRisk] (−) variable based on [TransTimeMon] (+) in the negative direction AccFailRiskSystOwnOSight (−) [FailReviewStructCultInfoRisk] (−) variable based on [TransTimeMon] (+) in the negative direction

Stage 2 45.15

Stage 2 45.15

Stage 2 45.15

Stage 2 45.15

−8/100.00

−8/100.00

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

130 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

18.

17.

16.

15.

14.

Banks – APRACult – Lack of Clear View of Risk Culture – Failure to “Articulate a Target Culture” – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA Information Paper 2019) Banks – APRACult – Lack of Clear View of Risk Culture – Failure of Board “to Form a View of the Risk Culture in the Organisation” – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA Information Paper 2019) Banks – APRACult – Overlooking Behaviours for Mechanisms – “Failure to Use Indicators of Cultural Problems” – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA Information Paper 2019) Banks – APRACult – Measurement and Analysis of Culture – Failure to “Link Risk Culture Outcomes to Stated Risk Appetite” – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA Information Paper 2019) Banks – APRACult – Measurement and Analysis of Culture – Failure of “Regularity of Reporting to the Board on Risk Culture Issues” – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA Information Paper 2019) APRACult FailRegularBrdReport (−) [TransTimeMon] (+) in the negative direction

APRACult FailIndicators (−) [TransTimeMon] (+) in the negative direction APRACult FailLinkRiskCultToRiskApp (−) [TransTimeMon] (+) in the negative direction

APRACult FailArticulateTargetCult (−) [TransTimeMon] (+) in the negative direction APRACult FailBrdViewRiskCult (−) [TransTimeMon] (+) in the negative direction Stage 2 32.1

Stage 2 32.1

Stage 2 32.1

Stage 2 32.1

−8/100.00

−8/100.00

−8/100.00

−8/100.00

(continued)

Stage 2 32.1

−8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 131

22.

21.

20.

Governance variable and description and source

Banks – APRACult – Overlooking Behaviours for Mechanisms – “Actions…Focussed Primarily on Addressing Processes and Systems [rather than] Culture and Behaviours” – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA Information Paper 2019) Banks – APRACult – Overlooking Behaviours for Mechanisms – Identification of Operational, Regulatory and Organisational Structure “Complexity as a Limit to Improving Risk Culture” – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA Information Paper 2019) Banks – APRACult – Measurement and Analysis of Culture – “Rel[iance] on Surveys as Single Source to Support Self-Assessment Findings on Culture” – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA Information Paper 2019) Audit Committee – Accounting Expertise – Earnings Manipulation Reduction Effect (Stage 1)

No

19.

Table 10.2 (continued)

AudAccEarn (+)

APRACult SurveySingleSource (−) [TransTimeMon] (+) in the negative direction

APRACult OpRegOrgComplexLimits (−) [TransTimeMon] (+) in the negative direction

APRACult FocusProcSystems (−) [TransTimeMon] (+) in the negative direction

Stage 2 32.1

−8/100.00

Stage 1 9.2.1.1.1 9.2.1.1.2 Stage 2 36.1

Stage 2 32.1

−8/100.00

+6/75.00

Stage 2 32.1

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

132 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Banks – Audit Committee – Approving Appointment, Remuneration and Dismissal of External Auditors – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (BCBS) Banks – Audit Committee – Reviewing and Approving the Audit Scope and Frequency – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decisionmaking – Enhancement in Quality of Accountability and Lines of Responsibility (BCBS) Banks – Audit Committee – Ensuring That Senior Management Is Taking Necessary Corrective Actions in a Timely Manner to Address Non-Compliance with Policies, Laws and Regulations, And Other Problems Identified by Auditors and Other Control Function – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (BCBS)

24.

26.

25.

Audit Committee – Presence, Operation and Frequency (Stage 1)

23.

AudCom AppRemDismissExtAud (+) [AudCom] (+) with additional Responsibility Factor No 8 AudCom AudScope&Freq (+) [AudCom] (+) with additional Responsibility Factor No 8 AudCom CorrActionNonComply (+) [AudCom] (+) with additional Responsibility Factor No 8

AudCom (+)

+7/87.50

+7/87.50

+7/87.50

+6/75.00

(continued)

Stage 2 36.1

Stage 2 36.1

Stage 1 5.2.2.2 8.4.2 8.4.3.1 Stage 2 1.1 4.5 5 10 36.1 Stage 2 36.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 133

Banks – Audit Committee – Receiving Key Audit Reports – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (BCBS)

27.

30.

29.

28.

Governance variable and description and source

Banks – Audit Committee – Ensuring That Senior Management Is Taking Necessary Corrective Actions in a Timely Manner to Address Control Weaknesses, Identified by Auditors and Other Control Function – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (BCBS) Banks – Audit Committee – Reviewing the Design and Effectiveness of the Overall Risk Governance Framework and Internal Control System – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (BCBS) Banks – Audit Committee – Failure of Oversight to Close Audit Issues with Urgency – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA)

No

Table 10.2 (continued)

AudCom IssueClose (−) [TransTimeMon] (+) in the negative direction AudCom KeyAudRep (+) [AudCom] (+) with additional Responsibility Factor No 8

AudCom DesignEffectRisk&IntCont (+) [AudCom] (+) with additional Responsibility Factor No 8

AudCom CorrActionWeakness (+) [AudCom] (+) with additional Responsibility Factor No 8

Stage 2 36.1

Stage 2 45.10

−8/100.00

+7/87.50

Stage 2 36.1

Stage 2 36.1

Section Ref. (Relational Effect Path in bold)

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

134 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

35.

34.

33.

32.

31.

Banks – Audit Committee – Failure of Oversight with 25% of Open Audit Issues Rated ‘Very High’ or ‘High’ – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Audit Committee – Overseeing the Establishment of Accounting Policies and Practices by the Bank – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (BCBS) Banks – Audit Committee – Overseeing the Financial Reporting Process – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (BCBS) Banks – Audit Committee – Providing Oversight of and Interacting with the Bank’s Internal and External Auditors – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (BCBS) Banks – Audit Committee – Framing Policy on Internal Audit and Financial Reporting – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decisionmaking – Enhancement in Quality of Accountability and Lines of Responsibility (BCBS)

AudCom OpenHighRating25% (−) [TransTimeMon] (+) in the negative direction AudCom OseeAccPolicy&Pract (+) [AudCom] (+) with additional Responsibility Factor No 8 AudCom OseeFinRep (+) [AudCom] (+) with additional Responsibility Factor No 8 AudCom OseeIntAudExtAud (+) [AudCom] (+) with additional Responsibility Factor No 8 AudCom PolicyIntAudFinRep (+) [AudCom] (+) with additional Responsibility Factor No 8 +7/87.50

+7/87.50

+7/87.50

+7/87.50

−8/100.00

(continued)

Stage 2 36.1

Stage 2 36.1

Stage 2 36.1

Stage 2 36.1

Stage 2 45.10

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 135

Audit Committee – Financial Expertise (Accounting) (Stage 1)

Banks – Audit Committee and Board Oversight of Risk Management – Audit Committee Failure of Metrics for Closure Status of Issues – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (APRA) Audit Committee – Non-Accounting Expertise – ‘Free Rider’ Effect (Stage 1)

36.

38.

39.

40.

37.

Governance variable and description and source

Banks – Audit Committee – Review Control Environment of Business Units (Annually) – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Audit Committee – Failure to Track and Monitor Audit Issues Systematically – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA)

No

Table 10.2 (continued)

AudFree (−)

AudFailMetricsIssueStatus (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

AudCom Track&MonIssue (−) [TransTimeMon] (+) in the negative direction AudExpAcc (+)

AudCom ReviewControls (+) [TransTimeMon] (+)

−6/75.00

−8/100.00

Stage 1 9.2.1.1.2 Stage 2 36.1

Stage 1 8.4.4 Stage 2 36.1 Stage 2 36.2

Stage 2 45.10

−8/100.00

+6/75.00

Stage 2 45.10

Section Ref. (Relational Effect Path in bold)

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

136 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Audit Committee – Independence in Combination with Frequency of Meeting – Reduction in Earnings Manipulation Effect (Stage 1)

Audit Committee – Independence – Information Flow and Decision Quality ‘Trade-off’ (Stage 1)

Audit Committee – Independence – Monitoring Effect (Stage 1)

41.

42.

43.

AudIndMon (+)

AudIndInfo (−)

AudIndFreq (+)

+7/87.50

−4/50.00

+7/87.50

(continued)

Stage 1 6.2.3.1.2 9.2.1 Stage 2 33.5 36.1 Stage 1 6.2.3.1.2 8.4.3 Stage 2 26.1 28.9 29.1 33.5 36.1 Stage 1 5.2.2.2 6.2.3.1.2 6.2.3.1.4 8.4.3 Stage 2 11.2 26.1 28.9 29.1 33.5 36.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 137

Banks – Board of Directors – CEO is Sole Executive Board Member – Information Flow and Decision Quality ‘Trade-off’ (Walker Review 2009) Banks – Board and Committee – Gaps in Communication of Board and Committees – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA)

44.

46.

47.

45.

Governance variable and description and source

Banks – Audit Committee and Board Oversight of Risk Management – Audit Committee Reliance on Chair – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (APRA) Audit Committee – Short Term Options Granted to Outside Directors – Reduction in Monitoring Effect (Stage 1)

No

Table 10.2 (continued)

BankBrdCEOSoleInfo (−) [BrdIndInfo] (−) BankBrdCmCommsGap (−) [BrdSkills] (+) in the negative direction

AudShortOpts (−)

AudRelyOnChair (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

Stage 1 5.2.2.1 5.2.3.2.1 6.2.3.1.4 10.2.5.1 Stage 2 11.2 12.20 36.1 Stage 2 35.1 Stage 2 24.8

−7/87.50

−7/87.50

−4/50.00

Stage 2 36.2

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

138 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

53.

52.

51.

50.

49.

48.

Banks – Board and Committee – Over-confidence in Board and Committees and Lack of Genuine Benchmarking – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA) Banks – Board and Committee – Insufficient Rigour and Urgency by Board and Committees – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA) Banks – Board and Committee – Immature Oversight of Risk Function – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA) Banks – Board and Committee – Over-reliance on Authority of Key Individuals – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA) Banks – Board and Committee – Lack of Candour from Management to Board and Committees – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA) Banks – Board and Committee – Gaps in Reporting and Metrics – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA) BankBrdCmReportMetricGaps (−) [BrdSkills] (+) in the negative direction

BankBrdCmLackCandour (−) [BrdSkills] (+) in the negative direction

BankBrdCmKeyIndiv (−) [BrdSkills] (+) in the negative direction

BankBrdCmImmatureRisk (−) [BrdSkills] (+) in the negative direction

BankBrdCmFailRigUrge (−) [BrdSkills] (+) in the negative direction

BankBrdCmConfid&Bench (−) [BrdSkills] (+) in the negative direction Stage 2 24.8

Stage 2 24.8

Stage 2 24.8

Stage 2 24.8

Stage 2 24.8

−7/87.50

−7/87.50

−7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 24.8

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 139

Governance variable and description and source

Banks – Board of Directors – Board Review with External Experts (Every 2 or 3 Years) – Enhancement of Monitoring Effect (Walker Review 2009, OECD 2010 Conclusions and Practices, BCBS Guidelines 2015 and EC Second Green Paper 2011)

Banks – Board Size and Information and Task ‘Overload’ (Pirson and Turnbull)

Banks – Board of Directors – Annual Review – Enhancement of Monitoring Effect (Walker Review 2009, OECD 2010 Conclusions and Practices, BCBS Guidelines 2015 and EC Second Green Paper 2011)

Banks – Level of Interconnectedness of Banks (High) – Effects of Risk-taking (Mülbert)

Banks – Level of Owner-Control (High) – Effects of Risk-Taking (Gropp and Köhler)

No

54.

55.

56.

57.

58.

Table 10.2 (continued)

BankBrdExtRev (+) [BrdReview] (+) variable which is a ‘strong-form’ of the [BrdIndMon] (+) variable BankBrdInfoTask (+/−) [BrdCmSize] (+/−) BankBrdReview (+) [BrdReview] (+) variable which is a ‘strong-form’ of the [BrdIndMon] (+) variable BankConnect (−) BankHighLevRisk] (−) variable which is identical to the [BrdSkills] (+) variable except in the negative direction. BankControlRisk (−) [BankHighLevRisk] (−) variable which is identical to the [BrdSkills] (+) variable except in the negative direction.

Stage 2 7.2 7.7 28.4 Stage 2 28.7 28.9

−7/87.50

−7/87.50

+7/87.50

Stage 2 23.3 29.1 Stage 2 35.3

Stage 2 35.3

Section Ref. (Relational Effect Path in bold)

+/−6/75.00

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

140 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Banks – Maturity Transformation of Bank Debt – Effects of Risk-taking (Mülbert)

Banks – Deposit Insurance – Effects of Risk-Taking – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure

Banks – Board of Directors – Director Evaluation Statement of Skills and Experience (Annual) – Enhancement of Monitoring and Review Effect (Walker Review 2009)

Banks – Board of Directors – Director Evaluation Statement of Skills and Experience (Annual) – Communication with Major Shareholders – Enhancement of Monitoring and Review Effect (Walker Review 2009)

Banks – Remediation Issues – Failure to Identify Appropriate Remediation Actions – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA)

59.

60.

61.

62.

63.

BankDirEvalState (+) [BrdReview] (+) variable which is a ‘strong-form’ of the [BrdIndMon] (+) variable BankDirEvalStateMajor* (+) (interim variable*) [BrdReview] (+) variable which is a ‘strong-form’ of the [BrdIndMon] (+) variable BankFailRemedIDActions (−) [TransTimeMon] (+) in the negative direction

Stage 2 45.10

−8/100.00

(continued)

Stage 2 35.5

Stage 2 7.3 7.7 11.3 11.7 11.8 11.9 16.5 Stage 2 35.4 35.5

Stage 2 7.2 7.7 28.3

+7/87.50

+7/87.50

BankDebtTransRisk −7/87.50 (−) [BankHighLevRisk] (−) variable which is identical to the [BrdSkills] (+) variable except in the negative direction. BankDepInsure −7/87.50 (−) [BrdIndMon] (+) variable and the [BrdSkills] (+) variable except in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 141

Banks – Level of Bank Governance (High) – Effects of Risk-Taking on Firm Performance (Non-Crisis Periods) (Vähämaa and Vähämaa) Banks – Level of Bank Governance (High) – Effects of Risk-Taking on Firm Value (Non-Crisis Periods (Vähämaa and Vähämaa) Banks – ‘Hidden Leverage’ in Financial Statements and OffBalance-Sheet Entities – Reduction in Risk Management, Monitoring and Decision Quality (Sahlman)

64.

66.

68.

67.

65.

Governance variable and description and source

Banks – Remediation Issues – Failure to Carry-Out Remediation Actions in Timely and Rigourous Manner – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Government Bailout – Effects of Risk-Taking – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure

No

Table 10.2 (continued)

BankGovPerform (+) [BrdSkills] (+) BankGovValue (+) [BrdSkills] (+) BankHiddenLev (−) [BrdSkills] (+) in the negative direction

BankGovBail (−) [BrdIndMon] (+) variable and the [BrdSkills] (+) variable except in the negative direction

BankFailRemedTimeRigour (−) [TransTimeMon] (+) in the negative direction

Stage 2 7.3 7.7 11.3 11.7 11.8 11.9 16.5 Stage 2 28.8

−7/87.50

Stage 2 28.8 Stage 2 27.3 45.2

+7/87.50

−7/87.50

+7/87.50

Stage 2 45.10

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

142 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

73.

72.

71.

BankInstitRisk* (−) (interim variable*) [BankHighLevRisk] (−) variable and [BankControlRisk] (−) variable identical to the [BrdSkills] (+) variable except in the negative direction Banks – Continuous Liquidity Requirement – Effects of Risk-taking BankLiqRisk (Mülbert) (−) [BankHighLevRisk] (−) variable identical to the [BrdSkills] (+) variable except in the negative direction. Banks – Limited Liability – Effects of Risk-Taking – Risk-Taking in BankLtdLiab Excess of Risk Appetite – Likelihood of Bank Failure (−) [BrdIndMon] (+) variable and the [BrdSkills] (+) variable except in the negative direction Banks – Development Programs for Non-Executive Directors – BankNEDDevelopProg Enhancement of Monitoring Effect (+) (Walker Review 2009 and OECD) [BrdIndMon] (+)

Banks – Level of Institutional Ownership (High) – Effects of Risk-Taking (Erkens, Hung and Matos)

70.

BankHighLevRisk (−) [BrdSkills] (+) in the negative direction

Banks – Level of Leverage (High) – Effects of Risk-Taking (Mülbert)

69.

Stage 2 11.4 11.8

−7/87.50

+7/87.50

(continued)

Stage 2 23.4 26.5 29.1 33.6

Stage 2 7.2 7.7 28.3

−7/87.50

−7/87.50

Stage 2 7.2 7.7 28.2 28.3 28.4 28.5 28.6 28.7 28.9 Stage 2 28.9

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 143

Banks – Challenging and Testing Risk by Non-Executive Directors – BankNEDTestRisk Enhancement of Monitoring Effect (+) [BrdIndMon] (+)

79.

78.

77.

BankNEDMentor (+) [BrdIndMon] (+) BankNEDSID (+) [BrdIndMon] (+) BankNEDSupport (+) [BrdIndMon] (+)

Banks – Mentoring of Non-Executive Directors by Senior Executives – Enhancement of Monitoring Effect (Walker Review 2009) Banks – Non-Executive Directors – Senior Independent Director – Enhancement of Monitoring Effect (Walker Review 2009) Banks – ‘Dedicated Support’ for Non-Executive Directors for Information and Advice in Addition to the Normal Board Process – Enhancement of Monitoring Effect (Walker Review 2009 and OECD)

76.

BankNEDInduct (+) [BrdIndMon] (+)

Banks – Induction of Non-Executive Directors – Enhancement of Monitoring Effect (Walker Review 2009 and OECD)

75.

Governance variable and description and source

Banks – Development Programs for Financial Industry Awareness of BankNEDFinAwareProg Non-Executive Directors on Risk Strategy and Management – (+) Enhancement of Monitoring Effect [BrdIndMon] (+) (Walker Review 2009 and OECD)

74.

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

No

Table 10.2 (continued)

Stage 2 23.4 26.5 29.1 33.6 Stage 2 24.2 29.1

Stage 2 33.7

Stage 2 23.4 26.5 29.1 33.6 Stage 2 23.4 26.5 29.1 33.6 Stage 2 33.6

Section Ref. (Relational Effect Path in bold)

144 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Banks – Non-Executive Directors – Additional Time (in General) Spent in Review – Enhancement of Monitoring Effect

Banks – Training of Non-Executive Directors – Enhancement of Monitoring Effect (Walker Review 2009 and Walker Review 2009 and OECD)

Banks – Regulatory, Prudential and Supervisory Regime

Banks – Risk Management System – Failure of System Features for Resolving Issues – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Short-term Profit Results and Reporting – Effects of Risk-taking – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure

Banks – Increases in Bank Size – Effects of Risk-Taking

81.

82.

83.

84.

86.

85.

Banks – Challenging and Testing Strategy by Non-Executive Directors – Enhancement of Monitoring Effect

80.

BankPrudReg (+) [NationGov*] (+) BankRiskManSyst (−) [TransTimeMon] (+) in the negative direction BankShortProfit (−) [BrdIndMon] (+) and [BrdSkills] (+) except in the negative direction BankSizeRisk (−) [BankHighLevRisk] (−) which is identical to [BrdSkills] (+) except in the negative direction

BankNEDTestStrat (+) [BrdIndMon] (+) BankNEDTime (+) [BrdIndMon] (+) BankNEDTrain (+) [BrdIndMon] (+)

(continued)

Stage 2 11.5 11.9 42.9 Stage 2 28.6

−7/87.50

−7/87.50

Stage 2 45.10

Stage 2 23.4 26.5 29.1 33.6 Stage 2 7.7

Stage 2 24.1 29.1 Stage 2 23.5

−8/100.00

+8/100.00

+7/87.50

+7/87.50

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 145

BankSystRisk (−) [BankHighLevRisk] (−) which is identical to [BrdSkills] (+) except in the negative direction Banks – BEAR – Board and Senior Executive Oversight of BEARAccADISec37CA Accountability – Accountability Obligations of ADI to Ensure (+) Accountable Persons Meets Their Accountability Obligations under [TransTimeMon] (+) or [BrdSkills] (+) Section 37CA – Enhancement of Risk Management and Decisionwith an additional overriding making and Reporting – Enhancement of Delineation and Disclosure requirement of Compliance Factor No 2 of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of BEARAccDealAPRA Accountability – Accountability Obligations of Accountable Persons (+) to Deal with APRA in an Open, Constructive and Cooperative [TransTimeMon] (+) or [BrdSkills] (+) Way – Enhancement of Risk Management and Decision-making and with an additional overriding Reporting – Enhancement of Delineation and Disclosure of Powers, requirement of Compliance Factor No 2 Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of BEARAccHon&Integ Accountability – Accountability Obligations of Accountable Persons (+) to Act with Honestly and Integrity – Enhancement of Risk [TransTimeMon] (+) or [BrdSkills] (+) Management and Decision-making and Reporting – Enhancement of with an additional overriding Delineation and Disclosure of Powers, Duties and Lines of requirement of Compliance Factor No 2 Responsibility and Decision-making (BEAR)

90.

89.

88.

Governance variable and description and source

Banks – Level of Systemic Risk (High) – Effects of Risk-taking

87.

+8/100.00

+8/100.00

+8/100.00

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

No

Table 10.2 (continued)

Stage 2 20.2.1

Stage 2 20.2.1

Stage 2 7.3 7.4 7.7 28.5 Stage 2 20.2.1

Section Ref. (Relational Effect Path in bold)

146 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

94.

93.

92.

91.

Banks – BEAR – Board and Senior Executive Oversight of Accountability – Accountability Obligations (Generally) of Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Accountability Obligations of Accountable Persons to Prevent Events Harming the ADI’s Prudential Standing or Reputation – Enhancement of Risk Management and Decisionmaking and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Accountability Obligations of ADI and Accountable Persons for Reasonable Steps under Section 37CB – Appropriate Governance, Control and Risk Management in relation to a Matter – Enhancement of Risk Management and Decisionmaking and Reporting –- Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Accountability Obligations of ADI and Accountable Persons for Reasonable Steps under Section 37CB –Appropriate Procedures for Identifying and Remediating Problems – Enhancement of Risk Management and Decision-making and Reporting –- Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) BEARAccReasIDRemedyProb (+) [TransTimeMon] (+) or [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARAccReasGovContMan (+) [TransTimeMon] (+) or [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARAccPrudStand (+) [TransTimeMon] (+) or [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARAccOblige (+) [TransTimeMon] (+) or [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

+8/100.00

+8/100.00

+8/100.00

+8/100.00

(continued)

Stage 2 20.2.2

Stage 2 20.2.2

Stage 2 20.2.1

Stage 2 20.2.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 147

95.

97.

96.

Governance variable and description and source

Banks – BEAR – Board and Senior Executive Oversight of Accountability – Accountability Obligations of ADI and Accountable Persons for Reasonable Steps under Section 37CB – Safeguards Against Inappropriate Delegations of Responsibility – Enhancement of Risk Management and Decision-making and Reporting –- Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Accountability Obligations of ADI and Accountable Persons for Reasonable Steps under Section 37CB – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Accountability Obligations of Accountable Persons to Act with Due Skill, Care and Diligence – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR)

No

Table 10.2 (continued)

BEARAccSkillCareDilig (+) [TransTimeMon] (+) or [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARAccReasStepSec37CB (+) [TransTimeMon] (+) or [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARAccReasSafeDeleg (+) [TransTimeMon] (+) or [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

+8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 20.2.1

Stage 2 20.2.2

Stage 2 20.2.2

Section Ref. (Relational Effect Path in bold)

148 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

102.

101.

100.

99.

98.

Banks – BEAR – Board and Senior Executive Oversight of Accountability – Reduction of Person's Variable Remuneration by Amount Proportionate to the Failure to Comply with Accountability Obligations – Enhancement of Level of Risk-Taking in Alignment with Shareholders (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability –- Defer Amount of a Portion of Variable Remuneration under Section 37EB – Enhancement of Level of Risk-Taking in Alignment with Shareholders (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability –- Period of Deferral of a Portion of Variable Remuneration under Section 37EC – Enhancement of Level of Risk-Taking in Alignment with Shareholders (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability –- Defer Payment of a Portion of Variable Remuneration for a Period (Generally) – Enhancement of Level of Risk-Taking in Alignment with Shareholders (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Breach by ADI of Obligation Not to allow a Disqualified Person to Act as an Accountable Person – Reduction in Risk Management and Decision-making and Reporting – Reduction in Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) BEARDisqualPerson37JC (−) [TransTimeMon] (+) but in the negative direction. Alternatively, it is based on [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2 again in the negative direction

−8/100.00

BEARDeferVarRemPortion +7/87.50 (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

BEARDeferVarRemPeriod37EC +7/87.50 (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

BEARDeferVarRemAmount37EB +7/87.50 (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

BEARDeferReduceVarRemFail +7/87.50 (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

(continued)

Stage 2 20.8.3

Stage 2 20.4.1

Stage 2 20.4.1

Stage 2 20.4.1

Stage 2 20.4.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 149

103.

105.

104.

Governance variable and description and source

Banks – BEAR – Board and Senior Executive Oversight of Accountability – Identification of Accountable Persons (Generally) – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Identification of Senior Executives Responsible for Allocating Responsibilities to Accountable Persons and Reporting Directly to the Board as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Identification of Senior Executives Responsible for Management of Anti-money Laundering Function as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR)

No

Table 10.2 (continued)

BEARIDAccPersonAML (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARIDAccPerson (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2 BEARIDAccPersonAllocate (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

+8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 20.1.3

Stage 2 20.1.3

Stage 2 20.1.3

Section Ref. (Relational Effect Path in bold)

150 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

109.

108.

107.

106.

Banks – BEAR – Board and Senior Executive Oversight of Accountability – Identification of Senior Executives Responsible for Managing All Business Activities as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Identification of Senior Executives Responsible for Management of Compliance Function as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Identification of Directors on the Board as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Identification of Senior Executives Responsible for Managing Financial Resources as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) BEARIDAccPersonFinRes (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARIDAccPersonDir (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARIDAccPersonComply (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARIDAccPersonBusinessActivities (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

+8/100.00

+8/100.00

+8/100.00

+8/100.00

(continued)

Stage 2 20.1.3

Stage 2 20.1.3

Stage 2 20.1.3

Stage 2 20.1.3

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 151

110.

112.

111.

Governance variable and description and source

Banks – BEAR – Board and Senior Executive Oversight of Accountability – Identification of Senior Executives Responsible for Management of Human Resources Function as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Identification of Senior Executives Responsible for Information Management including Information Technology Systems as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Identification of Senior Executives Responsible for Management of Internal Audit Function as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR)

No

Table 10.2 (continued)

BEARIDAccPersonIntAud (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARIDAccPersonIM&ITS (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARIDAccPersonHR (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

+8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 20.1.3

Stage 2 20.1.3

Stage 2 20.1.3

Section Ref. (Relational Effect Path in bold)

152 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

116.

115.

114.

113.

Banks – BEAR – Board and Senior Executive Oversight of Accountability – Identification of Senior Executive who has Management or Control of an ADI as Accountable Person – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Identification of Senior Executives Responsible for Management of ADI’s Operations as Accountable Persons – Enhancement of Risk Management and Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Identification of Senior Executives Responsible for Overall Risk Controls or Overall Risk Management as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Identification of Senior Executive who has Management or Control of a Significant or Substantial Part of the Operations of the ADI or Group as an Accountable Person – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) BEARIDAccPersonSignifSubst (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARIDAccPersonRiskCont (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARIDAccPersonRiskADIOps (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARIDAccPersonManCont (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

+8/100.00

+8/100.00

+8/100.00

+8/100.00

(continued)

Stage 2 20.1.3

Stage 2 20.1.3

Stage 2 20.1.3

Stage 2 20.1.3

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 153

117.

119.

118.

Governance variable and description and source

Banks – BEAR – Board and Senior Executive Oversight of Accountability – Identification of Senior Executives as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Key Personnel Obligations of ADI under Section 37D (Generally) – Enhancement of Risk Management and Decisionmaking and Reporting –- Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Key Personnel Obligations of ADI under Section 37D – Obligations to Cover All Responsibilities In Section 37BA(2) – Enhancement of Risk Management and Decision-making and Reporting –- Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR)

No

Table 10.2 (continued)

BEARKeyPers37D37BA(2) (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARIDAccPersonSnrExec (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2 BEARKeyPers37D (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2 +8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 20.3.1

Stage 2 20.3.1

Stage 2 20.1.3

Section Ref. (Relational Effect Path in bold)

154 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

123.

122.

121.

120.

Banks – BEAR – Board and Senior Executive Oversight of Accountability – Key Personnel Obligations of ADI under Section 37D – Obligations to Cover All Parts and Aspects of the Operations of the ADI and Group - Enhancement of Risk Management and Decision-making and Reporting –- Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Key Personnel Obligations of ADI under Section 37D – Comply with APRA Directions under Section 37DB – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Key Personnel Obligations of ADI under Section 37D – No Accountable Persons Prohibited under section 37DA – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Notification Obligations of ADI under Section 37F – Accountability Map Under Section 37FB Including Changes – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) BEARNotifyAccMap37FB (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARKeyPers37DNoProhib (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARKeyPers37DComplyAPRA (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARKeyPers37DAllParts (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

+8/100.00

+8/100.00

+8/100.00

+8/100.00

(continued)

Stage 2 20.5

Stage 2 20.3.1

Stage 2 20.3.1

Stage 2 20.3.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 155

124.

126.

125.

Governance variable and description and source

Banks – BEAR – Board and Senior Executive Oversight of Accountability – Notification Obligations of ADI under Section 37F – Accountability Statement Under Section 37FA Including Changes – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Notification Obligations of ADI under Section 37F – Notify APRA of Event Mentioned in Section 37FC Within Period in Subsection 37F(2) – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Notification Obligations of ADI under Section 37F – Notify APRA of Event Mentioned in Section 37FC – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR)

No

Table 10.2 (continued)

BEARNotifyEventType37FC (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARNotifyEventPeriod37F(2) (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

BEARNotifyAccState37FA (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

+8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 20.5

Stage 2 20.5

Stage 2 20.5

Section Ref. (Relational Effect Path in bold)

156 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

132.

131.

130.

129.

128.

127.

Banks – BEAR – Board and Senior Executive Oversight of Accountability – Notification Obligations of ADI under Section 37F – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Notification Obligations of ADI under Section 37F –- Reasonable Steps to Ensure Subsidiary Complies – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Banks – BEAR – Board and Senior Executive Oversight of Accountability – Registration Obligations of ADI under Section 37HA – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (BEAR) Block Shareholding – Other Shareholder Agency Costs (Stage 1) Block Shareholding – Monitoring Effect (Stage 1) Banks – Board Risk Committee – Risk Analysis of Significant Acquisitions for Risk Aspects and Implications (including Risk Appetite and Tolerance) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) BEARRegAccPerson37HA (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2 BlockCosts (−) BlockMon (+) BRCAcquisitionRisk (+) [BrdSkills] (+)

BEARNotifyOblige37F (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2 BEARNotifySubsid (+) [TransTimeMon] (+) Alternatively, identical to [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2

+7/87.50

(continued)

Stage 1 8.5.1–8.5.2 Stage 1 8.5.1–8.5.2 Stage 2 44.7

−6/75.00 +6/75.00

Stage 2 20.7.2

Stage 2 20.5

Stage 2 20.5

+8/100.00

+8/100.00

+8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 157

133.

138.

137.

136.

135.

134.

Governance variable and description and source

Banks – Board Risk Committee – Monitoring of Aggregate Risk Exposures – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Monitoring of Business Continuity Compliance – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Establishment and Monitoring of Capital Strategy – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Monitoring of Credit/Counterparty Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Monitoring of Current Risk Exposures by Type – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Risk Analysis of Significant Disposals for Risk Aspects and Implications (including Risk Appetite and Tolerance) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009)

No

Table 10.2 (continued)

BRCDisposalRisk (+) [BrdSkills] (+)

BRCCurrRiskExpose (+) [BrdSkills] (+)

BRCCredit/Counter (+) [BrdSkills] (+)

BRCCapStrat (+) [BrdSkills] (+)

BRCBusCont (+) [BrdSkills] (+)

BRCAggRiskExpose (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 44.7

Stage 2 43.1

Stage 2 43.2 43.4

Stage 2 43.1 45.2

Stage 2 43.2

Stage 2 43.1

Section Ref. (Relational Effect Path in bold)

158 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

143.

142.

141.

140.

139.

Banks – Board Risk Committee – External Advisers to the Board Risk Committee – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Consideration of Only Aggregate Measures of Untested or Unsatisfactory Controls – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (APRA) Banks – Board Risk Committee – Failure to Challenge Expert Individuals on the BRC – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (APRA) Banks – Board Risk Committee – Failure to Consider Workings of Controls – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (APRA) Banks – Board Risk Committee – Over-reliance on CRO to Determine Risks to be Reported to Directors – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (APRA) BRCFailControls (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction BRCFailCROOverRely (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction

BRCFailChallengeExpert (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction

BRCFailAggMeasures (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction

BRCExtAdvice (+) [BrdSkills] (+) Stage 2 43.5

Stage 2 43.5

Stage 2 43.5

Stage 2 43.5

−8/100.00

−8/100.00

−8/100.00

−8/100.00

(continued)

Stage 2 44.6

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 159

144.

147.

146.

145.

Governance variable and description and source

Banks – Board Risk Committee – Failure to Disclose Issue Escalation Protocols to BRC in Bank Policies – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (APRA) Banks – Board Risk Committee – Failure to Consider Individual Key Risk Indicators – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (APRA) Banks – Board Risk Committee – Failure to Consider Operational Compliance and Non-Financial Risks – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (APRA) Banks – Board Risk Committee – Failure to Consider Reputational Standing from Non-Financial Risks – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (APRA)

No

Table 10.2 (continued)

BRCFailReputRisk (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction

BRCFailIndivRisk (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction BRCFailOpsComplyNon-Fin (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction

BRCFailEscalProtocol (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction

Stage 2 43.5

Stage 2 43.5

Stage 2 43.5

Stage 2 43.5

−8/100.00

−8/100.00

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

160 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

154.

153.

152.

151.

150.

149.

148.

Banks – Board Risk Committee – Failure to Analyse Trends and Trajectory of Risk – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (APRA) Banks – Board Risk Committee – Monitoring of Financial Stability Assessments of Authoritative Agencies – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Forward Fail Testing – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF and OECD Kirkpatrick Report 2009) Banks – Board Risk Committee – Forward Stress Testing with Large Price Movements – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF and OECD Kirkpatrick Report 2009) Banks – Board Risk Committee – Forward Scenario Testing – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF and OECD Kirkpatrick Report 2009) Banks – Board Risk Committee – Forward Stress Testing – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF and OECD Kirkpatrick Report 2009) Banks – Board Risk Committee – Independence in combination with Frequency of Meeting – Enhancement in Risk Management and Internal Monitoring (Walker Review 2009, EC Second Green Paper 2011 and OECD 2010 Conclusions and Practices) BRCIndFreq (+) [AudIndFreq] (+) identical to [AudIndMon] (+) which is in turn identical to [BrdIndMon] (+)

+7/87.50

+7/87.50

+7/87.50

BRCFwdScenTest (+) [BrdSkills] (+) BRCFwdStressTest (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

−8/100.00

BRCFwdLrgPriceMove (+) [BrdSkills] (+)

BRCFwdFailTest (+) [BrdSkills] (+)

BRCFailTrendAnalyse (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction BRCFinStabAssess (+) [BrdSkills] (+)

(continued)

Stage 2 33.5 43.1

Stage 2 44.5 45.2

Stage 2 44.5 45.2

Stage 2 44.5 45.2

Stage 2 44.5 45.2

Stage 2 43.3 44.5

Stage 2 43.5

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 161

155.

160.

159.

158.

157.

156.

Governance variable and description and source

Banks – Board Risk Committee – Independence – Information Flow and Decision Quality ‘Trade-off’ (Walker Review 2009, EC Second Green Paper 2011 and OECD 2010 Conclusions and Practices) Banks – Board Risk Committee – Independence – Enhancement in Monitoring Effect (Walker Review 2009, EC Second Green Paper 2011 and OECD 2010 Conclusions and Practices) Banks – Board Risk Committee – Monitoring of Interest Rates and Currency Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Monitoring of Information Technology Risks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Monitoring of Leverage – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Establishment and Monitoring of Liquidity Management Strategy – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009)

No

Table 10.2 (continued)

BRCLiqManStrat (+) [BrdSkills] (+)

BRCLeverage (+) [BrdSkills] (+)

BRCITRisk (+) [BrdSkills] (+)

BRCIndInfo (−) [AudIndInfo] (−) identical to [BrdIndInfo] (−) BRCIndMon (+) [AudIndMon] (+) identical to [BrdIndMon] (+) BRCIntRates&Curr (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

−4/50.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 43.1 43.2 43.3 43.4 45.2

Stage 2 43.2

Stage 2 43.2

Stage 2 43.2

Stage 2 33.5 43.1

Stage 2 33.5 43.1

Section Ref. (Relational Effect Path in bold)

162 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

167.

166.

165.

164.

163.

162.

161.

Banks – Board Risk Committee – Monitoring of Large Exposures Open to External Shocks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Risk Analysis of Significant Mergers for Risk Aspects and Implications (including Risk Appetite and Tolerance) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Non-Executive Directors – Substantial Financial Experience – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Monitoring of Operational Risks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Oversight of CRO – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS Guidelines 2015) Banks – Board Risk Committee – Monitoring of Other Market Risks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Qualitative Risk Assessment Testing – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) BRCQualTesting (+) [BrdSkills] (+)

BRCOtherMktRisks (+) [BrdSkills] (+)

BRCOseeCRO (+) [BrdSkills] (+)

BRCOperRisk (+) [BrdSkills] (+)

BRCNEDFinExper (+) [BrdIndMon] (+)

BRCMergerRisk (+) [BrdSkills] (+)

BRCLrgExpose&Shock (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 44.5 45.2

Stage 2 43.2 43.4

Stage 2 43.4

Stage 2 43.2

Stage 2 44.3

Stage 2 44.7

Stage 2 44.5

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 163

168.

172.

171.

170.

169.

Governance variable and description and source

Banks – Board Risk Committee – Quantitative Metrics for Risk Assessment Testing – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Board Risk Committee – Over-reliance on General Attestations provided by the CEO and the Group CRO for Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (APRA) Banks – Board Risk Committee – Monitoring of Reputational Risks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Review of Management Policies for Adhering to Approved Risk Policies – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS Guidelines 2015) Banks – Board Risk Committee – Review of Management’s Implementation of Risk Appetite Statement (RAS) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS Guidelines 2015)

No

Table 10.2 (continued)

BRCReviewMmtRAS (+) [BrdSkills] (+)

BRCReviewMmtPolicies (+) [BrdSkills] (+)

BRCReputRisk (+) [BrdSkills] (+)

BRCRelyGenAttestCEO&CRO (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

BRCQuantMetrics (+) [BrdSkills] (+)

+7/87.50

+7/87.50

Stage 2 43.4

Stage 2 43.4

Stage 2 43.2

Stage 2 12.18

−7/87.50

+7/87.50

Stage 2 44.5 45.2

Section Ref. (Relational Effect Path in bold)

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

164 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Banks – Board of Directors – Reporting of Bank-Wide (Aggregate of All Portfolios) Risk – To Shareholders and External Market/ Stakeholders – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) Board and Committee (Non-Audit) Size – Earnings Manipulation Effect (Stage 1)

178.

179.

177.

176.

175.

174.

Banks – Board Risk Committee – Review of Risk Policies (Annual) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS Guidelines 2015) Banks – Board Risk Committee – Establishment and Monitoring of Risk Appetite, Risk Tolerance and Future Risk Strategy – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Establishment and Monitoring of Risk Culture – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Banks – Board Risk Committee – Separate BRC Risk Report within Annual Report and Accounts – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009) Board – Attendance Level (High) (Stage 1)

173.

BrdCmEarn (+/−)

+/−6/75.00

+8/100.00

+7/87.50

BrdAttend (+) BrdBank-WideRisk (+) [TransTimeMon] (+)

+8/100.00

+7/87.50

+7/87.50

+7/87.50

BRCRiskReportContents (+) [TransTimeMon] (+)

BRCRiskCulture (+) [BrdSkills] (+)

BRCRiskAppTolStrat (+) [BrdSkills] (+)

BRCReviewRiskPolicies (+) [BrdSkills] (+)

(continued)

Stage 1 5.2.3 9.2.2

Stage 1 7.3.1.2 7.3.2.1.2 Stage 2 45.2 45.5

Stage 2 44.8

Stage 2 43.1 43.3

Stage 2 43.1 43.3

Stage 2 43.4

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 165

Banks – Board – “Reporting to the Board on Aggregate Customer Satisfaction” – Failure to Review Individual Customer Complaints – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Failure of Metrics and Analysis of Customer Complaints – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Failure to Review ‘Severe’ Individual Customer Complaints – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Failure to Review Systemic Risks from Customer Complaints – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Failure to Dedicate Sufficient FTE Human Resources to Analyse Customer Complaints to Identify Systemic Issues – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA)

180.

181.

185.

184.

183.

182.

Governance variable and description and source

Board and Committee Size (Stage 1)

No

Table 10.2 (continued)

BrdCustFailRedFlagMetrics (−) [TransTimeMon] (+) in the negative direction BrdCustFailRedFlagSevere (−) [TransTimeMon] (+) in the negative direction BrdCustFailRedFlagSystRisk (−) [TransTimeMon] (+) in the negative direction BrdCustFailRedFlagSystRiskFTE (−) [TransTimeMon] (+) in the negative direction

BrdCustFailRedFlagIndiv (−) [TransTimeMon] (+) in the negative direction

BrdCmSize (+/−)

Stage 2 45.11

Stage 2 45.11

Stage 2 45.11

Stage 2 45.11

−8/100.00

−8/100.00

−8/100.00

−8/100.00

−8/100.00

Stage 1 8.2.2.2 Stage 2 23.3 Stage 2 45.11

Section Ref. (Relational Effect Path in bold)

+/−6/75.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

166 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

191.

190.

189.

188.

187.

186.

Banks – Board – Failure to Provide Clear Governance for Resolving Root Causes of Customer Complaints – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Failure to Provide Staff Incentives for Resolving Root Causes of Customer Complaints – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Failure to Analyse Customer Complaints from Multiple Sources to Identify Systemic Issues – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Failure to Provide Manual Processes for Resolving Root Causes of Customer Complaints – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Failure to Analyse Customer Complaints for Root Causes – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Metrics and Analysis of Customer Complaints – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) BrdCustFailRedFlagSystRiskRoot (−) [TransTimeMon] (+) in the negative direction BrdCustRedFlagAnalyse (+) [TransTimeMon] (+)

BrdCustFailRedFlagSystRiskProc (−) [TransTimeMon] (+) in the negative direction

BrdCustFailRedFlagSystRiskMulti (−) [TransTimeMon] (+) in the negative direction

BrdCustFailRedFlagSystRiskIncent (−) [TransTimeMon] (+) in the negative direction

BrdCustFailRedFlagSystRiskGov (−) [TransTimeMon] (+) in the negative direction

Stage 2 45.11

Stage 2 45.11

Stage 2 45.11

−8/100.00

−8/100.00

−8/100.00

(continued)

Stage 2 45.11

Stage 2 45.11

−8/100.00

+8/100.00

Stage 2 45.11

−8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 167

192.

196.

195.

194.

193.

Governance variable and description and source

Banks – Board – Analysis of Individual Material Customer Complaints Giving Rise to Regulatory Breach or Reputational Damage – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Reporting of Remediation Status of Individual Material Customer Complaints – Closure, Extension or Delay – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Analysis of Systemic Issues in Customer Complaints Giving Rise to Regulatory Breach – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Analysis of Systemic Issues in Customer Complaints Giving Rise to Reputational Damage – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Investment in Data and Analytics to Analyse Customer Complaints Data – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA)

No

Table 10.2 (continued)

BrdCustRedFlagSystRiskData (+) [TransTimeMon] (+)

BrdCustRedFlagSystReput (+) [TransTimeMon] (+)

BrdCustRedFlagSystRegBr (+) [TransTimeMon] (+)

BrdCustRedFlagRemedStatus (+) [TransTimeMon] (+)

BrdCustRedFlagIndivMat (+) [TransTimeMon] (+)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 45.11

Stage 2 45.11

Stage 2 45.11

Stage 2 45.11

Stage 2 45.11

Section Ref. (Relational Effect Path in bold)

168 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

200.

199.

198.

197.

Banks – Board – Provision of Resources for Identification and Analysis of Systemic Risk Issues from Customer Complaints – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Provision of Technology for Identification and Analysis of Systemic Risk Issues from Customer Complaints – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Analysis of Trends in Customer Complaints by Volume and Topic – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Failure of Reporting to Board and Executive Committee to Assess Residual Risk During Remediation of Long-Outstanding Issues – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) BrdECReportResidualRisks (−) [TransTimeMon] (+) in the negative direction

BrdCustRedFlagTrends (+) [TransTimeMon] (+)

BrdCustRedFlagSystRiskTech (+) [TransTimeMon] (+)

BrdCustRedFlagSystRiskRes (+) [TransTimeMon] (+)

Stage 2 45.10

−8/100.00

(continued)

Stage 2 45.11

Stage 2 45.11

Stage 2 45.11

+8/100.00

+8/100.00

+8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 169

Governance variable and description and source

Board Independent Director: Executive Director Proportion – Information Flow and Decision Quality ‘Trade-off’ (Stage 1)

Banks – Board of Directors – Reporting of Individual Portfolio Risk – To Shareholders and External Market/Stakeholders – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making (BCBS)

No

201.

202.

Table 10.2 (continued)

BrdIndivPortRisk (+) [TransTimeMon] (+)

BrdIndInfo (−)

+8/100.00

−4/50.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox Stage 1 6.2.3.1.2 7.3.2.1.3 Stage 2 1.1 4.5 5 3.1 10 26.1 26.2 27.1 27.2 28.9 29.1 33.1 33.2 33.5 35.1 37.4 37.5 42.8 Stage 2 45.5

Section Ref. (Relational Effect Path in bold)

170 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

203.

Board Independent Director: Executive Director Proportion – Monitoring Effect (Stage 1)

BrdIndMon (+) +7/87.50

(continued)

Stage 1 5.2.2.1 6.2.3.1.2 6.2.3.1.4 7.3.2.1.1– 7.3.2.1.2 Stage 2 1.1 3.7 4.5 4.11 5 9.2 10 11.2 11.7 12.4 12.17 12.21 13.3 17.3 20.1 20.9 22.1 22.3 23.4 23.5 24.1 24.2 25.1 26 26.1 26.2 26.3

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 171

No

Governance variable and description and source

Table 10.2 (continued) Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox 26.4 26.5 27.1 27.2 27.3 28.2 28.9 29 29.1 29.2 33.2 33.5 33.6 33.7 34.1 34.2 35.3 35.4 35.5 35.6 36.1 36.6 38 38.3.1 40 40.5.2

Section Ref. (Relational Effect Path in bold)

172 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Banks – Board of Directors – Reporting of Risk – To Shareholders and External Market/Stakeholders – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect– Enhancement in Quality of Decision-making (BCBS) Banks – Board of Directors – Reporting of Scenario Tests/ Analyses – To Shareholders and External Market/Stakeholders – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making (BCBS)

207.

208.

206.

205.

Banks – Board of Directors – Information Silo – Impediment to Risk Reporting – To Shareholders and External Market/Stakeholders – Reduction in Information Flow – Diminution/Failure of Monitoring Effect – Reduction in Quality of Decision-making (BCBS) Banks – Board of Directors – Prioritisation, Conciseness and Contextualisation of Risk Reporting – To Shareholders and External Market/Stakeholders – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) Board – Annual Review (Stage 1)

204.

BrdScenarioRisk (+) [TransTimeMon] (+)

BrdRiskReport (+) [TransTimeMon] (+)

BrdReview (+)

BrdPriorityContextRisk (+) [TransTimeMon] (+)

BrdNonDiscloseSilo (−) [TransTimeMon] (+) in the negative direction

+8/100.00

+8/100.00

+7/87.50

+8/100.00

−8/100.00

(continued)

Stage 2 45.2 45.5

Stage 1 7.3.2.1.2 Stage 2 35.3 35.4 35.5 35.6 Stage 2 45.5

Stage 2 45.5

41.4 44.3 45.5 45.15 Stage 2 45.5

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 173

Governance variable and description and source

Board – Director Skills ‘Mix’ (Stage 1)

No

209.

Table 10.2 (continued)

BrdSkills (+) +7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox Stage 1 7.3.1.2.1 Stage 2 1.1 1.6 3.6 3.7 4.5 4.7 4.9 4.11 5 9.2 10 11.7 12.4 12.17 13.3 17.3 20.1 20.2 20.3 20.5 20.7 20.8 20.9 22.2 22.3

Section Ref. (Relational Effect Path in bold)

174 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

(continued)

23 24.8 25.1 26 26.3 26.4 27.1 27.2 27.3 28.2 28.3 28.4 28.5 28.6 28.7 28.8 28.9 29.2 29.3 29.5 29.7 29.8 29.9 29.11 30.5 30.9 31 31.1 31.2 31.4 31.5 31.6 31.7

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 175

No

Governance variable and description and source

Table 10.2 (continued) Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox 31.8 31.9 31.10 31.11 31.12 31.13 31.14 31.15 31.16 31.17 31.18 33.2 33.6 33.7 34.2 36.6 38 38.3.1 40 40.1 40.1.2 40.1.6 40.2.7 40.2.8 40.2.9 40.5.1 40.5.2 40.5.3 40.6 41 41.1 41.2

Section Ref. (Relational Effect Path in bold)

176 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

210.

Banks – Board of Directors – Reporting of Stress-Test Risks – To Shareholders and External Market/Stakeholders – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making (BCBS)

BrdStressRisk (+) [TransTimeMon] (+)

+8/100.00

(continued)

41.3 41.4 42.1 42.6 43 43.1 43.2 43.3 43.4 44.1 44.2 44.5 44.6 44.7 45 45.1 45.2 45.5 45.13 45.14 45.15 47.1 Stage 2 45.2 45.5

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 177

211.

215.

214.

213.

212.

Governance variable and description and source

Banks – Board of Directors – Timing, Accuracy and Understandability of Risk Reporting – To Shareholders and External Market/Stakeholders – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) Banks – Board – Failure to Track and Monitor Significant Control Gaps – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board – Failure to Track and Monitor Long-Outstanding Issues – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Business Unit Support of Risk Management Function – Obtaining Approvals of All New Risks/Exposures and New Products (Including Contingent Exposures) from Risk Management Function/ Managers – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) Banks – Business Unit Support of Risk Management Function – Disclosure and Procedures for Breaches of Risk Limits or Changes in Approval Conditions to/from Risk Management Function/ Managers – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF)

No

Table 10.2 (continued)

BUBreachLimitCond (+) [TransTimeMon] (+)

BrdTrack&MonControlGaps (−) [TransTimeMon] (+) in the negative direction BrdTrack&MonLongOutIssues (−) [TransTimeMon] (+) in the negative direction BUApprovalRiskProd (+) [BrdSkills] (+)

BrdTimeAccUstandRisk (+) [TransTimeMon] (+)

Stage 2 45.10

−8/100.00

+8/100.00

Stage 2 42.1 45.2

Stage 2 42.1 45.2

Stage 2 45.10

−8/100.00

+7/87.50

Stage 2 45.5

Section Ref. (Relational Effect Path in bold)

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

178 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

221.

220.

219.

218.

217.

216.

Banks – Business Unit Support of Risk Management Function – Awareness and Disclosure of Changes in Conditions and Assumptions to Risk Management Function/Managers – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) Banks – Business Units – Closure of Issue by ‘Issue Owner’ and ‘Issue Manager’ – Specify Requirements to Verify Issue Closure – Reporting to Business Unit Management, CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (APRA) Banks – Business Units – Business Unit CRO Reporting to Group Executives – Reduced Independence of Business Unit CRO from Group Executives – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA) Banks – Business Units – Customer Complaint Recording System – Enhancement of Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Business Unit Support of Risk Management Function – Full Disclosure of Risks to Risk Management Function/Managers – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) Banks – Business Units – Failure to Assess Issues Across Multiple Business Units – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) BUFailRedFlagMultiBU (−) [TransTimeMon] (+) in the negative direction

BUDiscloseRisks (+) [TransTimeMon] (+)

BUCustComplain (+) [TransTimeMon] (+)

BUCROIndepGrpExecs (−) [BrdSkills] (+) in the negative direction

BUClosureVerify (+) [TransTimeMon] (+)

BUChangeCond&Assumpt (+) [TransTimeMon] (+)

Stage 2 45.10

−8/100.00

(continued)

Stage 2 42.1 45.2

+8/100.00

Stage 2 45.2 45.5

Stage 2 42.1 45.2

−7/87.50

+8/100.00

Stage 2 45.2 45.5

Stage 2 42.1 45.2

+8/100.00

+8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 179

222.

225.

224.

223.

Governance variable and description and source

Banks – Business Units – Failure to Aggregate Issues from Multiple Sources – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Business Units – Logging of ‘Incident’ “Causing Unexpected Outcomes from Business Processes” – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (APRA) Banks – Business Units – Closure of Issue by ‘Issue Owner’ and ‘Issue Manager’ – Reporting to Business Unit Management, CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (APRA) Banks – Business Units – Logging of ‘Issue’ of “Control Weakness or Gap that Exposes the Bank to Potential Losses, Reputational Damage or Breach of Regulation” – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (APRA)

No

Table 10.2 (continued)

BUIssueLog (+) [TransTimeMon] (+)

BUIssueClosure (+) [TransTimeMon] (+)

BUFailRedFlagMultiSource (−) [TransTimeMon] (+) in the negative direction BUIncidentLog (+) [TransTimeMon] (+)

+8/100.00

+8/100.00

+8/100.00

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 45.2 45.5

Stage 2 45.2 45.5

Stage 2 45.2 45.5

Stage 2 45.10

Section Ref. (Relational Effect Path in bold)

180 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

230.

229.

228.

227.

226.

Banks – Business Units – Rating of Logged Issues – Rating According to “Likelihood an Incident Will Occur in Next 12 Months and Potential Impact” – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (APRA) Banks – Business Unit Support of Risk Management Function – Maintenance of Risk/Exposure Limits – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) Banks – Business Unit Support of Risk Management Function – Awareness and Disclosure of Market Environment to Risk Management Function/Managers – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) Banks – Business Units – Information Silos – Impediment to Risk Reporting for Early Action – Reduction in Information Flow – Diminution/Failure of Monitoring Effect – Reduction in Quality of Decision-making (BCBS) Banks – Business Units – Prioritisation, Conciseness and Contextualisation of Risk Reporting for Early Action – Reporting to Business Unit Management, CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) BUPriorityContextRisk (+) [TransTimeMon] (+)

BUNonDiscloseSilos (−) [TransTimeMon] (+) in the negative direction

BUMarketEnviron (+) [TransTimeMon] (+)

BUKeepRiskLimits (+) [BrdSkills] (+)

BUIssueRating (+) [TransTimeMon] (+)

(continued)

Stage 2 45.2 45.5

Stage 2 45.2 45.5

−8/100.00

+8/100.00

Stage 2 42.1 45.2

Stage 2 42.1 45.2

Stage 2 45.2 45.5

+8/100.00

+7/87.50

+8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 181

231.

234.

233.

232.

Governance variable and description and source

Banks – Business Units – Failure to Escalate Problems or Red Flags in relation to Whistleblowing Procedures – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Business Unit Support of Management Function – Disclose Risk Exposures in Management-information, Risk Management and Other Systems to Risk Management Function/Managers – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) Banks – Business Unit Support of Management Function – Business Unit Primary Ownership of Risk Management – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) Banks – Business Units – Reporting of Risk According to Severity Trigger ($) to Appropriate/Predetermined Level – Reporting to Business Unit Management, CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (BCBS and APRA)

No

Table 10.2 (continued)

BURiskReportTrigLevel (+) [TransTimeMon] (+)

BURiskOwnRiskMan (+) [BrdSkills] (+)

BURiskAllSystems (+) [TransTimeMon] (+)

BURedFlagRiskWhistle (−) [TransTimeMon] (+) in the negative direction

+8/100.00

+7/87.50

+8/100.00

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 45.2 45.5

Stage 2 42.1 45.2

Stage 2 42.1 45.2

Stage 2 45.2 45.5

Section Ref. (Relational Effect Path in bold)

182 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Short-Term Cashing-Out of Equity and Options by Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure

240.

239.

238.

237.

236.

Banks – Business Units – Timing, Accuracy and Understandability of Risk Reporting for Early Action – Reporting to Business Unit Management, CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) Compensation/Remuneration Committee – Reporting Requirements to the Board – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA) Compensation/Remuneration Committee – Bonuses for Low End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (OECD Key Findings 2009) Compensation/Remuneration Committee – Joint Meetings with Board Risk Committee (BRC) for Risk Ratings and Remuneration Decisions for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA) Limit on Short-Term Cashing-Out of Equity and Options by Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests

235.

CCCashOutLimit (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) CCCashOutRisk (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

CCBoardReporting (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) CCBonusLowEnd (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) CCBRCJointMeet (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

BUTimeAccUstandRisk (+) [TransTimeMon] (+)

Stage 2 16.1 16.6 16.7

−7/87.50

(continued)

Stage 2 16.1 16.6

+7/87.50

Stage 2 12.18

Stage 2 12.19

−7/87.50

+7/87.50

Stage 2 12.18

Stage 2 45.2 45.5

+7/87.50

+8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 183

Compensation/Remuneration Committee – Disclosure of Enhanced Benefits and Conditions of Operation – Enhancement in Risk Management and Internal and External Monitoring

241.

244.

243.

242.

Governance variable and description and source

Compensation/Remuneration Committee – Positive/Upward Collective Risk Adjustment to Remuneration for a Team, Business Unit or Division for Significant Risk Events – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA) Compensation/Remuneration Committee – Comparable Incentives for Risk-Takers Across Different Business Units or Activities – Enhancement of Level of Risk-Taking in Alignment with Shareholders (IIF) Compensation/Remuneration Committee – Disclosure of Bands and Elements of Compensation for Executives and High End Employees – Enhancement in Risk Management and Internal and External Monitoring (Walker Review 2009 and BCBS)

No

Table 10.2 (continued)

+8/100.00

+7/87.50

+7/87.50

CCEnhanceDisclose +8/100.00 (+) [CCDiscloseBandElement] (+) identical to [TransTimeMon] (+)

CCDiscloseBandElement (+) [TransTimeMon] (+)

CCCompareIncent (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCCollectiveAdjPos (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 12.6 12.7 12.15 12.17 13.3 13.4 17.3 45.5 Stage 2 12.6 17.3

Stage 2 12.16

Stage 2 12.18

Section Ref. (Relational Effect Path in bold)

184 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

250.

249.

248.

247.

246.

245.

CCGoldHello (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) Compensation/Remuneration Committee – Enhanced Payout on CCGoldPara Termination for Executives and High End Employees – Risk-Taking (−) in Excess of Risk Appetite – Likelihood of Bank Failure [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) Compensation/Remuneration Committee – Failure to Apply CCFailCollectiveAdjNeg Negative/Downward Collective Risk Adjustment to Remuneration (−) for a Team, Business Unit or Division for Significant Risk Events – [EqOptRiskFailHighEnd] (−) identical Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure to [EqOptEntrch] (−) (APRA) Compensation/Remuneration Committee – Failure to Apply Risk CCFailHighEndRGORiskAdj Gate Opener for ‘Not Met’ Rating for Risk Adjustments to (−) Remuneration for All Executives and High End Employees – Risk[EqOptRiskFailHighEnd] (−) identical Taking in Excess of Risk Appetite – Likelihood of Bank Failure to [EqOptEntrch] (−) (APRA) CCFailQuantData Compensation Committee – Failure to Apply Quantitative Date to Remuneration Framework – Risk-Taking in Excess of Risk (−) Appetite – Likelihood of Bank Failure [EqOptRiskFailHighEnd] (−) identical (APRA) to [EqOptEntrch] (−) Compensation/Remuneration Committee – Failure of CCFailRiskAdjDocs Documentation for Prior Years Deferred Remuneration for (−) Executives and High End Employees – Risk-­Taking in Excess of [EqOptRiskFailHighEnd] (−) identical Risk Appetite – Likelihood of Bank Failure to [EqOptEntrch] (−) (APRA)

Compensation/Remuneration Committee – Enhanced Payout on Commencement for Executives and High End Employees – RiskTaking in Excess of Risk Appetite – Likelihood of Bank Failure Stage2 17.4

Stage 2 12.18

Stage 2 12.6 12.18

Stage 2 12.18

Stage 2 12.18

−7/87.50

−7/87.50

−7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 17.4

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 185

251.

254.

253.

252.

Governance variable and description and source

Compensation/Remuneration Committee – Failure to Make Risk Adjustments Against Prior Years Deferred Remuneration for Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (APRA) Compensation/Remuneration Committee – Risk Adjustment for Actual ‘Alpha’ Added to the Firm by Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (IIF) Compensation/Remuneration Committee – Risk Adjustment for Breaches by Executives and High End Employees of Company Risk Appetite Limits, Internal Procedures and Legal Requirements – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (BCBS) Compensation/Remuneration Committee – Risk Adjustment for Cost of Capital for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (IIF)

No

Table 10.2 (continued)

CCHighEndCapCost (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCHighEndBreach (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

CCHighEndActAlpha (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCFailRiskAdjPriorYrs (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

Stage 2 12.10 12.12 12.16 12.18 12.23 13.2

Stage 2 12.25

−7/87.50

+7/87.50

Stage 2 12.16

Stage 2 12.18

Section Ref. (Relational Effect Path in bold)

+7/87.50

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

186 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

260.

259.

258.

257.

256.

255.

Compensation/Remuneration Committee – Application of Group Values for Adjustments to Remuneration for All Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA) Compensation/Remuneration Committee – Six-Monthly or Annual Comprehensive Assessments by Internal Audit Executives to Compensation Committee for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA) Compensation/Remuneration Committee – Database/Library of Previous Risk Outcomes (Positive and Negative) for Remuneration for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA) Compensation/Remuneration Committee – Risk Adjustment for Liquidity Risk for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders Compensation/Remuneration Committee – Minimum Mandated Risk Adjustment of 10% Reduction for ‘Partially Met’ Rating for Risk Gate Opener for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA) Compensation/Remuneration Committee – Periodic Review of Compensation Policies and Performance-Based Compensation for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (IIF) CCHighEndReview (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCHighEndLiqRisk (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) CCHighEndMinAdjRGO10%Redn (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCHighEndLibraryRiskOut (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCHighEndIntAudPresent (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCHighEndGroupValues (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 12.16 13.1

Stage 2 12.6 12.18

Stage 2 12.18 12.23

Stage 2 12.18

Stage 2 12.18

Stage 2 12.6

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 187

264.

263.

CCHighEndRiskTime (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCHighEndRiskScoreRules (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCHighEndRiskPresent (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

262.

Compensation/Remuneration Committee – Six-Monthly or Annual Comprehensive Assessments Presented by Risk Executives to Compensation Committee for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA) Compensation/Remuneration Committee – Rules for Risk Symptoms for Risk Scorecard for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA) Compensation/Remuneration Committee – Risk Adjustment for ‘Risk Time Horizon’ of Profit for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (IIF)

Governance variable and description and source

Compensation/Remuneration Committee – Risk Adjustment for Risk CCHighEndRiskApp Appetite of Bank for Executives and High End Employees (+) (IIF) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

261.

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

No

Table 10.2 (continued)

Stage 2 12.12 12.16 13.2

Stage 2 12.18

Stage 2 12.11 12.16 12.18 12.23 13.2 Stage 2 12.18

Section Ref. (Relational Effect Path in bold)

188 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

269.

268.

267.

266.

265.

Compensation/Remuneration Committee – No Reduction Adjustment for Risk Gate Opener for ‘Fully Met’ Rating to Remuneration of All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA) Compensation/Remuneration Committee – Risk Adjustment for Overall Profit of Whole Organization for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (IIF) Compensation/Remuneration Committee – Application of Key Performance Indicator ‘Balanced Scorecard’ for Adjustments to Remuneration for All Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA) Compensation/Remuneration Committee – Mis-Sale of Financial Products at Retail Level – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (IIF) Compensation/Remuneration Committee – Pay Differentials for Non-Executive Director Chairs of Audit, Compensation and Board Risk Committees – Effect on Risk-Taking CCMis-SaleProd (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) CCNonExecDiff (+/−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) in the dual direction and [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) in the dual direction

CCKPIBalScorecard (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCHighEndWholeOrg (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCHighEndRGOFullMet (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

(continued)

Stage 2 17.1

Stage 2 12.16

−7/87.50

+/−7/87.50

Stage 2 12.6

Stage 2 12.13 12.16

Stage 2 12.6 12.18

+7/87.50

+7/87.50

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 189

Compensation/Remuneration Committee – Over-reliance on Executive Self-Assessments of Risk Management for Executives and High End Employees – Risk-­Taking in Excess of Risk Appetite – Likelihood of Bank Failure (APRA) Compensation/Remuneration Committee – Over-reliance on Performance Assessments provided by the CEO and the Group CRO for Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (APRA) Compensation/Remuneration Committee – Outside Advisers (OECD 2010 Conclusions and Practices)

270.

271.

273.

272.

Governance variable and description and source

Compensation/Remuneration Committee – Responsibility for Performance Objectives for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Walker Review 2009)

No

Table 10.2 (continued)

CCRemAdvise (+/−) [OutBrdAdv] (+) which is a ‘strongform’ version of [BrdIndMon] (+) in the dual direction

CCRelyPerfAssessCEO&CRO (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

CCRelyExecSelfAssess (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

CCPerfObjectBenchHighEnd (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+/−7/87.50

−7/87.50

−7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 12.6 12.7 12.21

Stage 2 12.18

Stage 2 12.6 12.10 12.15 12.16 12.22 12.23 12.24 13.2 44.4 Stage 2 12.18

Section Ref. (Relational Effect Path in bold)

190 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Compensation/Remuneration Committee – Clawback of Short-Term or Long-Term Incentive Payments for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests (Walker Review 2009)

Compensation/Remuneration Committee – Delaying Short-Term or Long-Term Incentive Payments for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests (Walker Review 2009)

Compensation/Remuneration Committee – Deferral of Short-Term or Long-Term Incentive Payments for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests (Walker Review 2009)

Compensation/Remuneration Committee – Failure of Arm’s Length Negotiations for Remuneration Without Independent Board Judgement – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (OECD Key Findings 2009)

274.

275.

276.

277.

CCRemFailArmsLength (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

CCRemDefer (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCRemDelay (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCRemClawBack (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

−7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 12.6 12.7 12.8 12.16 12.18 12.20 13.2 Stage 2 12.6 12.7 12.8 12.16 12.18 12.20 13.2 Stage 2 12.6 12.7 12.8 12.16 12.18 12.20 13.2 Stage 2 12.7

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 191

Compensation/Remuneration Committee – Performance Metrics for Long-Term Performance with Payouts Only Once the Performance was Realized – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Walker Review 2009)

278.

281.

280.

279.

Governance variable and description and source

Compensation/Remuneration Committee – Absence and/or Weakness between Remuneration and Performance – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (OECD Key Findings 2009) Compensation/Remuneration Committee – Compensation Committee Comprised of Independent Directors – Independent Director Monitoring of Remuneration Process – Level of RiskTaking in Alignment with Shareholder Interests (OECD Key Findings 2009) Compensation/Remuneration Committee – Lock-Up of Short-Term or Long-Term Incentive Payments for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests (Walker Review 2009)

No

Table 10.2 (continued)

CCRemLTMetricsActual (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCRemLock-Up (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCRemFailPayPerform (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) CCRemIndMon (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+7/87.50

+7/87.50

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 12.6 12.7 12.8 12.16 12.18 12.20 13.2 Stage 2 12.8 12.16

Stage 2 12.7 13.1

Stage 2 12.7 13.2

Section Ref. (Relational Effect Path in bold)

192 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Compensation/Remuneration Committee – Long-Term Focus for All Executives and High End Employees – Long-Term Variable Remuneration for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Walker Review 2009 and APRA)

Compensation/Remuneration Committee – Responsibility for Remuneration Policy for All Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Walker Review 2009) Compensation/Remuneration Committee – Responsibility for Remuneration Policy and Outcomes for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Walker Review 2009)

283.

284.

285.

Compensation/Remuneration Committee – Long-Term Variable Remuneration for Performance Actually Realised – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Walker Review 2009, OECD Key Findings 2009 and APRA)

282.

CCRemPolicyAllEmploy (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) CCRemPolicyOutHighEnd (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCRemLTVRHighEnd (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCRemLTVRActual (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 12.6 12.16

Stage 2 12.6 12.7 12.8 12.10 12.16 13.2 16.6 Stage 2 12.6 12.7 12.8 12.10 12.16 13.2 16.6 Stage 2 12.6 12.16

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 193

Compensation/Remuneration Committee – Sole Use of Share Price to Measure Performance – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (OECD Key Findings 2009) Compensation/Remuneration Committee – Short-Term Variable Remuneration for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Walker Review 2009 and APRA) Compensation/Remuneration Committee – Positive/Upwards Adjustment to Reward Sound Risk Management for Risk Gate Opener to Remuneration of All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA)

286.

287.

289.

288.

Governance variable and description and source

Compensation/Remuneration Committee – Restricting the Proportion of Short-Term or Long-Term Incentive Payments for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests (Walker Review 2009)

No

Table 10.2 (continued)

CCRGOPositiveAdjust (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCRemSoleSharePc (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) CCRemSTVRHighEnd (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCRemRestrictPropn (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+7/87.50

−7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 12.18

Stage 2 12.6

Stage 2 12.6 12.7 12.8 12.16 12.18 12.20 13.2 Stage 2 12.7

Section Ref. (Relational Effect Path in bold)

194 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Compensation/Remuneration Committee – Responsibility for Risk Adjustments (Generally) for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Walker Review 2009, IIF and APRA)

Compensation/Remuneration Committee – Risk Adjustment for Economic Profits for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Walker Review 2009 and BCBS) Compensation/Remuneration Committee – Incentives Tied to Short-Term Share Price for Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure

291.

292.

293.

Compensation/Remuneration Committee – Compensation/ Remuneration Committee to Obtain Advice from Board Risk Committee (BRC) advised by the Chief Risk Officer (CRO) on Risk Adjustments to Performance Objectives – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Walker Review 2009)

290.

CCSTIncentRisk (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

CCRiskEcoProfit (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCRiskAdjustHighEnd (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CCRiskAdjustBRC (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

(continued)

Stage 2 12.7 16.1 16.5 16.6 16.7

−7/87.50

+7/87.50

+7/87.50

Stage 2 12.6 12.18 12.24 13.2 43.1 44.4 Stage 2 12.6 12.10 12.15 12.16 12.18 12.22 12.23 12.24 13.2 44.4 Stage 2 12.16 12.22

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 195

298.

297.

296.

CCVarFixRatio (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

Stage 2 36.7

Stage 2 36.7

Stage 2 36.7

−8/100.00

−8/100.00

Stage 2 16.7

Stage 2 12.7 16.6

Section Ref. (Relational Effect Path in bold)

+8/100.00

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

CEOInsideDebt (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) Banks – Board Committees – External Assessments/Reviews of Risk CmExtAssessRiskCult Culture – Enhancement in Information Flow – Enhancement in (+) Quality of Risk Management and Internal Monitoring and Decision- [TransTimeMon] (+) making – Enhancement in Quality of Accountability/Responsibility (APRA) Banks – Board Committees – Failure in Mature Understanding/ CmFailAssessRiskCult Assessment of Risk Culture – Reduction in Information Flow – (−) Reduction in Quality of Risk Management and Internal Monitoring [FailRedFlag] (−) identical to and Decision-making – Reduction in Quality of Accountability/ [TransTimeMon] (+) Responsibility in the negative direction (APRA) Banks – Board Committees – Failure in Benchmarking Governance CmFailBenchmark Practices – Reduction in Information Flow – Reduction in Quality of (−) Risk Management and Internal Monitoring and Decision-making – [FailRedFlag] (−) identical to Reduction in Quality of Accountability/Responsibility [TransTimeMon] (+) (APRA) in the negative direction

294.

295.

Governance variable and description and source

Compensation Committee – Capping the Ratio of Variable to Fixed Compensation for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Armour and Gordon) Bank CEO ‘Inside Debt’ – Level of Risk-Taking in Alignment with Shareholder Interests (Tung and Wang)

No

Table 10.2 (continued)

196 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

303.

302.

301.

300.

299.

Banks – Board Committees – Inadequate Communication Between Committees – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (APRA) Banks – Board Committees – Failure to Identify Control Gaps Affecting Risk Management – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (APRA) Banks – Board Committees – Over-Emphasis of Positive Aspects and Progress – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (APRA) Banks – Board Committees – Failure to Delineate Roles and Responsibilities of Committees – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (APRA) Banks – Board Committees – De-emphasis of Negative Elements of Risk Issues and Incidents – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (APRA) CmFailUnderEmphasisNeg (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

CmFailOverEmphasisPos (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction CmFailRoles&Respon (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

CmFailCommunicate (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction CmFailControlGaps (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction Stage 2 36.7

Stage 2 36.7

Stage 2 36.7

Stage 2 36.7

−8/100.00

−8/100.00

−8/100.00

−8/100.00

(continued)

Stage 2 36.7

−8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 197

304.

308.

307.

306.

305.

Governance variable and description and source

Banks – Board Committees – Joint and Overlapping Meetings of Audit Committee and BRC – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (APRA) Banks – Board Committees – Metrics for Business Unit Risk Culture – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decisionmaking – Enhancement in Quality of Accountability/Responsibility (APRA) Banks – Board Committees – Engage Specialists and Employees at Operational Levels – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (APRA) Bank Codes of Conduct and Ethics – Non-Executive Directors – Review and Oversight of Codes of Conduct for Compliance with Laws, Regulations and Company Policies – Enhancement of Monitoring Effect (BCBS Guidelines 2015) Bank Codes of Conduct and Ethics – Non-Executive Directors – Review and Oversight of Written Policies for Conflicts of Interest – Enhancement of Monitoring Effect (Turnbull and Pirson)

No

Table 10.2 (continued)

CodesNEDConflicts* (+) (interim variable*) [BrdIndMon] (+)

CodesNEDComply* (+) (interim variable*) [BrdIndMon] (+)

CmOperatSpecialists (+) [TransTimeMon] (+)

CmMetricsBURiskCult (+) [TransTimeMon] (+)

CmJointMeet (+) [TransTimeMon] (+)

+7/87.50

+7/87.50

+8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 29.2 36.6

Stage 2 29.2 36.6

Stage 2 36.7

Stage 2 36.7

Stage 2 36.7

Section Ref. (Relational Effect Path in bold)

198 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

315.

314.

313.

312.

311.

310.

309.

Bank Codes of Conduct and Ethics – Non-Executive Directors – Review and Oversight of Codes of Due Care, Skill and Diligence – Enhancement of Monitoring Effect (BCBS Guidelines 2015) Bank Codes of Conduct and Ethics – Non-Executive Directors – Review and Oversight of Codes of Conduct and Ethics for Ethical Conduct– Enhancement of Monitoring Effect (BCBS Guidelines 2015) Bank Codes of Conduct and Ethics – Non-Executive Directors – Ethics, Compliance and Reputation Committee – Enhancement of Monitoring Effect (BCBS Guidelines 2015) Bank Codes of Conduct and Ethics – Non-Executive Directors – Review and Oversight of Codes of Conduct and Ethics for Illegal Activity – Enhancement of Monitoring Effect (BCBS Guidelines 2015) Bank Codes of Conduct and Ethics – Non-Executive Directors – Review and Oversight of Policy and Procedure for Independent Investigation of Legitimate Material Concerns – Enhancement of Monitoring Effect (BCBS Guidelines 2015) Bank Codes of Conduct and Ethics – Non-Executive Directors – Review and Oversight of Whistle-Blower Policy and Procedure – Enhancement of Monitoring Effect (BCBS Guidelines 2015) Oversight of Compensation/Remuneration Beyond CEO and Board – Level of Risk-Taking in Alignment with Shareholder Interests (OECD Key Findings 2009) CompBeyondCEOBrd (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

CodesNEDWhistle* (+) (interim variable*) [BrdIndMon] (+)

CodesNEDIndInvestigate* (+) (interim variable*) [BrdIndMon] (+)

CodesNEDEthicsComplyReputCm* (+) (interim variable*) [BrdIndMon] (+) CodesNEDIllegalActs* (+) (interim variable*) [BrdIndMon] (+)

CodesNEDEthics* (+) (interim variable*) [BrdIndMon] (+)

CodesNEDDueCare* (+) (interim variable*) [BrdIndMon] (+)

+7/87/50

+7/87.50

+7/87/50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 12.7 13.1

Stage 2 29.2 36.6

Stage 2 29.2 36.6

Stage 2 29.2 36.6

Stage 2 36.6

Stage 2 29.2 36.6

Stage 2 29.2 36.6

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 199

Compensation Committee – Independence – Information Flow and Decision Quality ‘Trade-off’ (Walker Review 2009, EC Second Green Paper 2011 and OECD 2010 Conclusions and Practices) Compensation Committee – Independence – Enhancement in Monitoring Effect (Walker Review 2009, EC Second Green Paper 2011 and OECD 2010 Conclusions and Practices) Banks – Chief Risk Officer (CRO) – Access Conditions – Enhancement of Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS)(EC)(Walker Review 2009)

318.

320.

319.

Compensation Committee – Independence in Combination with Frequency of Meeting – Enhancement in Internal Monitoring (Walker Review 2009, EC Second Green Paper 2011 and OECD 2010 Conclusions and Practices)

317.

CompIndFreq (+) [AudIndFreq] (+) identical to [AudIndMon] (+) and, in turn, [BrdIndMon] (+) CompIndInfo (−) [AudIndInfo] (−) identical to [BrdIndInfo] (−) CompIndMon (+) [AudIndMon] (+) identical to [BrdIndMon] (+) CROAccessConds (+) [BrdSkills] (+)

Governance variable and description and source

Compensation Committee – Presence, Operation and Frequency CompCom (Stage1) (+/−)

316.

+7/87.50

+7/87.50

Stage 2 44.1

Stage 2 13.1 33.5

Stage 2 33.5

−4/50.00

+7/87.50

Stage 1 5.2.2.2 10.2.4.1 Stage 2 12.4 12.7 12.18 Stage 2 33.5

Section Ref. (Relational Effect Path in bold)

+/−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

No

Table 10.2 (continued)

200 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

326.

325.

324.

323.

322.

321.

Chief Risk Officer (CRO) – Failure of Formal Assessment of Controls for Individual Executive’s or High End Employee’s Remuneration Decisions – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (APRA) Chief Risk Officer (CRO) – Failure of Formal Assessment of Incidents for Individual Executive’s or High End Employee’s Remuneration Decisions – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (APRA) Chief Risk Officer (CRO) – Failure of Formal Assessment of Issues for Individual Executive’s or High End Employee’s Remuneration Decision – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (APRA) Chief Risk Officer (CRO) – Failure of Formal Assessment of Risk Appetite for Individual Executive’s or High End Employee’s Remuneration Decisions – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (APRA) Chief Risk Officer (CRO) – Failure of Formal Assessment of Risk Culture for Individual Executive’s or High End Employee’s Remuneration Decisions – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (APRA) Banks – CRO – Failure to Adequately Define ‘Impact’ of Emerging Risks – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) CROFailRedFlagDefineImpact (−) [TransTimeMon] (+) in the negative direction

CROFailFormAssessRiskCult (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

CROFailFormAssessRiskApp (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

CROFailFormAssessIssues (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

CROFailFormAssessIncid (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

CROFailFormAssessControls (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) Stage 2 12.18

Stage 2 12.18

Stage 2 12.18

Stage 2 12.18

Stage 2 45.10

−7/87.50

−7/87.50

−7/87.50

−7/87.50

−8/100.00

(continued)

Stage 2 12.18

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 201

327.

332.

331.

330.

329.

328.

Governance variable and description and source

Banks – CRO – Failure to Adequately Define ‘Likelihood’ of Emerging Risks – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – CRO – Failure to Aggregate Risks Across Multiple Business Units – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Chief Risk Officer (CRO) – Fixed Remuneration with Higher Weighting to Preserve Independence of Function – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA) Banks – Chief Risk Officer (CRO) – Independence Conditions – Enhancement of Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Walker Review 2009)(BCBS)(APRA)(IIF) Banks – Chief Risk Officer (CRO) – Reporting Lines – Enhancement of Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (EC)(Walker Review 2009)(IIF)(BCBS) Banks – Chief Risk Officer (CRO) – Role and Responsibilities – Enhancement of Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF)(BCBS)

No

Table 10.2 (continued)

CRORole&Resps (+) [BrdSkills] (+)

CROReportLines (+) [BrdSkills] (+)

CROFailRedFlagDefineLikelihood (−) [TransTimeMon] (+) in the negative direction CROFailRedFlagMultiBU (−) [TransTimeMon] (+) in the negative direction CROFixedRemWeight (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) CROIndConds (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

Stage 2 44.2

Stage 2 44.1

Stage 2 44.1

Stage 2 12.18

Stage 2 45.10

−8/100.00

+7/87.50

Stage 2 45.10

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

202 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

340.

339.

338.

337.

336.

335.

334.

333.

Banks – Chief Risk Officer (CRO) – Status Conditions – Enhancement of Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (EC)(IIF) Chief Risk Officer (CRO) – Target Fixed and Variable Remuneration Equivalent to Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (APRA) Bank Culture – Box-Ticking Approach to Risk Management Focused on Process – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Culture of Complacency in Addressing Risk Management Shortcomings/Issues – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Attributing Outcomes to Complexity, Bureaucracy and Scale of Bank – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Consistency of Risk Culture with Bank’s Risk Appetite and Strategy – Enhancement of Monitoring Effect – Enhancement in the Quality of Decision-making (APRA) Bank Culture – Consistency of Approach to Risk Management Through the Economic Cycle – Enhancement of Monitoring Effect – Enhancement in the Quality of Decision-making (APRA) Bank Culture – Constructive Challenge – Enhancement of Monitoring Effect – Enhancement in the Quality of Decision-making (APRA) CultConstructChallenge (+) [BrdSkills] (+)

CultConsistRiskManEcoCycle (+) [BrdSkills] (+)

CROTargetFixVarMix (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) CultBoxTickProcess (−) [BrdSkills] (+) in the negative direction CultComplacency (−) [BrdSkills] (+) in the negative direction CultComplex&Scale (−) [BrdSkills] (+) in the negative direction CultConsistRiskApp (+) [BrdSkills] (+)

CROStatusConds (+) [BrdSkills] (+)

Stage 2 40.2.1

Stage 2 40.2.1

Stage 2 40.2.1

−7/87.50

−7/87.50

−7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 40.1

Stage 2 40.1

Stage 2 40.1

Stage 2 12.18

−7/87.50

+7/87.50

Stage 2 44.1

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 203

341.

346.

345.

344.

343.

342.

Governance variable and description and source

Bank Culture – Embedding of Risk Culture Across Different Parts of the Business – Enhancement of Monitoring Effect – Enhancement in the Quality of Decision-making (APRA) Bank Culture – Attributing Outcomes to Non-controllable Factors – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Senior Leadership Failure to Align Values with Risk Management Actions/Practices – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Culture of Collegiality, Collaboration and Trust – Failure of Comprehensive Analysis of Data on Risk Issues – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Inconsistent/Weak Credibility, Authority and Respect of Risk Function – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Failure of Information Escalated to Highlight Broad Issues of Risk, Reputation and Customer – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA)

No

Table 10.2 (continued)

CultFailAuthRiskFn (−) [BrdSkills] (+) in the negative direction CultFailBroadIssues (−) [BrdSkills] (+) in the negative direction

CultExternalisation (−) [BrdSkills] (+) in the negative direction CultFailAlignValuesActions (−) [BrdSkills] (+) in the negative direction CultFailAnalyseRisk (−) [BrdSkills] (+) in the negative direction

CultEmbedAcrossBus (+) [BrdSkills] (+)

Stage 2 40.1

Stage 2 40.2.1

Stage 2 40.2.4

Stage 2 40.2.6

Stage 2 13.1 40.2.3 Stage 2 40.2.2

−7/87.50

−7/87.50

−7/87.50

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

204 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

353.

352.

351.

350.

349.

348.

347.

Bank Culture –- Culture of Collegiality, Collaboration and Trust – Focus on Operating with Good Intent Over Risk Management – Failure of Focus on Capability and Consequences – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Culture of Collegiality, Collaboration and Trust – Failure to Challenge at Board Level – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Culture of Collegiality, Collaboration and Trust – Failure to Challenge at Executive Committee Level – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Failure of Board to Oversee/Hold Accountable Management for Closure of Risks – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture –- Culture of Collegiality, Collaboration and Trust – Failure of Collective Accountability – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Lack of Collective Responsibility for Risk Management – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture –- Culture of Collegiality, Collaboration and Trust – Failure to Identify Systemic Issues from Customer Complaints – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) CultFailChallengeBrd (−) [BrdSkills] (+) in the negative direction CultFailChallengeEC (−) [BrdSkills] (+) in the negative direction CultFailClosureRisk (−) [BrdSkills] (+) in the negative direction CultFailCollectiveAcc (−) [BrdSkills] (+) in the negative direction CultFailCollectiveRisk (−) [BrdSkills] (+) in the negative direction CultFailCustIDSystIss (−) [BrdSkills] (+) in the negative direction

CultFailCapable&Conseq (−) [BrdSkills] (+) in the negative direction Stage 2 40.2.7

Stage 2 40.2.7

Stage 2 40.2.4

Stage 2 40.2.7

Stage 2 40.2.1

Stage 2 40.2.9

−7/87.50

−7/87.50

−7/87.50

−7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 40.2.8

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 205

354.

358.

357.

356.

355.

Governance variable and description and source

Bank Culture –- Culture of Collegiality, Collaboration and Trust – Failure to Address Customer Complaints with Long-Term Customer Outcomes – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture –- Culture of Collegiality, Collaboration and Trust – Failure to Address Customer Complaints with Long-Term Risk Outcomes – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture –- Culture of Collegiality, Collaboration and Trust – Failure to Invest in Long-Term Solutions from Customer Complaints – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Failure of Executive Committee to Consider Operational and Compliance Emerging Risks – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Failure of Executive Committee for Consideration of Long-Term Issues – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA)

No

Table 10.2 (continued)

CultFailECEmergingRisk (−) [BrdSkills] (+) in the negative direction CultFailECMeetLongTerm (−) [BrdSkills] (+) in the negative direction

CultFailCustLTSolns (−) [BrdSkills] (+) in the negative direction

CultFailCustLTRiskOuts (−) [BrdSkills] (+) in the negative direction

CultFailCustLTCustOuts (−) [BrdSkills] (+) in the negative direction

Stage 2 40.2.9

Stage 2 40.2.9

Stage 2 40.2.9

Stage 2 40.2.4

Stage 2 40.2.5

−7/87.50

−7/87.50

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

206 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Bank Culture – Failure to Transfer Learnings from Risk Impacts to Downstream Activities – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Failure to Transfer Learnings from Risk Impacts to Upstream Activities – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture –- Culture of Collegiality, Collaboration and Trust – Failure of Constructive Challenge and Cross-Examination Across 3 Lines of Defence – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA)

363.

365.

364.

362.

361.

360.

Bank Culture – Failure of Executive Committee for Long-Term Thinking and Exploration – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Culture of Collegiality, Collaboration and Trust – Failure to be Receptive/Deal With Feedback, Challenge or Conflict Effectively – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Inconsistent and Weak Influence of the Risk Function Across the Bank – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Prolonging/Failure to Follow-through to Resolution of Issues – Reduction of Monitoring Effect (APRA)

359.

CultFailInfluenceRiskFn (−) [BrdSkills] (+) in the negative direction CultFailIssueResolve (−) [BrdSkills] (+) in the negative direction CultFailLearnRisksDown (−) [BrdSkills] (+) in the negative direction CultFailLearnRisksUp (−) [BrdSkills] (+) in the negative direction CultFail3LinesChall&Exam (−) [BrdSkills] (+) in the negative direction

CultFailECMeetSpeed (−) [BrdSkills] (+) in the negative direction CultFailFeedbackConflict (−) [BrdSkills] (+) in the negative direction Stage 2 40.2.7

Stage 2 40.2.3

Stage 2 40.2.2

Stage 2 40.2.5

Stage 2 40.2.5

Stage 2 40.2.6

−7/87.50

−7/87.50

−7/87.50

−7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 40.2.5

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 207

366.

371.

370.

369.

368.

367.

Governance variable and description and source

Bank Culture – Failure of Three Lines of Defence Model Through Blurred Responsibilities and Lack of Ownership – Reduction of Monitoring Effect – Reduction in Quality of Decision-making – Reduction in Quality of Accountability/Responsibility (APRA) Bank Culture – Failure of Logged Issues for Learning of Frontline Staff – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Failure of Middle Management to “Embed Lessons and Instigate Behavioural and Mindset Changes” – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Failure of Board to Oversee/Hold Accountable Management for Mitigation of Risks – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Risk Function Perceived as Low Priority Administrative Function or Policy Writing – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture –- Culture of Collegiality, Collaboration and Trust – Focus on Operating with Good Intent Over Risk Management – Failure to Address Process and System Weaknesses – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA)

No

Table 10.2 (continued)

CultFailLoggedIssuesLearn (−) [BrdSkills] (+) in the negative direction CultFailMidManLearnBehave (−) [BrdSkills] (+) in the negative direction CultFailMitigateRisk (−) [BrdSkills] (+) in the negative direction CultFailPerceiveRiskFn (−) [BrdSkills] (+) in the negative direction CultFailProcess&SystWeak (−) [BrdSkills] (+) in the negative direction

CultFail3LinesRespOwn (−) [BrdSkills] (+) in the negative direction

Stage 2 40.2.4

Stage 2 40.2.5

Stage 2 40.2.5

Stage 2 40.2.4

Stage 2 40.2.3

Stage 2 40.2.8

−7/87.50

−7/87.50

−7/87.50

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

208 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

379.

378.

377.

376.

375.

374.

373.

372.

Bank Culture – Failure of Content to be Real Time Emerging Issues – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Failure of Remuneration Outcomes for Referral, Consistency and Learning – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Failure to Reward and Recognise Sound Risk Management Practices – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture –- Failure of Space, Time and Permission for Learning – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Failure to Transfer Learnings from Business Units Across Group – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Favourable Operating Conditions Amplifying Self-satisfaction – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Past Performance and Longevity of the CEO – Entrenchment Effect – Reduction in Monitoring of CEO, Executives and Management (Walker Review 2009) Bank Culture – Low and Varied Capability of Risk Function and Risk and Compliance Staff – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA)

CultFailRealTimeIssues (−) [BrdSkills] (+) in the negative direction CultFailRemOutcomesLearn (−) [BrdSkills] (+) in the negative direction CultFailRewardRiskMan (−) [BrdSkills] (+) in the negative direction CultFailSpaceTimePermitLearn (−) [BrdSkills] (+) in the negative direction CultFailTransferBULearn (−) [BrdSkills] (+) in the negative direction CultFavEcoConds (−) [BrdSkills] (+) in the negative direction CultLongCEO (−) [BrdIndMon] (+) in the negative direction CultLowCapabilityRiskFn (−) [BrdSkills] (+) in the negative direction Stage 2 40.2.5

Stage 2 40.2.4

Stage 2 40.2.5

Stage 2 40.2.5

Stage 2 40.2.1

Stage 2 29.2

Stage 2 40.2.3

−7/87.50

−7/87.50

−7/87.50

−7/87.50

−7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 40.2.2

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 209

380.

385.

384.

383.

382.

381.

Governance variable and description and source

Bank Culture – Low Resources and Empowerment of Risk Function and Risk and Compliance Staff – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Non-Executive Directors – Review of Appropriate Steps to Communicate Values, Codes and Policies – Enhancement of Monitoring Effect (Walker Review 2009 and BCBS Guidelines 2015) Bank Culture – Non-Executive Directors – Review and Oversight of Disciplinary Actions for Breaches of Values, Codes and Policies – Enhancement of Monitoring Effect (Walker Review 2009 and BCBS Guidelines 2015) Bank Culture – Review of Existing Business Market and Other Conditions by Non-Executive Directors – Enhancement of Monitoring Effect (Walker Review 2009 and BCBS Guidelines 2015) Bank Culture – Review of New Products by Non-Executive Directors – Enhancement of Monitoring Effect (Walker Review 2009 and BCBS Guidelines 2015) Bank Culture – Interaction between Non-Executive Directors and Executive Directors – NED Observers on Executive Risk Committee – Enhancement of Monitoring Effect (Walker Review 2009 and BCBS Guidelines 2015)

No

Table 10.2 (continued)

CultNEDNewProds (+) [BrdIndMon] (+) CultNEDObserve (+) [BrdIndMon] (+)

CultNEDExistBus (+) [BrdIndMon] (+)

CultNEDDiscipline (+) [BrdIndMon] (+)

CultLowResourcesRiskFn (−) [BrdSkills] (+) in the negative direction CultNEDCommun (+) [BrdIndMon] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 29.2 40 Stage 2 29.2 40

Stage 2 29.2 40

Stage 2 29.2 40

Stage 2 29.2 40

Stage 2 40.2.3

Section Ref. (Relational Effect Path in bold)

210 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

393.

392.

391.

390.

389.

388.

387.

386.

Bank Culture – Non-Executive Directors – Review of Risk Awareness, Appetite and Limits – Enhancement of Monitoring Effect (Walker Review 2009 and BCBS Guidelines 2015) Bank Culture – Review of Strategy by Non-Executive Directors – Enhancement of Monitoring Effect (Walker Review 2009 and BCBS Guidelines 2015) Bank Culture – Non-executive Directors – Review and Oversight of Corporate Values – Enhancement of Monitoring Effect (Walker Review 2009 and BCBS Guidelines 2015) Bank Culture – Avoiding Ownership of Outcomes by Following/ Concentrating on Process – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Perception of Bank-Wide Risk Conservatism – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture –- Poor Behaviours Relating to Risk Management Risk – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture –- Poor Execution of Risk Management Practices – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Culture of Reactivity Rather than Pre-emption Regarding Risk – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) CultNEDStrat (+) [BrdIndMon] (+) CultNEDValues (+) [BrdIndMon] (+) CultOutcomeProcess (−) [BrdSkills] (+) in the negative direction CultPerceiveConserv (−) [BrdSkills] (+) in the negative direction CultPoorBehaveRiskMan (−) [BrdSkills] (+) in the negative direction CultPoorExecuteRiskMan (−) [BrdSkills] (+) in the negative direction CultReactive (−) [BrdSkills] (+) in the negative direction

CultNEDRiskAppLimits (+) [BrdIndMon] (+)

Stage 2 40.2.4

Stage 2 40.2.4

Stage 2 40.2.2

−7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 40.2.1

Stage 2 29.2 40 Stage 2 29.2 40 Stage 2 40.2.1

Stage 2 29.2 40

−7/87.50

−7/87.50

+7/87.50

+7/87.50

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 211

394.

398.

397.

396.

395.

Governance variable and description and source

Bank Culture – Role Modelling of Good Risk Behaviours by Leaders – Enhancement of Monitoring Effect – Enhancement in the Quality of Decision-making (APRA) Bank Culture – Slowness in Complying with Regulatory Requests – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA) Bank Culture – Tone At the Top – Enhancement of Monitoring Effect – Enhancement in the Quality of Decision-making (APRA) Bank Culture – Transparency and Timeliness of Information Flows with No Blame – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making (APRA) Director/CEO Compensation Levels (Stage 1)

No

Table 10.2 (continued)

DirCEO$ (+/−)

CultSlowRegRequest (−) [BrdSkills] (+) in the negative direction CultToneAtTop (+) [BrdSkills] (+) CultTransTimeNoBlame (+) [TransTimeMon] (+)

CultRoleModelRiskBehave (+) [BrdSkills] (+)

+/−7/87.50

+8/100.00

Stage 1 5.2.2.1.1 5.2.3.2 6.2.3.1.4 10.2.4 Stage 2 11.2 12.4

Stage 2 40.1

Stage 2 40.1

Stage 2 40.2

−7/87.50

+7/87.50

Stage 2 40.1

Section Ref. (Relational Effect Path in bold)

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

212 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Duality of CEO/Chair Positions – Probability of Earnings Manipulation (Stage 1)

Duality of CEO/Chair Positions – Effect on Strategic Decision-making (Stage 1)

Duality of CEO/Chair Positions – Monitoring and DecisionQuality ‘Trade-off’ (Stage 1)

Banks – Executive Committee – Failure of Process to Escalate “Risks Arising from Severe Individual Complaints to Executive Committee” – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Metrics and Analysis of Customer Complaints – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA)

400.

401.

402.

403.

404.

Duality of CEO/Chair Positions – CEO Dismissal Probability (Stage 1)

399.

ECmCustRedFlagAnalyse (+) [TransTimeMon] (+)

ECmCustFailRedFlagEscalate (−) [TransTimeMon] (+) in the negative direction

DualTrade (+/−)

DualStrat (−)

DualEarn (−)

DualDismiss (−)

+8/100.00

−8/100.00

+/−7/87.50

−4/50.00

−7/87.50

−7/87.50

(continued)

Stage 2 45.11

Stage 1 8.6.3 Stage 2 34.2 Stage 1 9.2.1.1.3 Stage 2 34.2 Stage1 8.6.3 Stage 2 34.2 Stage 1 8.6.1–8.6.2 Stage 2 34.1 34.2 Stage 2 45.11

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 213

405.

408.

407.

406.

Governance variable and description and source

Banks – Executive Committee – Analysis of Individual Material Customer Complaints Giving Rise to Regulatory Breach or Reputational Damage – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Reporting of Remediation Status of Individual Material Customer Complaints – Closure, Extension or Delay – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Analysis of Systemic Issues in Customer Complaints Giving Rise to Regulatory Breach – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Analysis of Systemic Issues in Customer Complaints Giving Rise to Reputational Damage – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA)

No

Table 10.2 (continued)

ECmCustRedFlagSystReput (+) [TransTimeMon] (+)

ECmCustRedFlagSystRegBr (+) [TransTimeMon] (+)

ECmCustRedFlagRemedStatus (+) [TransTimeMon] (+)

ECmCustRedFlagIndivMat (+) [TransTimeMon] (+)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 45.11

Stage 2 45.11

Stage 2 45.11

Stage 2 45.11

Section Ref. (Relational Effect Path in bold)

214 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

414.

413.

412.

411.

410.

409.

Banks – Executive Committee – Analysis of Trends in Customer Complaints by Volume and Topic – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Failings in Oversight of Data Risk and Data Quality – Reduction in Information Flow -Reduction in Quality of Board and Committee Risk Management, Internal Monitoring and Decision-making (APRA) Banks – Executive Committee – Failings in Validity and Accuracy of Data – Reduction in Information Flow – Reduction in Quality of Board and Committee Risk Management, Internal Monitoring and Decision-making (APRA) Banks – Executive Committee – Failure of Investment in Medium Rated Projects before High Status – Proposal Criteria for Infrastructure Resilience Projects – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Failure of Investment in Medium Rated Projects before High Status – Proposal Criteria for Mandatory Projects – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Failure of Investment in Medium Rated Projects before High Status – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) ECmFailInvestMedRated (−) [BrdSkills] (+) in the negative direction

ECmFailInvestMandCriteria (−) [BrdSkills] (+) in the negative direction

ECmFailDataRisk&Quality (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction ECmFailDataValidAccurate (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction ECmFailInvestInfraResilCriteria (−) [BrdSkills] (+) in the negative direction

ECmCustRedFlagTrends (+) [TransTimeMon] (+)

Stage 2 36.8

Stage 2 36.8

Stage 2 45.13

Stage 2 45.13

Stage 2 45.13

−8/100.00

−8/100.00

−7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 45.11

+8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 215

Banks – Executive Committee – Failure to Redirect Management Attention to Prioritise Investment in Mandatory/Compliance, Risk Mitigation and Infrastructure Resilience Projects Prior to ‘High Rated’ Status – Interim Remediation Period – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA)

415.

419.

418.

417.

416.

Governance variable and description and source

Banks – Executive Committee – Failure to have “Comprehensive Written Risk Assessment” for Submission to Executive Committee – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Failure to Fund or Progress Mandatory/Compliance, Risk Mitigation and Infrastructure Resilience Projects – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Failure to have Assessment of Cumulative Risk of Rejected and Deferred Projects Over Time on Risk Profile – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Failure to have Risk Assessment of Deferred Projects on Risk Profile – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA)

No

Table 10.2 (continued)

ECmFailInvestRiskDefer (−) [BrdSkills] (+) in the negative direction ECmFailInvestRiskManTime (−) [BrdSkills] (+) in the negative direction

ECmFailInvestRiskCumul (−) [BrdSkills] (+) in the negative direction

ECmFailInvestRiskCROBacklog (−) [BrdSkills] (+) in the negative direction

ECmFailInvestRiskAssess (−) [BrdSkills] (+) in the negative direction

Stage 2 45.13

Stage 2 45.13

Stage 2 45.13

Stage 2 45.13

Stage 2 45.13

−7/87.50

−7/87.50

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

216 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Banks – Executive Committee – Failure to ‘Scale Back’ Investment in ‘Growth’ Proposals to Prioritise Mandatory/Compliance, Risk Mitigation and Infrastructure Resilience Projects Prior to ‘High Rated’ Status – Interim Remediation Period – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA)

424.

423.

422.

421.

Banks – Executive Committee – Failure of Investment in Medium Rated Projects before High Status – Proposal Criteria for Risk Mitigation Projects – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Failure to Prioritise Investment in Mandatory/Compliance, Risk Mitigation and Infrastructure Resilience Projects Prior to ‘High Rated’ Status – Interim Remediation Period – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Failure of Timely Business Case or Timely Execution of Endorsed Program for Mandatory/Compliance, Risk Mitigation and Infrastructure Resilience Projects – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Failure to have Risk Assessment of Rejected Projects on Risk Profile – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA)

420.

ECmFailInvestRiskReject (−) [BrdSkills] (+) in the negative direction ECmFailInvestRiskScaleBack (−) [BrdSkills] (+) in the negative direction

ECmFailInvestRiskProgramTime (−) [BrdSkills] (+) in the negative direction

ECmFailInvestRiskPrioritise (−) [BrdSkills] (+) in the negative direction

ECmFailInvestRiskMitCriteria (−) [BrdSkills] (+) in the negative direction Stage 2 45.13

Stage 2 45.13

Stage 2 45.13

Stage 2 45.13

−7/87.50

−7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 45.13

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 217

425.

429.

428.

427.

426.

Governance variable and description and source

Banks – Executive Committee – Deferring or Restricting Expenditure on Mandatory/Compliance, Risk Mitigation and Infrastructure Resilience Projects to Achieve Short-Term Financial Objectives – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Failure to Fund or Progress “Top Ten” Risk or Control Issues – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Failings in Risk Reporting for Risk Management and Culture – Reduction in Information Flow – Reduction in Quality of Board and Committee Risk Management, Internal Monitoring and Decision-making (APRA) Banks – Executive Committee – Failings in Risk Reporting for Systems Resilience, Recovery, Data Storage and Integrity – Reduction in Information Flow – Reduction in Quality of Board and Committee Risk Management, Internal Monitoring and Decision-making (APRA) Banks – Executive Committee – Investment in ‘Mandatory’/ Compliance Obligation Projects – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA)

No

Table 10.2 (continued)

ECmInvestHighRatedMand (+) [BrdSkills] (+)

ECmFailInvestRiskTopTen (−) [BrdSkills] (+) in the negative direction ECmFailRiskReportRiskCult (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction ECmFailRiskReportSystems (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

ECmFailInvestRiskSTTradeOff (−) [BrdSkills] (+) in the negative direction

Stage 2 36.8

Stage 2 36.8

−8/100.00

−8/100.00

Stage 2 45.13

Stage 2 45.13

−7/87.50

+7/87.50

Stage 2 45.13

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

218 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Banks – Executive Directors – Risk Modelling of Securitized Products – Failure to Price Risk Accurately – Reduction in Risk Management, Monitoring and Decision Quality (Van Den Berge)

433.

432.

431.

Banks – Executive Committee – Investment in Risk Mitigation Projects – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Committee – Emphasise “the ‘Should We?’ Question in All Interactions with Customers and Key Decisions Relating to Customers” – To Prioritise Mandatory/Compliance, Risk Mitigation and Infrastructure Resilience Projects Prior to ‘High Rated’ Status – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Executive Directors – Credit Ratings of Securitized Products – Conflicts of Interest of Ratings Agencies – Reduction in Risk Management, Monitoring and Decision Quality

430.

EDRiskModelPrice (−) [BrdSkills] (+) in the negative direction

EDRatingsGrade (−) [BrdSkills] (+) in the negative direction

ECmInvestRiskCustPriority (+) [BrdSkills] (+)

ECmInvestHighRatedRiskMit (+) [BrdSkills] (+)

(continued)

Stage 2 27.2 27.3 42.8 45.2 Stage 2 27.1 27.2 27.3 42.8 45.2

−7/87.50

−7/87.50

Stage 2 45.13

Stage 2 45.13

+7/87.50

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 219

Governance variable and description and source

Equity/Option Plans and Holdings of Directors/Executives – ‘Entrenchment’ Effect (excludes short-term options) (Stage 1)

No

434.

Table 10.2 (continued)

EqOptEntrch (−)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox Stage 1 5.2.2.1 5.2.3.2.1 6.2.3.1.4 10.2.4 Stage 2 1.1 4.5 4.10 5 10 11.2 12.4 12.5 12.6 12.7 12.8 12.20 13.1 13.2 13.3 13.4 14 15 18.1 19.1 19.2 19.3 20.4 30.6

Section Ref. (Relational Effect Path in bold)

220 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

435.

Equity/Option Plans and Holdings of Directors/Executives – Incentive/‘Alignment’ Effect (excludes short-term options) (Stage 1)

EqOptIncent (+) +7/87.50

(continued)

Stage 1 5.2.2.1 5.2.3.2.1 6.2.3.1.4 10.2.4 Stage 2 1.1 4.5 4.10 5 10 11.2 12.4 12.5 12.6 12.7 12.8 12.20 12.23 13.1 13.2 13.3 13.4 14 15 18.1 19.1 19.2 19.3 20.4 21.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 221

Governance variable and description and source

Equity and Options for Executives and High End Employees – Level EqOptRiskAlignHighEnd of Risk-Taking in Alignment with Shareholder Interests (+) [EqOptIncent] (+)

436.

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

No

Table 10.2 (continued)

21.2 21.3 21.4 21.5 21.6 21.7 21.8 44.4 Stage 2 4.10 9.2 12.5 12.6 12.7 12.8 12.11 12.12 12.13 12.16 12.18 12.20 12.21 12.22 12.23 13.1 13.2

Section Ref. (Relational Effect Path in bold)

222 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

437.

Equity and Options for Executives and High End Employees – Risk- EqOptRiskFailHighEnd Taking in Excess of Risk Appetite – Likelihood of Bank Failure (−) [EqOptEntrch] (−)

−7/87.50

(continued)

13.3 13.4 14 15 16.1 16.5 16.6 16.7 17.1 18.1 19.1 19.2 19.3 20.4 21.1 21.2 21.3 21.4 21.5 21.6 21.7 21.8 44.4 Stage 2 4.10 9.2 12.5 12.6 12.7 12.8 12.11 12.16

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 223

No

Governance variable and description and source

Table 10.2 (continued) Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox 12.18 12.19 12.20 12.21 12.25 13.1 13.2 13.3 13.4 14 15 16.1 16.3 16.4 16.5 16.6 17.1 17.4 18.1 19.1 19.2 19.3 20.4 30.6

Section Ref. (Relational Effect Path in bold)

224 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Equity Holdings of Lower Level Management – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure

External/Independent Audit Function (Stage 1)

Banks – Board Oversight of Risk Management – Failure to Align Corporate Strategy, Risk Appetite and the Internal Risk Management Structure – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (EC Green Paper 2010 and OECD Key Findings 2009) Banks – Board Oversight of Risk Management – Improper Delegation of Risk Oversight Function – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (Walker Review 2009) Banks – Board Oversight of Risk Management – Failure to Identify Risks inherent in CDOs and Other Financial Products – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (Mülbert)

439.

440.

441.

443.

442.

Equity Holdings of Higher Level Management – Effect of Risk-Taking

438.

FailBrdOversight (−) [BrdSkills] (+) in the negative direction FailCDORisks (−) [TransTimeMon] (+) in the negative direction

FailAlignStratAppStruct (−) [TransTimeMon] (+) in the negative direction

EquityHigherLvlMan (+/−) [EqOptRiskFailHighEnd] (−) and [EqOptEntrch] (−) in the dual direction EquityLowerLvlMan (−) [EqOptRiskFailHighEnd] (−) and [EqOptEntrch] (−) ExtAudEarn (+)

Stage 2 38.9 42.8 45.2

−8/100.00

(continued)

Stage 2 42.6

−7/87.50

−8/100.00

Stage 1 5.2.4 9.2.3.3 Stage 2 38.20 42.6

Stage 2 16.3 16.5

−7/87.50

+7/87.50

Stage 2 16.3 16.5

+/−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 225

444.

447.

446.

445.

Governance variable and description and source

Banks – Board Oversight of Risk Management – Failure of Clear Lines of Accountability/Responsibility – Failure of Chief Risk Officer (CRO) to Report Directly to Board and Board Risk Committee in Addition to CEO – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (EC Green Paper 2010) Banks – Board Oversight of Risk Management – Failure of Expertise or Experience of Risk Management Employees – Failure to Identify Whole Range of Risks – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (EC Green Paper 2010) Banks – Board Oversight of Risk Management – Failure to Identify Firm-Wide Risk – Reduction of Information Flow to the Board – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (OECD Key Findings 2009) Banks – Board Oversight of Risk Management – Failure to Identify New Risks – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (Mülbert)

No

Table 10.2 (continued)

FailIdentifyNewRisks (−) [TransTimeMon] (+) in the negative direction

FailFirm-WideRisk (−) [TransTimeMon] (+) in the negative direction

FailExpertExperRiskMan (−) [TransTimeMon] (+) in the negative direction

FailCROReportBrdBRC (−) [TransTimeMon] (+) in the negative direction

Stage 2 38.22

Stage 2 38.16

Stage 2 38.4 45.2

Stage 2 38.8 45.2

−8/100.00

−8/100.00

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

226 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

452.

451.

450.

449.

448.

Banks – Board Oversight of Risk Management – Failure in Information Flow on Leverage and Risks due to Over-Reliance on Regulatory Capital Ratios and Rate of Return on Equity – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (OECD Key Findings 2009) Banks – Board Oversight of Risk Management – Failure of Information Flow to Senior Management due to ‘Silo Structures’ – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (Mülbert) Banks – Board Oversight of Risk Management – Separation and Low Status of Risk Managers – Causing Deficiency or Reduction in Flow of Information from Management to Risk Managers – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (OECD Key Findings 2009 and EC Green Paper 2010) Banks – Board Oversight of Risk Management – Failure to Devote Sufficient Management Time to Manage Risks Due to Volatility of Risk, Maturity Transformation (Borrowing Short and Lending Long) and Systemic Risk – Reduction of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (EC Green Paper 2010) Banks – Board Oversight of Risk Management – Failure of Assumptions in Risk Models – Failure of Information Flow to Board – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (OECD Kirkpatrick Report 2009) FailModelAssumpt (−) [TransTimeMon] (+) in the negative direction

FailManageTimeRisks (−) [TransTimeMon] (+) in the negative direction

FailLowStatus (−) [TransTimeMon] (+) in the negative direction

FailInfoSilos (−) [TransTimeMon] (+) in the negative direction

FailInfoLevRisk (−) [TransTimeMon] (+) in the negative direction

Stage 2 38.10 45.2

Stage 2 13.1 38.5 45.2

Stage 2 38.19

Stage 2 38.13 45.2

−8/100.00

−8/100.00

−8/100.00

−8/100.00

(continued)

Stage 2 38.7 42.6 45.2

−8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 227

453.

454.

Governance variable and description and source

Banks – Board Oversight of Risk Management – Failure to Monitor Changes in Risks in Real Time – Failure to Escalate Information on Risks Rapidly Upward Through All Levels of Bank in Real Time – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (EC Green Paper 2010) Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (OECD Key Findings 2009, OECD Kirkpatrick Report 2009 and EC Green Paper 2010)

No

Table 10.2 (continued)

FailRedFlag (−) [TransTimeMon] (+) in the negative direction

FailMonRisksRealTime (−) [TransTimeMon] (+) in the negative direction

Stage 2 38.17 45.2

Stage 2 4.12 36.2 36.3 36.7 36.8 36.9 36.10 38.6 38.17 39 39.18 40.1 40.3.1 43.5 43.6 45.1 45.2 45.7

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

228 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

460.

459.

458.

457.

456.

455.

Banks – Responding to Regulatory Issues Raised by Regulators – Delay in Complying with Regulatory Requests – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Responding to Regulatory Issues Raised by Regulators – Legal Interpretation put before Customer Outcomes – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Responding to Regulatory Issues Raised by Regulators – Legal Interpretation put before Risk – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Responding to Regulatory Issues Raised by Regulators – Failure to Prioritise Concerns – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Responding to Regulatory Issues Raised by Regulators – Slowness or Disinterest in Responding – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Board Oversight of Risk Management – Failure by Board to Review Internal Structure (Continuous), Risk Culture and Information Flow about Risks – Failure of Clear Lines of Accountability/Responsibility – Failure to Monitor Risk Culture – Failure to Monitor Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (OECD Kirkpatrick Report 2009 and OECD Key Findings 2009) FailReviewStructCultInfoRisk (−) [TransTimeMon] (+) in the negative direction

FailRegRedFlagSlow (−) [TransTimeMon] (+) in the negative direction

FailRegRedFlagPriority (−) [TransTimeMon] (+) in the negative direction

FailRegRedFlagLegalRisk (−) [TransTimeMon] (+) in the negative direction

FailRegRedFlagLegalCust (−) [TransTimeMon] (+) in the negative direction

FailRegRedFlagDelay (−) [TransTimeMon] (+) in the negative direction Stage 2 45.12

Stage 2 45.12

Stage 2 45.12

Stage 2 45.12

Stage 2 38.14 45.2 45.15

−8/100.00

−8/100.00

−8/100.00

−8/100.00

−8/100.00

(continued)

Stage 2 45.12

−8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 229

461.

464.

463.

462.

Governance variable and description and source

Banks – Board Oversight of Risk Management – Failure to Understand and Compare Bank’s Risk Position Relative to Risk Appetite – Failure of Information Flow to Board – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (Mülbert) Banks – Board Oversight of Risk Management – Failure to Separate Risk Management and Control from Profit Centres – Failure of Clear Lines of Accountability/Responsibility – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (EC Green Paper 2010) Banks – Board Oversight of Risk Management – Failure of Information Flow Due to Conducting Stress Testing with Past Information – Failure of Forward Stress-Testing – Failure to Identify New Risks – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (OECD Kirkpatrick Report 2009 and OECD Key Findings 2009) Banks – Board Oversight of Risk Management – Failure to Train Employees Responsible for Distributing Risk Products – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (EC Green Paper 2010)

No

Table 10.2 (continued)

FailTrainRiskProds (−) [TransTimeMon] (+) in the negative direction

FailStressTests (−) [TransTimeMon] (+) in the negative direction

FailSplitRiskProfit (−) [TransTimeMon] (+) in the negative direction

FailRiskPosition (−) [TransTimeMon] (+) in the negative direction

Stage 2 38.12

Stage 2 38.21

Stage 2 38.11 45.2

Stage 2 38.15

−8/100.00

−8/100.00

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

230 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

469.

468.

467.

466.

465.

Banks – Board Oversight of Risk Management – Failure to Disclose Risks in Transparent and Understandable Manner – Failure to Rank Risk Factors in Order of Importance – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (EC Green Paper 2010) Banks – Board Oversight of Risk Management – Failure to Upgrade IT Tools for Complex and Opaque Bank Structures – Failure to Consolidate and Escalate Information on Risks Rapidly Upward Through All Levels of Bank in Real Time – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (EC Green Paper 2010) Banks – FSBP – Board of Directors – Responsibility for Control of Compensation System Beyond Control of CEO and Management – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Board of Directors – Responsibility for Oversight and Design of Compensation System by Board of Directors – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Board of Directors – Responsibility for Control of Compensation System by Non-Executive Board Members and Employees who are Independent and Experts in Risk Management and Compensation – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) FSBComp1IndRiskExpert (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBComp1DesignOperate (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBComp1BeyondCEOExec (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FailUpgradeIT (−) [TransTimeMon] (+) in the negative direction

FailTransRiskFactors&Rank (−) [TransTimeMon] (+) in the negative direction

+7/87.50

+7/87.50

(continued)

Stage 2 13.1

Stage 2 13.1

Stage 2 13.1

Stage 2 38.18

−8/100.00

+7/87.50

Stage 2 38.23 44.8 45.2

−8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 231

470.

475.

474.

473.

472.

471.

Governance variable and description and source

Banks – FSBP – Board of Directors – Compensation System to include Controls – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Board of Directors – Monitoring and Review of Compensation System by Board of Directors – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Board of Directors – Identification of Material Deviations of Compensation Outcomes – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Board of Directors – Identification/Detection of Departures from Rules – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Board of Directors – Identification of Unreasonable or Undesirable Outcomes from System Weaknesses including Imprecise Risk Measures – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Board of Directors – Compensation of Risk-Control Employees Too Low Affecting Quality and Authority of RiskControl Staff – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (FSBP)

No

Table 10.2 (continued)

FSBComp3LowCompQual (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

FSBComp2BrdControls (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBComp2BrdMonReview (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBComp2IDDeviations (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBComp2RuleDepart (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBComp2SystemWeaks (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

Stage 2 13.1

Stage 2 13.1

−7/87.50

Stage 2 13.1

Stage 2 13.1

Stage 2 13.1

Stage 2 13.1

Section Ref. (Relational Effect Path in bold)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

232 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

482.

481.

480.

479.

478.

477.

476.

Banks – FSBP – Board of Directors – Compensation of Risk-Control Employees Not to be Affected by Personnel in Business Units – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Board of Directors – Compensation Quality Measures for Compensation to Avoid Distortions – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Board of Directors – Independence, Authority and Compensation of Risk Staff Independent of Business Area they Oversee – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Board of Directors – Compensation of Risk-Control Employees Affected by Short-Term Measures – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (FSBP) Banks – FSBP – Adjustment to Compensation of All Employees for All Types of Risk Based on Quantitative Measures and Human Judgment – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Adjustment to Compensation of All Employees for All Types of Risk Prospective and Actually Realised – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Adjustment to Compensation of All Employees for Cost of Capital – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) FSBComp4RiskAdjustAll (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBComp4RiskAdjustCostCap (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBComp3ShortTComp (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) FSBComp4Quant&Judge (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBComp3QualMeasures (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBComp3RiskStaffIndAuth (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBComp3NoInfluence (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+7/87.50

(continued)

Stage 2 13.2

Stage 2 13.2

Stage 2 13.2

Stage 2 13.1

−7/87.50

+7/87.50

Stage 2 13.1

Stage 2 13.1

Stage 2 13.1

+7/87.50

+7/87.50

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 233

483.

488.

487.

486.

485.

484.

Governance variable and description and source

Banks – FSBP – Adjustment to Compensation of All Employees for Liquidity Risk – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Adjustment to Compensation of All Employees for Reputational Risk – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Bonuses to Diminish or Disappear for Poor Bank, Divisional or Business Unit Performance – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Compensation Pool Size to be Linked to Overall Performance of Bank – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Employee Incentive Payments Linked to Individual’s Contribution to Overall Bank Performance – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Compensation Outcomes to be Symmetrical with Risk Outcomes (Generally) – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP)

No

Table 10.2 (continued)

FSBComp5RiskSymmetry (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBComp4RiskAdjustLiqRisk (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBComp4RiskAdjustReputRisk (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBComp5BonusDimDisapp (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBComp5BonusPoolSize (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBComp5IncentContribPerform (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) +7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 13.2

Stage 2 13.2

Stage 2 13.2

Stage 2 13.2

Stage 2 13.2

Stage 2 13.2

Section Ref. (Relational Effect Path in bold)

234 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

495.

494.

493.

492.

491.

490.

489.

Banks – FSBP – Variable Compensation Deferred According to Time Horizon of Risks – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Payout for Unrealised or Uncertain Income at Time of Payout – Risk-Taking in Excess of Risk Appetite – Likelihood of bank Failure (FSBP) Banks – FSBP – Compensation Schedule Matched to Time Horizon of Risks – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Payment Over Short Term Where Risks Realised Long Term – Risk-Taking in Excess of Risk Appetite – Likelihood of bank Failure (FSBP) Banks – FSBP – Mix of Cash, Equity and Other Compensation to be Risk Aligned with Employee’s Position and Role – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Bank to have Constructive Relationship with Supervisors to Ensure Compensation Practices Conform with FSB Principles – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBP) Banks – FSBP – Clear, Comprehensive and Timely Information about Compensation Practices – Enhancement in Risk Management and Internal and External Monitoring (FSBP) FSBComp9DisclosePractices (+) [TransTimeMon] (+)

FSBComp6DeferTimeHoriz (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBComp6PayForUnreal (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) FSBComp6RiskTimeHoriz (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBComp6STPayForLTRisks (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) FSBComp7CashEqMixRisk (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBComp8Supervision (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) +8/100.00

+7/87.50

(continued)

Stage 2 13.3 13.4

Stage 2 13.3

Stage 2 13.2

Stage 2 13.2

−7/87.50

+7/87.50

Stage 2 13.2

Stage 2 13.2

−7/87.50

+7/87.50

Stage 13.2

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 235

496.

499.

498.

497.

Governance variable and description and source

Banks – FSBP – Disclosure of Risk Management Controls and Other Control Systems – Enhancement in Risk Management and Internal and External Monitoring (FSBP) Banks – FSBCult – Indicators of a Sound Risk Culture – Accountability – Ownership of Risk – Consequences for Breach of Core Values, Risk Appetite and Risk Culture – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Accountability – Clear Consequences – Severity of Breaches for Policies, Limits and Codes to Affect Compensation, Responsibilities including Termination – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Accountability – Clear Consequences – Consequences Articulated and Applied for Excessive Risk-Taking in Relation to RAS – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making (FSBCult)

No

Table 10.2 (continued)

FSBCultAccConseqExcessRAS (+) [BrdSkills] (+)

FSBCultAccConseqBreaches (+) [BrdSkills] (+)

FSBCultAccConseq (+) [BrdSkills] (+)

FSBComp9DisclRiskManConts (+) [TransTimeMon] (+)

+7/87.50

+7/87.50

+7/87.50

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 13.3

Section Ref. (Relational Effect Path in bold)

236 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

504.

503.

502.

501.

500.

Banks – FSBCult – Indicators of a Sound Risk Culture – Accountability – Escalation Processes – Assessments of Staff Awareness of Escalation Processes – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Accountability – Escalation Processes – Consequences of NonCompliance – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Accountability – Escalation Processes – Mechanisms for Employees to Elevate Concerns Without Discomfort of Wrongdoing – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Accountability – Escalation Processes – Whistleblower Procedures in Place Without Reprisals to Support Risk Management – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Accountability – Ownership of Risk – Monitoring, Reporting and Responding to Emerging Risks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making (FSBCult) FSBCultAccMonReport (+) [BrdSkills] (+)

FSBCultAccEscalWhistleBlow (+) [BrdSkills] (+)

FSBCultAccEscalMechs (+) [BrdSkills] (+)

FSBCultAccEscalConseq (+) [BrdSkills] (+)

FSBCultAccEscalAssess (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 237

505.

508.

507.

506.

Governance variable and description and source

Banks – FSBCult – Indicators of a Sound Risk Culture – Accountability – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Accountability – Ownership of Risk – Sharing Information on Emerging Risks Horizontally and Vertically Within Bank – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Effective Communication and Challenge – Alternative Views and Questions Encouraged and Respected – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Effective Communication and Challenge – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult)

No

Table 10.2 (continued)

FSBCultCommChallenge (+) [BrdSkills] (+)

FSBCultCommAltViews (+) [BrdSkills] (+)

FSBCultAccShareInfo (+) [BrdSkills] (+)

FSBCultAccount (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Section Ref. (Relational Effect Path in bold)

238 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

513.

512.

511.

510.

509.

Banks – FSBCult – Indicators of a Sound Risk Culture – Effective Communication and Challenge – Control Functions (Risk Management, Internal Audit and Compliance) to Advise and Exert Control Tasks in relation to the Bank’s Risk Culture – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Effective Communication and Challenge – Control Functions (Risk Management, Internal Audit and Compliance) are Independent and Have Direct Access to Board and Senior Management with Periodic Reporting – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Effective Communication and Challenge – Mechanisms for Encouraging Alternative Views and Assessing Openness to Challenge of Decision-making – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Effective Communication and Challenge – Stature of Control Function (Risk Management, Internal Audit and Compliance) Equivalent to Business Units and Involved in all Committees and Decisionmaking – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Elements of an Effective Risk Culture – Compensation System in Alignment with Prudent Risk-Taking – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) FSBCultCompSystem (+) [BrdSkills] (+)

FSBCultCommStatureConts (+) [BrdSkills] (+)

FSBCultCommMechs (+) [BrdSkills] (+)

FSBCultCommIndConts (+) [BrdSkills] (+)

FSBCultCommExertConts (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 239

514.

517.

516.

515.

Governance variable and description and source

Banks – FSBCult – Indicators of a Sound Risk Culture – Incentives – Annual Performance Reviews and Objective Setting Supports Core Values and Behaviours and Timely Addressing of Deficiencies – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Incentives – Compensation System Supports Core Values and Sound Risk-Taking with a Well-Documented Process – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Incentives – Compensation System Includes Individual and Group Adherence to Core Values and Risk Culture – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Incentives – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult)

No

Table 10.2 (continued)

FSBCultIncentives (+) [BrdSkills] (+)

FSBCultIncentIndivGrp (+) [BrdSkills] (+)

FSBCultIncentCoreValueRisk (+) [BrdSkills] (+)

FSBCultIncentAnnRev (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Section Ref. (Relational Effect Path in bold)

240 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

522.

521.

520.

519.

518.

Banks – FSBCult – Indicators of a Sound Risk Culture – Incentives – Job Rotation Between Risk Functions and Business Units For Risk Awareness – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Incentives – Remuneration and Performance Metrics Support and Drive Risk-Taking, Risk Appetite and Risk Culture – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Incentives – Risk Management is a Critical Skill Set for Development of Senior Employees – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Incentives – Risk Management Training for All Staff for Risk Competencies – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Incentives – Succession Planning for Key Positions Includes Risk Management Experience – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) FSBCultIncentSuccession (+) [BrdSkills] (+)

FSBCultIncentRiskTrain (+) [BrdSkills] (+)

FSBCultIncentRiskSkills (+) [BrdSkills] (+)

FSBCultIncentMetrics (+) [BrdSkills] (+)

FSBCultIncentJobRotate (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 241

523.

527.

526.

525.

524.

Governance variable and description and source

Banks – FSBCult – Elements of an Effective Risk Culture – Risk Appetite – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Elements of an Effective Risk Culture – Risk Governance – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Assessment of Business Units for Problems In Relation to Risk Management – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Assessment, Communication and Learning from Past Events – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Assessing Whether Management and Staff Understand RAF in Decision-making – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult)

No

Table 10.2 (continued)

FSBCultToneAssessRAF (+) [BrdSkills] (+)

FSBCultToneAssessCommEvents (+) [BrdSkills] (+)

FSBCultToneAssessBU (+) [BrdSkills] (+)

FSBCultRiskGov (+) [BrdSkills] (+)

FSBCultRiskApp (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Section Ref. (Relational Effect Path in bold)

242 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

533.

532.

531.

530.

529.

528.

Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Assessing Values Espoused by Management and Staff – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Open Views, Challenge and Debate – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Effective RAF Supported by RAS – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Identify, Monitor and Assess Risk Culture and Remedy Weaknesses – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Identifying Gaps and Deficiencies – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) FSBCultToneIDGaps (+) [BrdSkills] (+)

FSBCultToneID&Assess&Remedy (+) [BrdSkills] (+)

FSBCultToneFromTheTop (+) [BrdSkills] (+)

FSBCultToneEffectRAF (+) [BrdSkills] (+)

FSBCultToneChallenge (+) [BrdSkills] (+)

FSBCultToneAssessValues (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 243

534.

537.

536.

535.

Governance variable and description and source

Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Integrity and ExampleSetting (Walking the Talk) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Mechanisms to Avoid Domination by Individual or Group – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Mechanisms to Embed RAF and RAS in Decision-making – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Channeling Risk Culture Through Middle Management to Business Units for Undertaking Activities Within Risk Limits – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult)

No

Table 10.2 (continued)

FSBCultToneMiddleToBU (+) [BrdSkills] (+)

FSBCultToneMechsRAFRAS (+) [BrdSkills] (+)

FSBCultToneMechsIndivGrp (+) [BrdSkills] (+)

FSBCultToneIntegrity (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Section Ref. (Relational Effect Path in bold)

244 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

542.

541.

540.

539.

538.

Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Monitoring and Assessing Actual Culture – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Assessment of Promptness and Effectiveness of Issues Addressed by Management – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Recognising, Promoting and Rewarding Behaviour which Reflects Desired Risk Culture and Core Values – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Review of Deficiencies in Risk Management and Identification of Root Causes – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Setting and Assessing Expectations for Risk Culture – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) FSBCultToneSetAssess (+) [BrdSkills] (+)

FSBCultToneReviewRoot (+) [BrdSkills] (+)

FSBCultToneReconReward (+) [BrdSkills] (+)

FSBCultToneMonIssues (+) [BrdSkills] (+)

FSBCultToneMon&Assess (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 245

543.

546.

545.

544.

Governance variable and description and source

Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Senior Management Incentive Structures for Compensation, Roles and Responsibilities and Termination – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Tools, Resources and Information for Directors’ Challenge Function – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-fromthe-Top – Board and Senior Management – Clear Articulation of Values which Support Desired Risk Culture and Behaviours – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBCult) Banks – FSBIS – Compensation/Remuneration Committee – Structure and Governance to Oversee Compensation System – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBIS)

No

Table 10.2 (continued)

FSBIS1CCStructGov (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBCultToneValues (+) [BrdSkills] (+)

FSBCultToneTools (+) [BrdSkills] (+)

FSBCultToneSnrManStruct (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 13.4

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Section Ref. (Relational Effect Path in bold)

246 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

552.

551.

550.

549.

548.

547.

Banks – FSBIS – Risk and Compliance Employees – Remuneration and Performance Measures – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBIS) Banks – FSBIS – Compensation/Remuneration Committee – Total Variable Compensation Does Not Inhibit Strengthening of Capital Base – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBIS) Banks – FSBIS – Compensation/Remuneration Committee – Size and Allocation of Variable Compensation to Take Account All Current and Potential Risks – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBIS) Banks – FSBIS – Compensation/Remuneration Committee – Size of Variable Compensation Pool to Contract for Subdued and Negative Financial Performance of Bank – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBIS) Banks – FSBIS – Compensation/Remuneration Committee – Structure of Variable Compensation of Senior Executives with Material Risk Exposures – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBIS) Banks – FSBIS – Compensation/Remuneration Committee – Deferral Period of at Least 3 Years – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBIS) FSBIS7VarCompDeferPeriod (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBIS6VarCompExecRiskExpose (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBIS5VarCompNegFinPerform (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBIS4VarCompPoolRisks (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBIS2RiskEmployRemPerf (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBIS3VarCompCap (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 13.4

Stage 2 13.4

Stage 2 13.4

Stage 2 13.4

Stage 2 13.4

Stage 2 13.4

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 247

553.

557.

556.

555.

554.

Governance variable and description and source

Banks – FSBIS – Compensation/Remuneration Committee – Substantial Proportion of More than 50% of Variable Compensation to be Equity or Equity-Linked/Non-Cash Instruments – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBIS) Banks – FSBIS – Compensation/Remuneration Committee – Cash Proportion of Variable Compensation to Vest Gradually – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBIS) Banks – FSBIS – Compensation/Remuneration Committee – Restructure of Compensation for Risk and Long-Term Growth in Case of Government Intervention to Stabilise Bank – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBIS) Banks – FSBIS – Compensation/Remuneration Committee – Prohibition of Guaranteed Bonuses Not Based on Risk or Actual Performance – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBIS) Banks – FSBIS – Compensation/Remuneration Committee – Contractual Termination Payments Only Permitted if Based on Long-Term Value Creation and Prudent Risk-Taking – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBIS)

No

Table 10.2 (continued)

FSBIS12TermPayRuleValRisk (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBIS11NoGuarBonuses (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBIS10GovtRestructComp (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBIS9VarCompCashPropn (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBIS8VarCompEquityPropn (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 13.4

Stage 2 13.4

Stage 2 13.4

Stage 2 13.4

Stage 2 13.4

Section Ref. (Relational Effect Path in bold)

248 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

564.

563.

562.

561.

560.

559.

558.

Banks – FSBIS – Compensation/Remuneration Committee – Compliance with FSB Principles and Standards for Sound Compensation – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBIS) Banks – FSBIS – Compensation/Remuneration Committee – Employees to Comply with No Hedging Strategies and/or Compensation- and Liability-Related Insurance – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBIS) Banks – FSBIS – Clear, Comprehensive and Timely Disclosure in an Annual Report about the Compensation System – Enhancement in Risk Management and Internal and External Monitoring (FSBIS) Banks – FSBRAF – Roles and Responsibilities of the Board for an Effective RAF – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBRAF) Banks – FSBRAF – Roles and Responsibilities of the Business Unit Leaders for an Effective RAF – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBRAF) Banks – FSBRAF – Roles and Responsibilities of the CEO for an Effective RAF – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBRAF) Banks – FSBRAF – Roles and Responsibilities of the CFO for an Effective RAF – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBRAF) FSBRAFCFORolesResps (+) [BrdSkills] (+)

FSBRAFCEORolesResps (+) [BrdSkills] (+)

FSBRAFBULeadersRolesResps (+) [BrdSkills] (+)

FSBIS15CompDiscloseAnnReport (+) [CCDiscloseBandElement] (+) identical to [TransTimeMon] (+) FSBRAFBrdRolesResps (+) [BrdSkills] (+)

FSBIS14NoHedgeCompInsure (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBIS13ComplyFSBP&S (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+8/100.00

+7/87.50

+7/87.50

(continued)

Stage 2 41.4

Stage 2 41.4

Stage 2 41.4

Stage 2 41.4

Stage 2 13.4

Stage 2 13.4

Stage 2 13.4

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 249

565.

570.

569.

568.

567.

566.

Governance variable and description and source

Banks – FSBRAF – Roles and Responsibilities of the CRO for an Effective RAF – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBRAF) Banks – FSBRAF – Elements for an Effective RAF – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBRAF) Banks – FSBRAF – Roles and Responsibilities of the Internal Audit Function for an Effective RAF – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBRAF) Banks – FSBRAF – Elements for Effective Risk Limits – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBRAF) Banks – FSBRAF – Elements for an Effective Risk Appetite Statement (RAS) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSBRAF) Banks – FSBSupp – Board Oversight of Compensation System for Ethical Behaviour and Compliance with Laws, Regulations and Internal Conduct Standards – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBSupp)

No

Table 10.2 (continued)

FSBSupp1BrdOsightEthComply (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSBRAFRASElements (+) [BrdSkills] (+)

FSBRAFLimitElements (+) [BrdSkills] (+)

FSBRAFIntAuditRolesResps (+) [BrdSkills] (+)

FSBRAFElements (+) [BrdSkills] (+)

FSBRAFCRORolesResps (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 18.1

Stage 2 41.2

Stage 2 41.3

Stage 2 41.4

Stage 2 41.1

Stage 2 41.4

Section Ref. (Relational Effect Path in bold)

250 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

577.

576.

575.

574.

573.

572.

571.

Banks – FSBSupp – Elements of Compensation System Design – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBSupp) Banks – FSBSupp – Board Responsibility/Accountability for Overseeing Misconduct – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBSupp) Banks – FSBSupp – Business Unit Management Accountability for Communication, Implementation and Meeting Expectations Regarding Ethical Behaviour and Business Practices – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBSupp) Banks – FSBSupp – Compensation to be Adjusted for All Risks – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBSupp) Banks – FSBSupp – Measures/Tools for Adjusting Variable Compensation for Long-Term Misconduct – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBSupp) Banks – FSBSupp – Compensation Policies and Procedures to Control Misconduct – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSBSupp) Banks – FSRC – Boards – Additional Accountability Responsibility for BEAR – Accountable Person to be Responsible for End-to-End Management of Product Design, Delivery, Maintenance and Remediation – Enhancement of Risk Management and Decisionmaking and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (FSRCAcc) FSBSupp5CompAdjustsAllRisks (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBSupp6LTMiscondRiskTools (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBSupp7CompControlMiscond (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSRCAccPersonEndtoEndResp (+) [BrdSkills] (+)

FSBSupp2CompDesignElements (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBSupp3BrdRespAccMiscond (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSBSupp4BUAccEthPract (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 29.11

Stage 2 18.1

Stage 2 18.1

Stage 2 18.1

Stage 2 18.1

Stage 2 18.1

Stage 2 18.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 251

578.

582.

581.

580.

579.

Governance variable and description and source

Banks – Boards and/or Compensation/Remuneration Committee – Compensation to be Adjusted for Long-Term Financial Soundness – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSRC) Banks – Boards and/or Compensation/Remuneration Committee – Compensation to be Adjusted for All Misconduct – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSRC) Banks – Boards and/or Compensation/Remuneration Committee – Compensation to be Adjusted for All Non-Financial Risks – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSRC) Banks – Boards and/or Compensation/Remuneration Committee – Compensation to be Adjusted for Risk Management Framework – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSRC) Banks – FSRCCult – Regular Assessment of Bank Culture and Governance – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSRCCult)

No

Table 10.2 (continued)

FSRCCultAssess (+) [BrdSkills] (+)

FSRCAdjustRiskMan (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSRCAdjustMisconduct (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) FSRCAdjustNFRisks (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSRCAdjustLongTerm (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 29.5

Stage 2 19.1

Stage 2 19.1 19.2

Stage 2 19.1 19.2

Stage 2 19.1

Section Ref. (Relational Effect Path in bold)

252 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

588.

587.

586.

585.

584.

583.

Banks – FSRCCult – Assessing Cultural Drivers of Misconduct – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSRCCult) Banks – FSRCCult – Regular Identification of Problems with Culture and Governance – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSRCCult) Banks – FSRCCult – Construction of Program that will Mitigate the Risk of Misconduct – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSRCCult) Banks – FSRCCult – Regular Remediation of Problems Identified with Culture and Governance – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSRCCult) Banks – FSRCCult – Using a Risk-Based Approach to Reviews of Culture and Misconduct – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSRCCult) Banks – FSRCCult – Risk Management of Conduct Risk and Governance – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSRCCult) FSRCCultRiskManMiscRisk (+) [BrdSkills] (+)

FSRCCultRiskApproach (+) [BrdSkills] (+)

FSRCCultRemedProbs (+) [BrdSkills] (+)

FSRCCultProgMiscRisk (+) [BrdSkills] (+)

FSRCCultIDProbs (+) [BrdSkills] (+)

FSRCCultAssessDrivers (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 29.5

Stage 2 29.5

Stage 2 29.5

Stage 2 29.5

Stage 2 29.5

Stage 2 29.5

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 253

589.

592.

591.

590.

Governance variable and description and source

Banks – FSRCCult – Regular Assessment of Effectiveness of Changes to Culture and Governance – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSRCCult) Banks – FSRC – Boards and/or Compensation/Remuneration Committee – Disclosure of Non-Financial Risk-Related Adjustments to Executive Remuneration to Staff – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSRC) Banks – FSRC – Boards and/or Compensation/Remuneration Committee – Disclosure of Non-Financial Risk-Related Events Causing Adjustments to Executive Remuneration to Staff – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSRC) Banks – FSRC – Boards and/or Compensation/Remuneration Committee – Disclosure of Non-Financial Risk-Related Misconduct Causing Adjustments to Executive Remuneration to Staff – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSRC)

No

Table 10.2 (continued)

FSRCDisclNFRiskMisc (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSRCDisclNFRiskEvents (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSRCDisclNFRiskAdjusts (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSRCCultTestChanges (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 19.2

Stage 2 19.2

Stage 2 19.2

Stage 2 29.5

Section Ref. (Relational Effect Path in bold)

254 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

598.

597.

596.

595.

594.

593.

Banks – FSRC – Boards and/or Compensation/Remuneration Committee – Compensation System to Give Effect to FSB Principles, Standards and Guidance on Sound Compensation Principles and Practices – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSRC) Banks – FSRCGov – Boards – Information on Issues about Breaches of Standards of Conduct – Enhancement in Information Flow to the Board – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSRCGov) Banks – FSRCGov – Boards – Information on Issues about Poor Customer Outcomes – Enhancement in Information Flow to the Board – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSRCGov) Banks – FSRCGov – Boards – Information on Issues about Breaches of Law – Enhancement in Information Flow to the Board Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSRCGov) Banks – FSRCGov – Boards – Quality of Information for Challenge of Management on Key Issues – Enhancement in Information Flow to the Board – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSRCGov) Banks – FSRCLTVR – Boards and/or Compensation/Remuneration Committee – Clawback of Vested Long-Term Variable Remuneration for Appropriate Circumstances including Serious Misconduct – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSRC) FSRCLTVRClawback (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSRCGovQualInfoChallenge (+) [TransTimeMon] (+)

FSRCGovInfoBreachLaw (+) [TransTimeMon] (+)

FSRCGovInfoBreachCustOut (+) [TransTimeMon] (+)

FSRCGovInfoBreachConduct (+) [TransTimeMon] (+)

FSRCFSBStnds (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+8/100.00

+8/100.00

+8/100.00

+8/100.00

+7/87.50

(continued)

Stage 2 19.1 19.2

Stage 2 29.6

Stage 2 29.6

Stage 2 29.6

Stage 2 29.6

Stage 2 19.2

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 255

599.

603.

602.

601.

600.

Governance variable and description and source

Banks – FSRCLTVR – Boards and/or Compensation/Remuneration Committee – Limits on Use of Financial Metrics in Design of Long-Term Variable Remuneration – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSRC) Banks – FSRCLTVR – Boards and/or Compensation/Remuneration Committee – Non-Financial Measures Used in Design of Long-Term Variable Remuneration – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSRC) Banks – FSRCLTVR – Boards and/or Compensation/Remuneration Committee – Failure to Utilise How Executive Manages Risk in Design of Long-Term Variable Remuneration – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (FSRC) Banks – FSRCLTVR – Boards and/or Compensation/Remuneration Committee – Total Shareholder Return Measure Only Used in Design of Long-Term Variable Remuneration – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (FSRC) Banks – FSRCMisc – Boards and/or Compensation/Remuneration Committee – Compensation System to have Aim of Sound Management of Misconduct, Compliance and Other Non-Financial Risks – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSRC)

No

Table 10.2 (continued)

FSRCMiscComplyNFRisks (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSRCLTVRSoleTSR (−) [EqOptRiskFailHighEnd] (−) Identical to [EqOptEntrch] (−)

FSRCLTVRRiskMan (−) [EqOptRiskFailHighEnd] (−) Identical to [EqOptEntrch] (−)

FSRCLTVRNFMeas (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

FSRCLTVRLimitFinMetrics (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

Stage 2 19.1

−7/87.50

Stage 2 19.2

Stage 2 19.1

−7/87.50

+7/87.50

Stage 2 19.1

Stage 2 19.1 19.2

Section Ref. (Relational Effect Path in bold)

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

256 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

609.

608.

607.

606.

605.

604.

Banks – FSRCPoor – Boards and/or Compensation/Remuneration Committee – Provision of Poor Quality, Incomplete or Inadequate Documentation About Risk Management Performance and Remuneration Decisions to Board Committees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (FSRC) Banks – FSRCPriority – Boards – Priority of Current or Most Recent Accounting Period Ahead of Customers and the Law – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (FSRCPriority) Banks – FSRCPriority – Boards – Balancing of Short-Term Interests of Shareholders with Long-Term Interests of Stakeholders (Shareholders, Customers and Employees) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (FSRCPriority) Banks – FSRCPriority – Boards – Priority of Profit Ahead of Customers and the Law – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (FSRCPriority) Banks – FSRCPriority – Boards – Priority of Share Price Ahead of Customers and the Law – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (FSRCPriority) Banks – FSRCPriority – Boards – Priority of Shareholder Interests Ahead of Customers and the Law – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (FSRCPriority) FSRCPrioritySholderInts (−) [BrdSkills] (+) in the negative direction

FSRCPrioritySharePc (−) [BrdSkills] (+) in the negative direction

FSRCPriorityProfit (−) [BrdSkills] (+) in the negative direction

FSRCPriorityBalanceSTandLT (+) [BrdSkills] (+)

FSRCPriorityAccountPeriod (−) [BrdSkills] (+) in the negative direction

FSRCPoorRiskManDocs (−) [EqOptRiskFailHighEnd] (−) Identical to [EqOptEntrch] (−)

Stage 2 29.7

Stage 2 29.7

Stage 2 29.7

−/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 29.7

Stage 2 29.7

−7/87.50

+7/87.50

Stage 2 19.2

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 257

610.

614.

613.

612.

611.

Governance variable and description and source

Banks – FSRCPriority – Boards – Priority of Short Term Results Ahead of Long-Term Interests of Customers – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (FSRCPriority) Banks – FSRCPriority – Boards – Priority of Short Term Results Ahead of Long-Term Interests of Employees – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (FSRCPriority) Banks – FSRCPriority – Boards – Priority of Short Term Results Ahead of Long-Term Interests of Stakeholders – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (FSRCPriority) Banks – FSRCPriority – Boards – Sole Priority of Shareholder Value Ahead of Customers and the Law – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (FSRCPriority) Banks – FSRCPriority – Boards – Priority of Total Shareholder Return Ahead of Customers and the Law – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (FSRCPriority)

No

Table 10.2 (continued)

FSRCPriorityTotSholderRet (−) [BrdSkills] (+) in the negative direction

FSRCPrioritySoleSholderValue (−) [BrdSkills] (+) in the negative direction

FSRCPriorityShortTermStake (−) [BrdSkills] (+) in the negative direction

FSRCPriorityShortTermEmploy (−) [BrdSkills] (+) in the negative direction

FSRCPriorityShortTermCusts (−) [BrdSkills] (+) in the negative direction

Stage 2 29.7

Stage 2 29.7

Stage 2 29.7

Stage 2 29.7

Stage 2 29.7

−7/87.50

−7/87.50

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

258 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

619.

618.

617.

616.

615.

Banks – Boards and/or Compensation/Remuneration Committee – Regular Assessments of Compensation System for Reducing Non-Financial Risks and Misconduct – Enhancement of Level of Risk-Taking in Alignment with Shareholders (FSRC) Banks – Internal Audit Function – (Regular) Follow-Up of Management on Audit Issues – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Internal Audit Function – Report Quarterly to Audit Committee on Audit Issues – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – Internal Audit Function – Track and Monitor Significant Audit Issues – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (APRA) Banks – NABAcc – Boards – Accountability –Three Lines of Defence Model for Risk Management Documented in Risk Management Strategy (RMS) for each Component of Risk Management Framework (RMF) – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) NABAcc 3LoDRiskManRMS&RMF (+) [BrdSkills] (+)

IntAudTrack&MonIssue (+) [TransTimeMon] (+)

IntAudReportAudCom (+) [TransTimeMon] (+)

IntAudFollowUpMan (+) [TransTimeMon] (+)

FSRCRegAssess (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+8/100.00

+8/100.00

+8/100.00

+7/87.50

(continued)

Stage 2 30.9

Stage 2 45.10

Stage 2 45.10

Stage 2 45.10

Stage 2 19.1 19.2

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 259

620.

623.

622.

621.

Governance variable and description and source

Banks – NABAcc – Boards – Accountability – Assign and Document Individual Accountability for Risk Performance (Positive and Negative) for Material Risk Takers and other Employees – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) Banks – NABAcc – Boards – Accountability – BEAR Accountability Regime for Accountable Persons – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) Banks – NABAcc – Boards – Accountability – BEAR Accountability Regime for ADIs – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) Banks – NABAcc – Boards – Accountability – CEO to Assign Executive Leadership Team (ELT) Member for Overall Issue Resolution – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB)

No

Table 10.2 (continued)

NABAcc CEOELTLead (+) [BrdSkills] (+)

NABAcc BEARRegimeADI (+) [BrdSkills] (+)

NABAcc BEARRegimeAccPerson (+) [BrdSkills] (+)

NABAcc Assign&DocMRTs (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 30.9

Stage 2 30.9

Stage 2 30.9

Stage 2 30.9

Section Ref. (Relational Effect Path in bold)

260 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

627.

626.

625.

624.

Banks – NABAcc – Boards – Accountability – Accountability Statements for BEAR Regime – Enhancement of Discipline and Rigour in Managing Handovers including Status of Risks and Issues – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) Banks – NABAcc – Boards – Accountability – Complex and Overlapping Accountability Model for Compliance Plans and Compliance Obligation Ownership – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) Banks – NABAcc – Boards – Accountability – Lack of Definition and/or Application for Risk Management Accountabilities – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) Banks – NABAcc – Boards – Accountability – Lack of Accountability/Ownership for End-to-End Processes for Products and Services Spanning Multi-Divisions – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) NABAccClarify End-to-End (−) [BrdSkills] (+) in the negative direction

NABAccClarify DefineApplication (−) [BrdSkills] (+) in the negative direction

NABAccClarify ComplexAccModel (−) [BrdSkills] (+) in the negative direction

NABAccClarify BEARRegimeAccStatements (+) [BrdSkills] (+)

Stage 2 30.9

Stage 2 30.9

Stage 2 30.9

−7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 30.9

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 261

628.

630.

629.

Governance variable and description and source

Banks – NABAcc – Boards – Accountability – Lack of Definition and/or Application for Risk Management Accountabilities for Material Risks and Processes that Span the Bank – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) Banks – NABAcc – Boards – Accountability – Over-reliance by Seniors Leaders on First Line Risk Management Teams for Performing Risk Activities – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) Banks – NABAcc – Boards – Accountability – Lack of Well-Defined Accountabilities and Ownership for Cross-Divisional Issues – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB)

No

Table 10.2 (continued)

NABAcc CrossDivDefine&Own (−) [BrdSkills] (+) in the negative direction

NABAccClarify OverRelyFirstLine (−) [BrdSkills] (+) in the negative direction

NABAccClarify MaterialRisk&Process (−) [BrdSkills] (+) in the negative direction

Stage 2 30.9

Stage 2 30.9

Stage 2 30.9

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

262 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

634.

633.

632.

631.

Banks – NABAcc – Boards – Accountability – Failure to Establish Accountability for Complex, Cross-Divisional Issues – Resulting in Ambiguous Ownership, Slow Progress and Missteps in Addressing Issues – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) Banks – NABAcc – Boards – Accountability – Formal Delegations of Authority Under Delegation of Authorities Framework – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) Banks – NABAcc – Boards – Accountability – Formal Delegations of Authority Under Delegation of Authorities Framework – Delegated Commitment Authorities for Approving Loan Applications in First Line – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) Banks – NABAcc – Boards – Accountability – Formal Delegations of Authority Under Delegation of Authorities Framework – Delegated Commitment Authorities for Approving Loan Applications in Second Line – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) NABAcc DelegateCommitAuthSecLine (+) [BrdSkills] (+)

NABAcc DelegateCommitAuthFirstLine (+) [BrdSkills] (+)

NABAcc DelegateAuth (+) [BrdSkills] (+)

NABAcc CrossDivIssues (−) [BrdSkills] (+) in the negative direction

+7/87.50

+7/87.50

+7/87.50

−7/87.50

(continued)

Stage 2 30.9

Stage 2 30.9

Stage 2 30.9

Stage 2 30.9

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 263

635.

637.

636.

Governance variable and description and source

Banks – NABAcc – Boards – Accountability – Formal Delegations of Authority Under Delegation of Authorities Framework – Delegator Retains Responsibility for Decisions of Delegate – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) Banks – NABAcc – Boards – Accountability – Embedding Accountability Principles and Practices Under BEAR for Leaders Beneath Executive Leadership Team (ELT) – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) Banks – NABAcc – Boards – Accountability – Favouring/ Appointing Generalists Over Specialists for Roles Requiring Specialist Expertise – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB)

No

Table 10.2 (continued)

NABAcc GenOverSpec (−) [BrdSkills] (+) in the negative direction

NABAcc EmbedBEAR (+) [BrdSkills] (+)

NABAcc DelegateResp (+) [BrdSkills] (+)

Stage 2 30.9

Stage 2 30.9

−7/87.50

Stage 2 30.9

Section Ref. (Relational Effect Path in bold)

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

264 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

642.

641.

640.

639.

638.

Banks – NABAcc – Boards – Accountability – Rotation of Leaders Within Bank – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) Banks – NABAcc – Boards – Accountability – Rotation of Leaders Within Bank – Lack of Strong, Detailed Project Management to Reduce Reliance on Individual Leaders – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (NAB) Banks – Audit Committee – Integrity of the Bank’s Accounting and Financial Statements – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decisionmaking – Enhancement in Quality of Accountability and Lines of Responsibility (NAB) Banks – Audit Committee – Internal and External Audit Activities – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (NAB) Banks – Audit Committee – Whistleblower Policy and Program – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (NAB) NABAudCom Acc&FinStatements (+) [AudCom] (+) with additional Responsibility Factor No 8 NABAudCom Int&ExtAud (+) [AudCom] (+) with additional Responsibility Factor No 8 NABAudCom Whistle (+) [AudCom] (+) with additional Responsibility Factor No 8

NABAcc RotateLeadProjMan (−) [BrdSkills] (+) in the negative direction

NABAcc RotateLead (−) [BrdSkills] (+) in the negative direction

+7/87.50

+7/87.50

(continued)

Stage 2 36.1

Stage 2 36.1

Stage 2 36.1

Stage 2 30.9

−7/87.50

+7/87.50

Stage 2 30.9

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 265

643.

648.

647.

646.

645.

644.

Governance variable and description and source

Banks – Board Risk Committee – Oversee Bank Risk Profile – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – Board Risk Committee – Oversee the Effectiveness of Bank Risk Management Framework (RMF) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – Board Risk Committee – Oversee Bank Risk Management Strategy (RMS) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – Board Risk Committee – Promotion of Risk-Based Culture Across the Bank – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – Board Risk Committee – Review of Management Plans to Mitigate Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – Board Risk Committee – Establish Bank’s Risk Appetite – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB)

No

Table 10.2 (continued)

NABBRC OseeRMS (+) [BrdSkills] (+) NABBRC PromoteRiskCult (+) [BrdSkills] (+) NABBRC ReviewMitRisk (+) [BrdSkills] (+) NABBRC RiskApp (+) [BrdSkills] (+)

NABBRC OseeRiskProfile (+) [BrdSkills] (+) NABBRC OseeRMF (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 43.4

Stage 2 43.4

Stage 2 43.4

Stage 2 43.4

Stage 2 43.4

Stage 2 43.4

Section Ref. (Relational Effect Path in bold)

266 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

653.

652.

651.

650.

649.

Banks – NABBrd – ‘Change the Bank’ – Agenda-setting Function for Strategy and Initiatives to Transform the Bank – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (NAB) Banks – NABBrd – Agenda-setting Function – Design of Agendas for Deep Dives – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (NAB) Banks – NABBrd – Agenda-setting Function (Generally) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (NAB) Banks – NABBrd – Agenda-setting Function – Joint Board/ Management Workshops and Business Immersion Activities – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (NAB) Banks – NABBrd – ‘Run the Bank’ – Agenda-setting Function for Day-to-Day Operations and Performance – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (NAB) NABBrdAgenda Run (+) [BrdReview] (+) identical to [BrdIndMon] (+)

NABBrdAgenda JointWorkshops (+) [BrdReview] (+) identical to [BrdIndMon] (+)

NABBrdAgenda Fn (+) [BrdReview] (+) identical to [BrdIndMon] (+)

NABBrdAgenda DeepDives (+) [BrdReview] (+) identical to [BrdIndMon] (+)

NABBrdAgenda Change (+) [BrdReview] (+) identical to [BrdIndMon] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 35.6

Stage 2 35.6

Stage 2 35.6

Stage 2 35.6

Stage 2 35.6

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 267

654.

657.

656.

655.

Governance variable and description and source

Banks – NABBrd – Agenda-setting Function - Time Allocation for Key Topics – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (NAB) Banks – NABBrd – Agenda-setting Function – Dashboards and Scorecards for Progress of Time Allocation – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (NAB) Banks – NABBrdChall – Board Challenge and Closure of Issues – Failure to Place Customer Impacts at Centre of Questioning – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making (NAB) Banks – NABBrdChall – Board Challenge and Closure of Issues – Failure to Listen and Learn from Past Conduct Risk Issues – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making (NAB)

No

Table 10.2 (continued)

NABBrdChall CustImpact (−) [BrdSkills] (+) in the negative direction NABBrdChall FailListen&Learn (−) [BrdSkills] (+) in the negative direction

NABBrdAgenda TimeDash&Score (+) [BrdReview] (+) identical to [BrdIndMon] (+)

NABBrdAgenda TimeAllocate (+) [BrdReview] (+) identical to [BrdIndMon] (+)

Stage 2 35.6

Stage 2 30.5

Stage 2 30.5

−7/87.50

−7/87.50

Stage 2 35.6

Section Ref. (Relational Effect Path in bold)

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

268 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

662.

661.

660.

659.

658.

Banks – NABBrdChall – Board Challenge and Closure of Issues – Failure to be Sufficiently Searching or Testing of Management – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making (NAB) Banks – NABBrdChall – Board Challenge and Closure of Issues – Failure to Demand Sufficient Urgency in Closing Issues – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making (NAB) Banks – NABBrdChall – Board Challenge and Closure of Issues – Comparison to Peers and Industry Standard for Closing Issues Reducing Intensity in Closing Issues – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making (NAB) Banks – NABBrdChall – Board Challenge and Closure of Issues – Undue Speed in Resolving Issue Lacking Sustainability or Appropriateness – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making (NAB) Banks – Board and Committees – NABBrdCm – Updates at Board Meeting by Each Committee Chair on Key Issues – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (NAB) NABBrdChall UndueSpeed (−) [BrdSkills] (+) in the negative direction NABBrdCm ChairUpdateIssue (+) [CmJointMeet] (+) identical to [TransTimeMon] (+)

NABBrdChall NoTest (−) [BrdSkills] (+) in the negative direction NABBrdChall NoUrgency (−) [BrdSkills] (+) in the negative direction NABBrdChall PeerIndustryStnd (−) [BrdSkills] (+) in the negative direction Stage 2 30.5

Stage 2 30.5

−7/87.50

−7/87.50

(continued)

Stage 2 36.7

Stage 2 30.5

−7/87.50

+8/100.00

Stage 2 30.5

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 269

663.

666.

665.

664.

Governance variable and description and source

Banks – Board and Committees – NABBrdCm – Joint Committee Meetings for Combined Discussion of Audit Committee and BRC – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (NAB) Banks – Board and Committees – NABBrdCm – Joint Committee Meetings for Combined Discussion of BRC and Compensation/ Remuneration Committee – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (NAB) Banks – Board and Committees – NABBrdCm – Overlapping of Memberships between Committees – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (NAB) Banks – Board and Committees – NABBrdCm – Quarterly Meetings of Board Chair and Committee Chairs – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (NAB)

No

Table 10.2 (continued)

NABBrdCm QrtlyChairMeet (+) [CmJointMeet] (+) identical to [TransTimeMon] (+)

NABBrdCm OverlapMembers (+) [CmJointMeet] (+) identical to [TransTimeMon] (+)

NABBrdCm JointMeetBRCComp (+) [CmJointMeet] (+) identical to [TransTimeMon] (+)

NABBrdCm JointMeetAudBRC (+) [CmJointMeet] (+) identical to [TransTimeMon] (+)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 36.7

Stage 2 36.7

Stage 2 36.7

Stage 2 36.7

Section Ref. (Relational Effect Path in bold)

270 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

672.

671.

670.

669.

668.

667.

Board Oversight of Remuneration Policies and Practices – Failure of Linkage between Risk Topic at BRC and Remuneration Consequences – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (NAB) Board Oversight of Remuneration Policies and Practices – Failure to Apply Individual Downside Adjustments to Reflect Conduct Considerations – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (NAB) Board Oversight of Remuneration Policies and Practices – Failure to Apply Individual Downside Adjustments to Reflect Risk Management Considerations – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (NAB) Board Oversight of Remuneration Policies and Practices – Failure to Oversee Performance and Remuneration Outcomes for Material Risk Takers (MRTs) – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (NAB) Banks – NABBrdRep – Reporting to the Board Generally – CRO Written Report to Board, BRC and GRRMC – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABBrdRep – Reporting to the Board Generally – Impacts on Customers for Board Papers – Insights and Trends from Customer Complaints – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB) NABBrdRep CustComplain (+) [TransTimeMon] (+)

NABBrdOseeRem BRCRemLink (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) NABBrdOseeRem FailIndivConduct (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) NABBrdOseeRem FailIndivRiskMan (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) NABBrdOseeRem PerfRemMRTs (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) NABBrdRep CROWrittenRep (+) [TransTimeMon] (+) Stage 2 30.6

Stage 2 30.6

−7/87.50

−7/87.50

+8/100.00

(continued)

Stage 2 30.3

Stage 2 30.3

Stage 2 30.6

−7/87.50

+8/100.00

Stage 2 30.6

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 271

673.

676.

675.

674.

Governance variable and description and source

Banks – NABBrdRep – Reporting to the Board Generally – Impacts on Customers for Board Papers – Greater Focus on Impacts on Customers – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABBrdRep – Compliance and Regulatory Matters – Second Line Compliance and Regulatory Reporting to BRC – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABBrdRep – Compliance and Regulatory Matters – Second Line Compliance and Regulatory Reporting to Board – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABBrdRep – Non-Financial Risk Reporting – Second Line NFR Reporting to Board – New Initiatives – Regular Aged Remediation Report to Highlight Slippage and Set Targets to Remediate Customers – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/ Responsibility (NAB)

No

Table 10.2 (continued)

NABBrdRep SecLineNFRRepAgedRemed (+) [TransTimeMon] (+)

NABBrdRep SecLineComplyRegRepBrd (+) [TransTimeMon] (+)

NABBrdRep SecLineComplyRegRepBRC (+) [TransTimeMon] (+)

NABBrdRep CustImpact (+) [TransTimeMon] (+)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 30.3

Stage 2 30.3

Stage 2 30.3

Stage 2 30.3

Section Ref. (Relational Effect Path in bold)

272 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

681.

680.

679.

678.

677.

Banks – NABBrdRep – Non-Financial Risk Reporting – Second Line NFR Reporting to Board – New Initiatives – Increased Benchmarking – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABBrdRep – Non-Financial Risk Reporting – Second Line NFR Reporting to BRC – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABBrdRep – Non-Financial Risk Reporting – Second Line NFR Reporting to Board – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABBrdRep – Non-Financial Risk Reporting – Second Line NFR Reporting to Board – New Initiatives – Better Lead Indicators of Non-Financial Risks Aligned to Risk Appetite – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABBrdRep – Non-Financial Risk Reporting – Second Line NFR Reporting to Board – New Initiatives – Outside-In Learning – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB) NABBrdRep SecLineNFRRepLearn (+) [TransTimeMon] (+)

NABBrdRep SecLineNFRRepLeads (+) [TransTimeMon] (+)

NABBrdRep SecLineNFRRepBrd (+) [TransTimeMon] (+)

NABBrdRep SecLineNFRRepBRC (+) [TransTimeMon] (+)

NABBrdRep SecLineNFRRepBench (+) [TransTimeMon] (+)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

+8/100.00

(continued)

Stage 2 30.3

Stage 2 30.3

Stage 2 30.3

Stage 2 30.3

Stage 2 30.3

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 273

682.

685.

684.

683.

Governance variable and description and source

Banks – NABBrdRep – Non-Financial Risk Reporting – Second Line NFR Reporting to Board – New Initiatives – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABBrdRep – Non-Financial Risk Reporting – Second Line NFR Reporting to Board – New Initiatives – More Holistic Reporting of Matters Affecting Bank’s Reputation - Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABBrdRep – Operational and Technology Risk Reporting – Second Line OTR Reporting to BRC – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABBrdRep – Operational and Technology Risk Reporting – Second Line OTR Reporting to Board – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB)

No

Table 10.2 (continued)

NABBrdRep SecLineOTRRepBrd (+) [TransTimeMon] (+)

NABBrdRep SecLineOTRRepBRC (+) [TransTimeMon] (+)

NABBrdRep SecLineNFRRepReput (+) [TransTimeMon] (+)

NABBrdRep SecLineNFRRepNew (+) [TransTimeMon] (+)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 30.3

Stage 2 30.3

Stage 2 30.3

Stage 2 30.3

Section Ref. (Relational Effect Path in bold)

274 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

690.

689.

688.

687.

686.

Banks – NABBrdRep – Reporting to the Board Generally – Second Line Risk View for Papers to BRC – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABBrdRep – Reporting to the Board Generally – Second Line Risk View for Board Papers and Papers to Board – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABBrdRep – Reporting to the Board Generally – Second Line Risk View for Papers to Group Risk Return Management Committee (GRRMC) – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/ Responsibility (NAB) Banks – NABBrdRep – Reporting to the Board Generally – Third Line Internal Audit Reporting to Audit Committee – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABBrdRep – Reporting to the Board Generally – Third Line Internal Audit Reporting to BRC – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) NABBrdRep ThirdLineRepBRC (+) [TransTimeMon] (+)

NABBrdRep ThirdLineRepAudCom (+) [TransTimeMon] (+)

NABBrdRep SecLineRiskViewGRRMC (+) [TransTimeMon] (+)

NABBrdRep SecLineRiskViewBrd (+) [TransTimeMon] (+)

NABBrdRep SecLineRiskViewBRC (+) [TransTimeMon] (+)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

+8/100.00

(continued)

Stage 2 30.3

Stage 2 30.3

Stage 2 30.3

Stage 2 30.3

Stage 2 30.3

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 275

691.

694.

693.

692.

Governance variable and description and source

Banks – NABBrdRep – Reporting to the Board Generally – Third Line Internal Audit Reporting to Board – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABBrdRep – Reporting to the Board Generally – ‘Two Plus Five’ Rule for Board Papers – Greater Discipline in Highlighting of Key Issues and Concerns – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) NABCC – NAB Compensation/Remuneration Committee – Responsibility for Incentive Plans Complying with Regulatory Requirements and Risk Management Framework (RMF) – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) NABCC – NAB Compensation/Remuneration Committee – Responsibility for Remuneration of CEO and Senior Executives – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB)

No

Table 10.2 (continued)

NABCCRemCEOSnrExec (+) EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCCIncentReg&RMF (+) EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABBrdRep TwoPlusFiveRule (+) [TransTimeMon] (+)

NABBrdRep ThirdLineRepBrd (+) [TransTimeMon] (+)

+7/87.50

+7/87.50

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 12.6

Stage 2 12.6

Stage 2 30.3

Stage 2 30.3

Section Ref. (Relational Effect Path in bold)

276 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

700.

699.

698.

697.

696.

695.

NABCC – NAB Compensation/Remuneration Committee – Responsibility for Remuneration Policy and Practices for All Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) NABCC – NAB Compensation/Remuneration Committee – Responsibility for Performance Review of Executives and Recommendation on Incentives – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) NABCodes – Bank Codes of Conduct and Ethics – Non-Executive Directors – Customer Outcomes Committee – Enhancement of Monitoring Effect (NAB) Banks – NABComp – Board – Board Oversight of Remuneration Practices – Changes to Remuneration and Performance Frameworks – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Board – Consequence Management for Variable Remuneration – Conduct Gates – Amber Conduct Gate for 25% Reduction of Variable Reward – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Compensation/Remuneration Committee – Consequence Management for Variable Remuneration – Roles and Responsibilities for Consequence Management – Compliance with Laws including BEAR – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) NABCompConseqManCC BEAR (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompConseqManAmberGate (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCodesNEDCustOutcomesCm* (+) (interim variable*) [BrdIndMon] (+) and [BrdSkills] (+) NABCompBoardOseeRemPracts (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCCRevPerformExec&Incent (+) EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCCRemPolicyPract (+) EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 14.2

Stage 2 14.2

Stage 2 14.3

Stage 2 36.6

Stage 2 12.6

Stage 2 12.6

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 277

701.

704.

703.

702.

Governance variable and description and source

Banks – NABComp – Compensation/Remuneration Committee – Consequence Management for Variable Remuneration – Roles and Responsibilities for Consequence Management – Outcomes for Conduct, Regulatory and Prudential Breaches – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Compensation/Remuneration Committee – Consequence Management for Variable Remuneration – Roles and Responsibilities for Consequence Management – With BRC – Collective Remuneration Outcomes – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Compensation/Remuneration Committee – Consequence Management for Variable Remuneration – Roles and Responsibilities for Consequence Management – Consideration of Individual Risk Management Performance – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Compensation/Remuneration Committee – Consequence Management for Variable Remuneration – Consequence Management Monitoring by Compensation/ Remuneration Committee for Poor Conduct and Risk Management Issues – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB)

No

Table 10.2 (continued)

NABCompConseqManCC Mon (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompConseqManCC IndivRiskMan (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompConseqManCC CollRemOut (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompConseqManCC Breach (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 14.2

Stage 2 14.2

Stage 2 14.2

Stage 2 14.2

Section Ref. (Relational Effect Path in bold)

278 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

709.

708.

707.

706.

705.

Banks – NABComp – Compensation/Remuneration Committee – Consequence Management for Variable Remuneration – Roles and Responsibilities for Consequence Management – Reviewing, Assessing and Recommending Policies and Practices – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Compensation/Remuneration Committee – Consequence Management for Variable Remuneration – Roles and Responsibilities for Consequence Management – Compliance with Sedgwick Review – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Compensation/Remuneration Committee – Consequence Management for Variable Remuneration – Roles and Responsibilities for Consequence Management – Strategic People Topics – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Compensation/Remuneration Committee – Consequence Management for Variable Remuneration – Roles and Responsibilities for Consequence Management – Strategic Review of Executive Remuneration Framework – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Board – Consequence Management for Variable Remuneration – Clawback for BEAR Accountable Persons, UK MRTs or Senior Managers – Enhancement of Level of RiskTaking in Alignment with Shareholders (NAB) NABCompConseqManClaw BEAR&MRTs (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompConseqManCC StratRev (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompConseqManCC StratPeop (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompConseqManCC Sedg (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompConseqManCC Roles (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 14.2

Stage 2 14.2

Stage 2 14.2

Stage 2 14.2

Stage 2 14.2

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 279

710.

713.

712.

711.

Governance variable and description and source

Banks – NABComp – Board – Consequence Management for Variable Remuneration – Deferral of Variable Reward – Applies to amounts above $50,000 – Range 30% Deferred for 2 Years to 60% Deferred for 4 Years – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Board – Consequence Management for Variable Remuneration – Conduct Gates – Red Conduct Gate for No Variable Reward and Forfeiture of Prior Years Reward Still in Deferral – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Board – Consequence Management for Variable Remuneration – Risk Goal – Reduction of Variable Remuneration for Risk Goal Not Met – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Compensation/Remuneration Committee – Fixed Remuneration Benchmarked Against Market Data – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB)

No

Table 10.2 (continued)

NABCompFixedCashBench (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompConseqManRiskGoal (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompConseqManRedGate (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompConseqManDeferral (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 14.1

Stage 2 14.2

Stage 2 14.2

Stage 2 14.2

Section Ref. (Relational Effect Path in bold)

280 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Banks – NABComp – Board – Failings in Individual Downside Adjustments for Customer-Facing Employees on Sales and Service Plans – Limited to Forfeited Equity Only – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (NAB) Banks – NABComp – Board – Individual Reductions for Individual Variable Reward Under Board Discretion – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB)

Banks – NABComp – Board – Failings in Individual Downside Adjustments for Leadership Roles Due to Unclear Accountabilities – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (NAB)

Banks – NABComp – Compensation/Remuneration Committee – Focus/Proactive on Emerging Risks – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB)

716.

718.

719.

717.

715.

Banks – NABComp – Compensation/Remuneration Committee – Fixed Remuneration Comprising Annual Cash Salary – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Board – Collective Reductions for Remuneration Under Board Discretion – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB)

714.

NABCompRemConseq CollReduce (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) NABCompRemConseq ForfeitEquity (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) NABCompRemConseq IndivReduce (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) NABCompRemConseq UnclearAcc (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) NABCompRemGovEmergeRisk (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompFixedCashSalary (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

(continued)

Stage 2 14.4

Stage 2 14.6

−7/87.50

+7/87.50

Stage 2 14.6

Stage 2 14.6

−7/87.50

+7/87.50

Stage 2 14.6

Stage 2 14.1

+7/87.50

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 281

720.

724.

723.

722.

721.

Governance variable and description and source

Banks – NABComp – Compensation/Remuneration Committee – Oversight of Performance and Remuneration Outcomes for Individual Material Risk Takers (MRTs) – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Joint Meetings between BRC and Compensation/Remuneration Committee – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Compensation/Remuneration Committee – Focus on Outcomes rather than Process in Discussions and Papers – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Compensation/Remuneration Committee – Engagement with Compensation/Remuneration Committee on Strategic People-Related Issues to Support the Board’s Discussions – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Compensation/Remuneration Committee – Risk and Conduct – Increased Deferral Amounts and Time Periods for Earnings above Threshold Amounts – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB)

No

Table 10.2 (continued)

NABCompRisk&Cond DeferAmts&Periods (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompRemGovStratPeop (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompRemGovJointBRCCC (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) NABCompRemGovOutcomes (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompRemGovIndivMRTs (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 14.5

Stage 2 14.4

Stage 2 14.4

Stage 2 14.4

Stage 2 14.4

Section Ref. (Relational Effect Path in bold)

282 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

730.

729.

728.

727.

726.

725.

Banks – NABComp – Compensation/Remuneration Committee – Risk and Conduct – Mandated Risk and Customer Goals for All Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – ELT and Board – Risk and Conduct – Oversight of Risk and Conduct within Remuneration Framework – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – ELT and Board – Risk and Conduct – Oversight of Risk and Conduct within Remuneration Framework – Changes by Sedgwick Review Recommendations for Retail Banking – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Compensation/Remuneration Committee – Risk and Conduct – Failings in Application of Remuneration Framework – Requiring Continual Monitoring and Reporting – RiskTaking in Excess of Risk Appetite – Likelihood of Bank Failure (NAB) Banks – NABComp – Compensation/Remuneration Committee – Risk and Conduct – Remuneration Framework Design – In Theory – Conduct and Risk Management Appropriately Incorporated into Performance Assessments – Enhancement of Level of RiskTaking in Alignment with Shareholders (NAB) Banks – NABComp – Compensation/Remuneration Committee – Risk and Conduct -Qualitative Measures in Application of Discretionary Adjustment to Variable Reward – Enhancement of Level of Risk- Taking in Alignment with Shareholders (NAB) NABCompRisk&Cond QualMeasVarReward (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompRisk&Cond PerfApplic (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) NABCompRisk&Cond PerfDesign (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

NABCompRisk&Cond MandRisk&Cust (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) NABCompRisk&Cond OseeELT&Brd (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) NABCompRisk&Cond OseeSedg (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

+7/87.50

(continued)

Stage 2 14.5

Stage 2 14.5

Stage 2 14.5

−7/87.50

+7/87.50

Stage 2 14.5

Stage 2 14.5

Stage 2 14.5

+7/87.50

+7/87.50

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 283

731.

735.

734.

733.

732.

Governance variable and description and source

Banks – NABComp – Compensation/Remuneration Committee – Risk and Conduct – Reduction in Prevalence and Number of Sales-Based Incentive Plans – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Compensation/Remuneration Committee – Risk and Conduct - Increased Weighting on Risk-Adjusted Financial Metric to Determine Group Variable Reward – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Compensation/Remuneration Committee – Risk and Conduct – Senior Executive Performance Review – Five Equally Weighted Objectives – Enhancement of Level of RiskTaking in Alignment with Shareholders (NAB) Banks – NABComp – Board – Variable Remuneration Calculation – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Board – Variable Remuneration Calculation – Board Discretion to Adjust Variable Reward Outcomes Downward – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB)

No

Table 10.2 (continued)

NABCompRisk&Cond ReduceSalesIncent (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) NABCompRisk&Cond RiskAdjFinMetric (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) NABCompRisk&Cond SnrExecPerfObject (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) NABCompVarCalc (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) NABCompVarCalc BrdAdjust (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) +7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 14.1

Stage 2 14.1

Stage 2 14.5

Stage 2 14.5

Stage 2 14.5

Section Ref. (Relational Effect Path in bold)

284 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

741.

740.

739.

738.

737.

736.

NABCompVarCalc GroupPerform (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) Banks – NABComp – Board – Variable Remuneration Calculation – NABCompVarCalc Individual Score for Performance Against a Balanced Scorecard – IndivScore Enhancement of Level of Risk-Taking in Alignment with (+) Shareholders [EqOptRiskAlignHighEnd] (+) (NAB) identical to [EqOptIncent] (+) Banks – NABComp – Board – Variable Remuneration Calculation – NABCompVarCalc Individual Target for Variable Reward Opportunity ($) – IndivTarget Enhancement of Level of Risk-Taking in Alignment with (+) Shareholders [EqOptRiskAlignHighEnd] (+) (NAB) identical to [EqOptIncent] (+) Banks – NABComp – Compensation/Remuneration Committee – NABCompVarCash Variable Remuneration Component in Cash – Enhancement of Level (+) of Risk-Taking in Alignment with Shareholders [EqOptRiskAlignHighEnd] (+) (NAB) identical to [EqOptIncent] (+) Banks – NABComp – Board – Variable Remuneration Component in NABCompVarDeferShares Deferred NAB Shares – Clawback – Enhancement of Level of Clawback Risk-Taking in Alignment with Shareholders (+) (NAB) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) Banks – NABComp – Compensation/Remuneration Committee – NABCompVarDeferShares Variable Remuneration Component in Deferred NAB Shares – ELT Deferred Minimum 4 Years for Executive Leadership Team (ELT) – (+) Enhancement of Level of Risk-Taking in Alignment with [EqOptRiskAlignHighEnd] (+) Shareholders identical to [EqOptIncent] (+) (NAB)

Banks – NABComp – Board – Variable Remuneration Calculation – One NAB Score Reflecting the Group’s Performance – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 14.1

Stage 2 14.1

Stage 2 14.1

Stage 2 14.1

Stage 2 14.1

Stage 2 14.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 285

Banks – NABComp – Board – Variable Remuneration Component in Deferred NAB Shares – Forfeit of Shares During Deferral Period – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Board – Variable Remuneration Component in Deferred NAB Shares – Forfeit of Shares During Deferral Period for Failure to Meet Threshold Conduct Requirements – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Board – Variable Remuneration Component in Deferred NAB Shares – Forfeit of Shares During Deferral Period for Dismissal with Cause – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABComp – Board – Variable Remuneration Component in Deferred NAB Shares – Forfeit of Shares During Deferral Period for Resignation – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB)

742.

743.

746.

745.

744.

Governance variable and description and source

Banks – NABComp – Board – Variable Remuneration Component in Deferred NAB Shares – Extension of Period – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB)

No

Table 10.2 (continued)

NABCompVarDeferShares Extend (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) NABCompVarDeferShares Forfeit (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) NABCompVarDeferShares ForfeitConduct (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) NABCompVarDeferShares ForfeitDismiss (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) NABCompVarDeferShares ForfeitResign (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) +7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 14.1

Stage 2 14.1

Stage 2 14.1

Stage 2 14.1

Stage 2 14.1

Section Ref. (Relational Effect Path in bold)

286 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

751.

750.

749.

748.

747.

Banks – NABComp – Compensation/Remuneration Committee – Variable Remuneration Component in Deferred NAB Shares – Deferred Minimum 2 or 3 Years for Other Roles – Enhancement of Level of Risk-Taking in Alignment with Shareholders (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Lack of Operational Discipline – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Failure to Consolidate and Decommissioning Systems or in Keeping Systems Up to Date – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Quick ‘Tactical’ Fix for Problems Rather than Strategic Solution – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) NABCultInhib1C FailStratSoln (−) [BrdSkills] (+) in the negative direction

NABCultInhib1B Con&DecommSysts (−) [BrdSkills] (+) in the negative direction

NABCompVarDeferShares Other (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) NABCultInhib1 RigDiscip (−) [BrdSkills] (+) in the negative direction NABCultInhib1A LackOpDiscip (−) [BrdSkills] (+) in the negative direction Stage 2 31.1 31.4

Stage 2 31.4

Stage 2 31.4

Stage 2 31.4

−7/87.50

−7/87.50

−7.87.50

−7/87.50

(continued)

Stage 2 14.1

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 287

752.

755.

754.

753.

Governance variable and description and source

Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Allowing Complexity to Grow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Leadership Capability – Leaders Not Evaluated on Ability to Build and Lead Highly Reliable Delivery Systems – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Leadership Capability – Rotation of Generalists to Increasingly Complex Roles – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Leadership Capability – Overuse of Consultants – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB)

No

Table 10.2 (continued)

NABCultInhib1G OverUseCons (−) [BrdSkills] (+) in the negative direction

NABCultInhib1F FailRotateGen (−) [BrdSkills] (+) in the negative direction

NABCultInhib1D FailComplex (−) [BrdSkills] (+) in the negative direction NABCultInhib1E FailDelivSyst (−) [BrdSkills] (+) in the negative direction

Stage 2 31.4

Stage 2 31.4

Stage 2 31.4

Stage 2 31.4

−7/87.50

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

288 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

760.

759.

758.

757.

756.

Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Leadership Capability – Failure to follow Through and Check Solution – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Leadership Capability – Failure to Establish Leading Indicators which Signal Emerging Risks – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Leadership Capability – Failure to Encourage ‘Stop the Line’ Culture if Quality Problems Emerge – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Rigour and Discipline Required to Get it Right Every Single Time – ‘Industrialisation’ Program of Work – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Rigour and Discipline Required to Get it Right Every Single Time – Metrics in Place to Monitor Whether Improvements Realised – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) NABCultInhib1L Metrics&Monitor (+) [BrdSkills] (+)

NABCultInhib1K IndustProg (+) [BrdSkills] (+)

NABCultInhib1J StopLineProbs (−) [BrdSkills] (+) in the negative direction

NABCultInhib1I EmergeRisk (−) [BrdSkills] (+) in the negative direction

NABCultInhib1H Follow&Check (−) [BrdSkills] (+) in the negative direction

Stage 2 31.4

−7/87.50

+7/87.50

(continued)

Stage 2 31.4

Stage 2 31.4

Stage 2 31.4

−7/87.50

+7/87.50

Stage2 31.4

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 289

761.

764.

763.

762.

Governance variable and description and source

Banks – NABCult – Cultural Inhibitors to Targeted Culture – Rigour and Discipline Required to Get it Right Every Single Time – Appointment of Chief Data Officer – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Overreliance on People to Make Up For Deficiencies in Systems and Processes – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Overreliance on People to Make Up For Deficiencies in Systems and Processes – Complexity of Policies, Systems and Processes – Reliance on Collaboration, Discretionary Effort and Goodwill of Employees – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Overreliance on People to Make Up For Deficiencies in Systems and Processes – Overwork and Lack of Enablement with Appropriate Systems and Tools During Change – Failure of Consistent and Reliable Customer Service Delivery – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB)

No

Table 10.2 (continued)

NABCultInhib2B Overwork (−) [BrdSkills] (+) in the negative direction

NABCultInhib2 OverRelyPeop (−) [BrdSkills] (+) in the negative direction NABCultInhib2A Complex (−) [BrdSkills] (+) in the negative direction

NABCultInhib1M ChiefDataOfficer (+) [BrdSkills] (+)

Stage 2 31.4

Stage 2 31.1 31.5

Stage 2 31.5

Stage 2 31.5

−7/87.50

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

290 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

769.

768.

767.

766.

765.

Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Failings in Urgency in Day-to-Day Operating Environment to Fix Issues – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Failings in Urgency to Remediate Customers – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Failings in Fixing Problems Crossing Divisional Boundaries – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Failings in Fixing Problems Crossing Divisional Boundaries – Failure to Accept Accountability for Issues Beyond Senior Manager Direct Area – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) NABCultInhib3D FailMultiDivAcc (−) [BrdSkills] (+) in the negative direction

NABCultInhib3C FailMultiDivProbs (−) [BrdSkills] (+) in the negative direction

NABCultInhib3B FailRemedCust (−) [BrdSkills] (+) in the negative direction

NABCultInhib3 Coll&IndivResolve (−) [BrdSkills] (+) in the negative direction NABCultInhib3A FailDaytoDayOps (−) [BrdSkills] (+) in the negative direction Stage 2 31.6

Stage 2 31.6

Stage 2 31.6

Stage 2 31.6

−7/87.50

−7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 31.1 31.6

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 291

770.

772.

771.

Governance variable and description and source

Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Failings in Fixing Problems Crossing Divisional Boundaries – Failure of Corporate Support, Funding and Resources – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Collaboration and Teamwork – Failings in Employee Cooperation Between Teams – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Collaboration and Teamwork – Failings in Engaging in Issues or Constructive Conflicts to Solve Issues – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB)

No

Table 10.2 (continued)

NABCultInhib3G FailConstrConfl (−) [BrdSkills] (+) in the negative direction

NABCultInhib3F FailTeamCoop (−) [BrdSkills] (+) in the negative direction

NABCultInhib3E FailMultiDivResource (−) [BrdSkills] (+) in the negative direction

Stage 2 31.6

Stage 2 31.6

Stage 2 31.6

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

292 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

776.

775.

774.

773.

Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Collaboration and Teamwork – Failings in Developing Trust Between Employees to Deliver High Performance and Failure of Timely and Candid Feedback – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Courage to Set Ambitious Standards – Accepting Suboptimal Outcomes Blamed on Externalities Perceived Beyond Employee Control – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Courage to Set Ambitious Standards – Benchmarking to Peers to Label Problems as ‘Industry’ Issues and Perceive FirstMover Disadvantage – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Declaring Victory Too Early – Failings in Execution – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) NABCultInhib3K FailExecute (−) [BrdSkills] (+) in the negative direction

NABCultInhib3J FailIndustryIssues (−) [BrdSkills] (+) in the negative direction

NABCultInhib3I FailSubOptOutcomes (−) [BrdSkills] (+) in the negative direction

NABCultInhib3H FailTrust (−) [BrdSkills] (+) in the negative direction

Stage 2 31.6

Stage 2 31.6

Stage 2 31.6

−7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 31.6

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 293

777.

779.

778.

Governance variable and description and source

Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Declaring Victory Too Early – Failings in Confirming Change has Achieved What Was Intended – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Declaring Victory Too Early – Failings in Revisiting Judgements as Environment Changes – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Failure to Support Employees Moving Complex Issues Forward – Failure to Provide Resources and Priority to Assist – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB)

No

Table 10.2 (continued)

NABCultInhib3N FailSupportStepUp (−) [BrdSkills] (+) in the negative direction

NABCultInhib3M FailRevisitEnviro (−) [BrdSkills] (+) in the negative direction

NABCultInhib3L FailConfirmChange (−) [BrdSkills] (+) in the negative direction

Stage 2 31.6

Stage 2 31.6

Stage 2 31.6

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

294 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

784.

783.

782.

781.

780.

Banks – NABCult – Cultural Inhibitors to Targeted Culture – Collective Intensity or Individual Resolve to Fix Complex Issues – Fixing Problems Crossing Divisional Boundaries – CEO to Assign a BEAR Accountable ELT Member Responsible for Resolution of Issue – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Listen and Learn from Customers, Regulators and Employees – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Listen and Learn from Customers, Regulators and Employees – Responding Late or Missed or Resisted Internal or External Signals – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Listen and Learn from Customers, Regulators and Employees – Reactive in Approach and Failing to Engage Early with Regulators, Customers and Employees – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Listen and Learn from Customers, Regulators and Employees – Failure to Deal with and Learn from Customer Complaints – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) NABCultInhib4C FailCustComplaints (−) [BrdSkills] (+) in the negative direction

NABCultInhib4B FailReactive (−) [BrdSkills] (+) in the negative direction

NABCultInhib4 FailListen&Learn (−) [BrdSkills] (+) in the negative direction NABCultInhib4A FailLate&Miss (−) [BrdSkills] (+) in the negative direction

NABCultInhib3O BEARAcc (+) [BrdSkills] (+)

Stage 2 31.1 31.7

Stage 2 31.7

Stage 2 31.7

Stage 2 31.7

−7/87.50

−7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 31.6

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 295

785.

788.

787.

786.

Governance variable and description and source

Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Listen and Learn from Customers, Regulators and Employees – Slow Complaints Handling Process – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Listen and Learn from Customers, Regulators and Employees – Failure to Recognise Recurring Patterns and Deal with them Diligently – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Listen and Learn from Customers, Regulators and Employees – Failure to Measure Customer Outcomes – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Listen and Learn from Customers, Regulators and Employees – Failure to Consider Regulator Voice – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB)

No

Table 10.2 (continued)

NABCultInhib4G FailRegVoice (−) [BrdSkills] (+) in the negative direction

NABCultInhib4F FailMeasCustOut (−) [BrdSkills] (+) in the negative direction

NABCultInhib4E FailRecurPattern (−) [BrdSkills] (+) in the negative direction

NABCultInhib4D SlowCustComplaintProc (−) [BrdSkills] (+) in the negative direction

Stage 2 31.7

Stage 2 31.7

Stage 2 31.7

Stage 2 31.7

−7/87.50

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

296 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

792.

791.

790.

789.

Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Listen and Learn from Customers, Regulators and Employees – Failure to Consider Regulator Voice – Failure to Ensure Legislative Obligations are Captured, Internalised and Supported by Specified Processes and Controls in Integrated and Effective Manner – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Listen and Learn from Customers, Regulators and Employees – Failure to Consider Employee Voice – Failure to Disclose Failures and Mistakes and Challenge Decisions and Behaviour of Others – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Listen and Learn from Customers, Regulators and Employees – Failure to Consider Employee Voice – Perceived Factors Hindering Exceptional Customer Service – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) NABCultInhib5 PriorityOverCust (−) [BrdSkills] (+) in the negative direction

NABCultInhib4J FailCustServ (−) [BrdSkills] (+) in the negative direction

NABCultInhib4I FailMistake&Chall (−) [BrdSkills] (+) in the negative direction

NABCultInhib4H FailLegislOblige (−) [BrdSkills] (+) in the negative direction

Stage 2 31.7

Stage 2 31.7

Stage 2 31.1 31.8

−7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 31.7

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 297

793.

796.

795.

794.

Governance variable and description and source

Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Emphasis on Short-Term Financial Management Rather than Customer Outcomes – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Perceived Emphasis on Sales Over Service – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Target Behaviours – ‘Taking a Stand for the Customer’ – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Systems and Controls for Bankers to Achieve Right Customer Outcomes Every Time – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB)

No

Table 10.2 (continued)

NABCultInhib5D CustSyst&Controls (+) [BrdSkills] (+)

NABCultInhib5C CustTargetBehave (+) [BrdSkills] (+)

NABCultInhib5B PrioritySales (−) [BrdSkills] (+) in the negative direction

NABCultInhib5A PrioritySTFinMan (−) [BrdSkills] (+) in the negative direction

+7/87.50

Stage 2 31.8

Stage 2 31.8

Stage 2 31.8

−7/87.50

+7/87.50

Stage 2 31.8

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

298 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

800.

799.

798.

797.

Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Quality Assurance System to Detect Error – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Sustainable Investment to Keep Systems Customers Rely on Stable and Secure – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Confirmation that Third Parties including Intermediaries Maintain or Enhance the Quality, Depth and Reliability of Services for Customers – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Speed and Ease of Fix for Customer including to Err in Customer Favour if Approach is Unclear – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) NABCultInhib5H CustRemed (+) [BrdSkills] (+)

NABCultInhib5G CustThirdParty (+) [BrdSkills] (+)

NABCultInhib5F CustSystMaintInvest (+) [BrdSkills] (+)

NABCultInhib5E CustQualAssure (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 31.8

Stage 2 31.8

Stage 2 31.8

Stage 2 31.8

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 299

801.

804.

803.

802.

Governance variable and description and source

Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Customer ‘Huddles’ for Staff Weekly or Fortnightly – Review Insights and Feedback from Customers to Identify Issues and Create Action Plans to Improve Local Team and Across the Bank – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Removal of Visible ‘Leaderboard’ for Sales – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Implement ‘Culture Embed Plan’ – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Values and Behaviours – Cultural Levers for Desired Culture – Delivering Consistent Customer Standards – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB)

No

Table 10.2 (continued)

NABCultLever1 ConsistCustStnd (+) [BrdSkills] (+)

NABCultInhib5K CultEmbedPlan (+) [BrdSkills] (+)

NABCultInhib5J NoLeaderBrd (+) [BrdSkills] (+)

NABCultInhib5I CustHuddles (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 31.2

Stage 2 31.8

Stage 2 31.8

Stage 2 31.8

Section Ref. (Relational Effect Path in bold)

300 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

810.

809.

808.

807.

806.

805.

Banks – NABCult – Values and Behaviours – Cultural Levers for Desired Culture – Developing Outstanding Leaders – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Values and Behaviours – Cultural Levers for Desired Culture – Uplifting Performance Management and Recognition – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Values and Behaviours – Cultural Levers for Desired Culture – Simplifying Policies and Practices – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Values and Behaviours – Cultural Levers for Desired Culture – Aligning Selection and Onboarding Systems and Processes – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Measuring Risk Culture – Employee Surveys and Behavioural Indicators – Increase in Information Flow Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Measuring Risk Culture – External Consultants to Analyse and Benchmark Risk Culture – Increase in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) NABCultMeas2 ExtConsultBench (+) [TransTimeMon] (+)

NABCultMeas1 EmploySurvey (+) [TransTimeMon] (+)

NABCultLever5 AlignSelectOnboard (+) [BrdSkills] (+)

NABCultLever4 SimplePols&Pract (+) [BrdSkills] (+)

NABCultLever3 UpPerfManRecog (+) [BrdSkills] (+)

NABCultLever2 OutstandLead (+) [BrdSkills] (+)

+8/100.00

+8/100.00

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 31.3

Stage 2 31.3

Stage 2 31.2

Stage 2 31.2

Stage 2 31.2

Stage 2 31.2

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 301

811.

815.

814.

813.

812.

Governance variable and description and source

Banks – NABCult – Measuring Risk Culture – Combination of ‘Hard’ Data and ‘Perception’ Data – Increase in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Measuring Risk Culture – Failure of Systematic Reporting on Risk Culture Measures – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Measuring Risk Culture – Failure to Set Targets for Risk – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCult – Measuring Risk Culture – Failure to Set Targets for Other Aspects of Culture – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABCultTone – Board Role-Modelling of Tone-from-theTop – Board to Remove Board/Management Undue Bias on Financial Constraints in Decision-making – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB)

No

Table 10.2 (continued)

NABCultMeas4 FailSystematic (−) [TransTimeMon] (+) in the negative direction NABCultMeas5 FailRiskTargets (−) [TransTimeMon] (+) in the negative direction NABCultMeas6 FailOtherTargets (−) [TransTimeMon] (+) in the negative direction NABCultTone BiasFinConstrain (+) [BrdSkills] (+)

NABCultMeas3 Hard&PerceptData (+) [TransTimeMon] (+)

Stage 2 31.3

Stage 2 31.3

−8/100.00

−8/100.00

Stage 2 29.3

Stage 2 31.3

−8/100.00

+7/87.50

Stage 2 31.3

Section Ref. (Relational Effect Path in bold)

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

302 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

821.

820.

819.

818.

817.

816.

Banks – NABCultTone – Board Role-Modelling of Tone-from-theTop – Board Active Engagement with Regulators with Scheduled Meetings – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCultTone – Board Role-Modelling of Tone-from-theTop – Board Focus on Doing Right Thing for Customers – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCultTone – Board Role-Modelling of Tone-from-theTop – Board Meetings in Regional Areas – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCultTone – Board Role-Modelling of Tone-from-theTop – Chair Speeches to External Forums Shared with Employees – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCultTone – Board Role-Modelling of Tone-from-theTop – Board Challenge of Management without Feeling of Intimidation – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCultTone – Board Role-Modelling of Tone-from-theTop – Program of Customer Engagements – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) NABCultTone CustEngage (+) [BrdSkills] (+)

NABCultTone ChallengeMan (+) [BrdSkills] (+)

NABCultTone ChairSpeechEmploy (+) [BrdSkills] (+)

NABCultTone BrdMeetRegion (+) [BrdSkills] (+)

NABCultTone BrdFocusCust (+) [BrdSkills] (+)

NABCultTone BrdEngageReg (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 303

822.

826.

825.

824.

823.

Governance variable and description and source

Banks – NABCultTone – Board Role-Modelling of Tone-from-theTop – Board to Be Quick to Fix Customer Issues Sustainably – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCultTone – Board Role-Modelling of Tone-from-theTop – Board Engagement and Feedback with Management, Employees and Leaders in Accountability Activities – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCultTone – Board Role-Modelling of Tone-from-theTop –- Board Changes to Executive Remuneration Practices – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCultTone – Board Role-Modelling of Tone-from-theTop – Board Time on Bank’s ‘Purpose, Vision and Values’ – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCultTone – Board Role-Modelling of Tone-from-theTop – Board Recognition of Stature/Importance of Risk and Control Functions – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB)

No

Table 10.2 (continued)

NABCultTone StatusRiskControl (+) [BrdSkills] (+)

NABCultTone PurpVisionValues (+) [BrdSkills] (+)

NABCultTone ExecRemun (+) [BrdSkills] (+)

NABCultTone EngageFeedback (+) [BrdSkills] (+)

NABCultTone CustRapidFixSust (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Stage 2 29.3

Section Ref. (Relational Effect Path in bold)

304 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

832.

831.

830.

829.

828.

827.

Banks – NABCult – Values and Behaviours – Passion for Customers – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Values and Behaviours – Be Bold – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Values and Behaviours – Win Together – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Values and Behaviours – Respect for People – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABCult – Values and Behaviours – Do the Right Thing – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Increased Focus on Customer Outcomes – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB)

NABCultValues&Behave1 Cust (+) [BrdSkills] (+) NABCultValues&Behave2 Bold (+) [BrdSkills] (+) NABCultValues&Behave3 Win (+) [BrdSkills] (+) NABCultValues&Behave4 Respect (+) [BrdSkills] (+) NABCultValues&Behave5 RightThing (+) [BrdSkills] (+) NABELT CustVoiceOutcomes (+) [TransTimeMon] (+) +8/100.00

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 30.7

Stage 2 31.2

Stage 2 31.2

Stage 2 31.2

Stage 2 31.2

Stage 2 31.2

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 305

833.

835.

834.

Governance variable and description and source

Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Customer Experience Board (CXB) – Development, Approval, Monitoring and Driving of Strategic ObjectivesEnhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Agenda-Setting Function with CEO, Group CRO and Committee Secretary – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Group Risk Return Management Committee SubCommittees – Group Credit and Market Risk Committee – Bankwide Management and Oversight of Credit and Market Risk and Review of Quality and Composition of Bank’s Credit Risk Portfolio – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB)

No

Table 10.2 (continued)

NABELT GRRMCCredit&MktRisk (+) [TransTimeMon] (+)

NABELT GRRMCAgenda (+) [TransTimeMon] (+)

NABELT CXBStratObject (+) [TransTimeMon] (+)

+8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 30.7

Stage 2 30.7

Stage 2 30.7

Section Ref. (Relational Effect Path in bold)

306 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

838.

837.

836.

Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Group CRO’s Risk Targets Report (Quarterly) – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Remit of All Material Risk Categories including Financial and Non-Financial Risks – Equal Time for Financial and Non-Financial Risks – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Failures in Relation to Non-Financial Risks – Failures in Support of GRRMC by Group Regulatory Compliance & Operational Risk Committee (GRCORC) – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (NAB) NABELT GRRMCGRCORCFail (−) [TransTimeMon] (+) in the negative direction

NABELT GRRMCFin&NFRiskTime (+) [TransTimeMon] (+)

NABELT GRRMCCRORiskTargets (+) [TransTimeMon] (+)

Stage 2 30.7

−8/100.00

(continued)

Stage 2 30.7

Stage 2 30.7

+8/100.00

+8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 307

839.

840.

Governance variable and description and source

Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Failures in Relation to Non-Financial Risks – Failures in Support of GRRMC by Group Regulatory Compliance & Operational Risk Committee (GRCORC) – Failure to Report on Compliance – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Failures in Relation to Non-Financial Risks – Failures in Support of GRRMC by Group Regulatory Compliance & Operational Risk Committee (GRCORC) – Failure to Report on Customer Issues and Complaints – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (NAB)

No

Table 10.2 (continued)

NABELT GRRMCGRCORCFail Cust (−) [TransTimeMon] (+) in the negative direction

NABELT GRRMCGRCORCFail Comply (−) [TransTimeMon] (+) in the negative direction

Stage 2 30.7

Stage 2 30.7

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

308 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

843.

842.

841.

Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Failures in Relation to Non-Financial Risks – Failures in Support of GRRMC by Group Regulatory Compliance & Operational Risk Committee (GRCORC) – Failure to Have First-Line Risk Owners at Meetings and Consequent Failure to Challenge Management – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Failures in Relation to Non-Financial Risks – Failures in Support of GRRMC by Group Regulatory Compliance & Operational Risk Committee (GRCORC) – Matters Not Tabled at GRCORC – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Failures in Relation to Non-Financial Risks – Failures in Support of GRRMC by Group Regulatory Compliance & Operational Risk Committee (GRCORC) – Failure to Report on Risk Appetite – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (NAB) NABELT GRRMCGRCORCFail RiskApp (−) [TransTimeMon] (+) in the negative direction

NABELT GRRMCGRCORCFail NoTable (−) [TransTimeMon] (+) in the negative direction

NABELT GRRMCGRCORCFail FirstLine (−) [TransTimeMon] (+) in the negative direction

Stage 2 30.7

Stage 2 30.7

−8/100.00

−8/100.00

(continued)

Stage 2 30.7

−8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 309

844.

845.

Governance variable and description and source

Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Failures in Relation to Non-Financial Risks – Failures in Support of GRRMC by Group Regulatory Compliance & Operational Risk Committee (GRCORC) – Disproportionate Time Spent on Policy and Framework Endorsement – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Group Risk Return Management Committee SubCommittees – Group Asset and Liability Committee – Oversight of Balance Sheet Structure and Risk Settings and Oversight/Monitoring of Group Treasury and its Risk Profile – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB)

No

Table 10.2 (continued)

NABELT GRRMCGroupAsset&Liab (+) [TransTimeMon] (+)

NABELT GRRMCGRCORCFail Time (−) [TransTimeMon] (+) in the negative direction

+8/100.00

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 30.7

Stage 2 30.7

Section Ref. (Relational Effect Path in bold)

310 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

848.

847.

846.

Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Reporting of Matters of Interest (MOIs) – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Failures in Relation to Non-Financial Risks – Lack of Rigour, Discipline and Intensity – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Failures in Relation to Non-Financial Risks – Failures in Compliance Risk Matters Brought Before the GRRMC – Failure in Approach and Investment in Compliance Risk Management – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (NAB) NABELT GRRMCNFRiskFailComply (−) [TransTimeMon] (+) in the negative direction

NABELT GRRMCNFRiskFail (−) [TransTimeMon] (+) in the negative direction

NABELT GRRMCMOIs (+) [TransTimeMon] (+)

Stage 2 30.7

Stage 2 30.7

−8/100.00

−8/100.00

(continued)

Stage 2 30.7

+8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 311

849.

850.

Governance variable and description and source

Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Failures in Relation to Non-Financial Risks – Failures in Conduct Risk Matters Brought Before the GRRMC – Failure in Implementation and Adoption of Framework for Management of Conduct Risk – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Group Risk Return Management Committee SubCommittees – Group Regulatory, Compliance and Operational Risk Committee (GRCORC) – Oversight of Management of NonFinancial Risks Covering Operational and Compliance Risks including Conduct and Prudential Regulatory Risk – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB)

No

Table 10.2 (continued)

NABELT GRRMCRegComplyOpsRisk (+) [TransTimeMon] (+)

NABELT GRRMCNFRiskFailConduct (−) [TransTimeMon] (+) in the negative direction

+8/100.00

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 30.7

Stage 2 30.7

Section Ref. (Relational Effect Path in bold)

312 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

854.

853.

852.

851.

Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Structured and Formal Processes for Reporting to BRC – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Improvements in Risk Reporting – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Group Risk Return Management Committee – Identification and Oversight of Bank-Wide Risks and Issues Including NonFinancial Risks – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Technology and Operations Risk Management Committee – Oversight of Risks and Controls within Bank’s Technology and Operations Division – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/ Responsibility (NAB) NABELT Tech&OpsCm (+) [TransTimeMon] (+)

NABELT GRRMCRisksNFRisks (+) [TransTimeMon] (+)

NABELT GRRMCRiskRepImprove (+) [TransTimeMon] (+)

NABELT GRRMCRepBRC (+) [TransTimeMon] (+)

+8/100.00

+8/100

+8/100.00

+8/100.00

(continued)

Stage 2 30.7

Stage 2 30.7

Stage 2 30.7

Stage 2 30.7

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 313

855.

858.

857.

856.

Governance variable and description and source

Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Value Chain Risk Management Committees (VCRMCs) – Product Design, Delivery and Distribution – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Value Chain Risk Management Committees (VCRMCs) – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (NAB) Banks – Nomination and Governance Committee – Recommending Board Appointments and Renewal – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (NAB) Banks – Nomination and Governance Committee – Evaluating the Performance of the Board – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decisionmaking – Enhancement in Quality of Accountability and Lines of Responsibility (NAB)

No

Table 10.2 (continued)

NABNomGov EvalPerformBrd (+) [NomGovCom] (+/−) in the positive direction

NABNomGov BrdAppointRenew (+) [NomGovCom] (+/−) in the positive direction

NABELT VCRMCsFail (−) [TransTimeMon] (+) in the negative direction

NABELT VCRMCs (+) [TransTimeMon] (+)

+7/87.50

Stage 2 36.6

Stage 2 36.6

Stage 2 30.7

−8/100.00

+7/87.50

Stage 2 30.7

Section Ref. (Relational Effect Path in bold)

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

314 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

863.

862.

861.

860.

859.

Banks – Nomination and Governance Committee – Maintaining an Appropriate Mix of Experience, Skills and Diversity (Generally) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (NAB) Banks – Nomination and Governance Committee – Reviewing Relevant Corporate Governance Principles and Policies for the Bank – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (NAB) Banks – Nomination and Governance Committee – Reviewing the Size and Composition of the Board – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (NAB) Banks – Nomination and Governance Committee – Reviewing Succession Plans – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (NAB) Banks – NABPriority – Boards – Failure of Evaluation and Assessment of Capacity and Capabilities to Address Specific Risks of BEAR Accountable Persons – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) NABPriority BEARAccReviewRisk (−) [BrdSkills] (+) in the negative direction

NABNomGov SuccessPlan (+) [NomGovCom] (+/−) in the positive direction

NABNomGov Size&CompBrd (+) [NomGovCom] (+/−) in the positive direction

NABNomGov ReviewPrin&Policy (+) [NomGovCom] (+/−) in the positive direction

NABNomGov ExperSkillsDiv (+) [NomGovCom] (+/−) in the positive direction

Stage 2 29.8

−7/87.50

(continued)

Stage 2 36.6

Stage 2 36.6

Stage 2 36.6

Stage 2 36.6

+7/87.50

+7/87.50

+7/87.50

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 315

864.

867.

866.

865.

Governance variable and description and source

Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Failure to Guide Decision-making with Consistent Principles – Decision-making Limited by “Perceived Local Budget or Resourcing Constraints” – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – “Consistent and Explicit Decision-making Approach for Important Decisions” – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Failure of Metrics for Quality of Customer Outcomes – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Failure of Approach to Design, Management, Governance and Monitoring of Products and Services for Value to Customer – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB)

No

Table 10.2 (continued)

NABPriorityDecison CustMetrics (−) [BrdSkills] (+) in the negative direction NABPriorityDecison CustProd&Serv (−) [BrdSkills] (+) in the negative direction

NABPriorityDecision ConsistApproach (+) [BrdSkills] (+)

NABPriorityDecison BudgetConstrain (−) [BrdSkills] (+) in the negative direction

Stage 2 29.8

Stage 2 29.8

Stage 2 29.8

−7/87.50

−7/87.50

Stage 2 29.8

Section Ref. (Relational Effect Path in bold)

+7/87.50

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

316 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

871.

870.

869.

868.

Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Failure to Be Disciplined and Systematic in “Consideration, Definition and Measurement of Value to Customers and Customer Outcomes” – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Failure to Guide Decision-making with Consistent Principles – Perception of Financial Results Over “Customer Experience, Risk and Compliance Outcomes, and Behaviour and Values” – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Failure to Guide Decision-making with Consistent Principles – “Trade-offs Balancing Multiple Factors…Misinterpreted as they Cascaded Through the Organisation” – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Failure to Guide Decision-making with Consistent Principles – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) NABPriorityDecison NonConsist (−) [BrdSkills] (+) in the negative direction

NABPriorityDecison MisinterpMulti (−) [BrdSkills] (+) in the negative direction

NABPriorityDecison MisinterpFinResult (−) [BrdSkills] (+) in the negative direction

NABPriorityDecison CustValue&Out (−) [BrdSkills] (+) in the negative direction

Stage 2 29.8

Stage 2 29.8

Stage 2 29.8

−7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 29.8

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 317

872.

875.

874.

873.

Governance variable and description and source

Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Failure to Guide Decision-making with Consistent Principles – Failure to Give Explicit Consideration to Consequences for all Relevant Stakeholders – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABPriority – Boards – No Consistent or Explicit Framework for Decision-making – Including Impact on Customer, Employees, Risk, Reputation and Financials – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Favour Long-Term Over ShortTerm Results – Investment Spend (Generally) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Insufficient Investment Spend on Reducing Complexity and Accumulated Operational (Particularly Technology) and Compliance Risk – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB)

No

Table 10.2 (continued)

NABPriorityInvest OpComplyRisk (−) [BrdSkills] (+) in the negative direction

NABPriorityInvest (+) [BrdSkills] (+)

NABPriorityInconsistDecFrame (−) [BrdSkills] (+) in the negative direction

NABPriorityDecison StakeConseq (−) [BrdSkills] (+) in the negative direction

Stage 2 29.8

Stage 2 29.8

−7/87.50

Stage 2 29.8

−7/87.50

+7/87.50

Stage 2 29.8

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

318 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

879.

878.

877.

876.

Banks – NABPriority – Boards – Favour Long-Term Over ShortTerm Results – Investment on Risk-Related Initiatives – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Growth Fund Investment Allocation – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Growth Fund Investment Allocation to Support BEAR Accountable Persons – “In Evaluating and Assessing the Adequacy and Appropriateness of Operational Capacity and Investment to Address the Risks for Which They are Responsible” – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Growth Fund Investment Allocation to Support BEAR Accountable Persons – Bank “Update of Categorisation, Measurement and Reporting of Risk to Align with BEAR Accountabilities” – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB) NABPriorityLTGrowthFund BEARAccUpdate (+) [TransTimeMon] (+)

NABPriorityLTGrowthFund BEARAccEval (+) [BrdSkills] (+)

NABPriorityLTGrowthFund (+) [BrdSkills] (+)

NABPriorityInvest Risk (+) [BrdSkills] (+)

+8/100.00

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 29.8

Stage 2 29.8

Stage 2 29.8

Stage 2 29.8

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 319

880.

883.

882.

881.

Governance variable and description and source

Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Failure to Request or Allocate Growth Fund Investment Allocation to Accumulated Complexity, Operational (Particularly Technology) Risk and Compliance Risk – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Growth Fund Investment Allocation to Process, Control and System Improvements (‘Industrialisation’) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Growth Fund Investment Allocation to Risk, Regulatory or Compliance Functions – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB)

No

Table 10.2 (continued)

NABPriorityLTStratObject (+) [BrdSkills] (+)

NABPriorityLTGrowthFund RiskRegComply (+) [BrdSkills] (+)

NABPriorityLTGrowthFund Industrial (+) [BrdSkills] (+)

NABPriorityLTGrowthFund ComplexOpComply (−) [BrdSkills] (+) in the negative direction

+7/87.50

+7/87.50

+7/87.50

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 29.8

Stage 2 29.8

Stage 2 29.8

Stage 2 29.8

Section Ref. (Relational Effect Path in bold)

320 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

888.

887.

886.

885.

884.

Banks – NABPriority – Boards – Bank Long-Term Strategic Performance Indicators Metrics in Dashboards ‘Run the Bank’ and ‘Change the Bank’ – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABPriority – Boards – Bank Long-Term Strategic Performance Indicators Reporting to ELT (Executive Leadership Team) and Reported to Board through the CEO, CFO and Group CRO Reports – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABPriority – Boards – Failure to Update Categorisation, Measurement and Reporting of Risk to Better Align to BEAR Accountabilities – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Priorities Favour Short-Term Financial Objectives Over Customer Outcomes – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (NAB) Banks – NABPriority – Boards – Favour Long-Term Over ShortTerm Results – Simplify and Transform the Bank – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB) NABPriorityTransform (+) [BrdSkills] (+)

NABPrioritySTFinOverCustOut (−) [BrdSkills] (+) in the negative direction

NABPriorityRiskAlignBEARAcc (−) [BrdSkills] (+) in the negative direction

NABPriorityLTStratPerfIndRep (+) [TransTimeMon] (+)

NABPriorityLTStratPerfIndMetrics (+) [TransTimeMon] (+)

Stage 2 29.8

−7/87.50

(continued)

Stage 2 29.8

Stage 2 29.8

−7/87.50

+7/87.50

Stage 2 29.8

Stage 2 29.8

+8/100.00

+8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 321

889.

891.

890.

Governance variable and description and source

Banks – NABRedFlag – Board Oversight of Risk Management – Issue Management – Risk Impact Assessment Matrix for Impact on NAB – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Audit and Regulatory Issues – Issues Identified by Internal Audit or APRA Reported on Global Assurance Issue Tracking System (GAITS) – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Compliance Breach Assessment and Reporting – Escalation to Significant Event Review Panel – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/ Responsibility (NAB)

No

Table 10.2 (continued)

NABRedFlagComplyBr Escalate (+) [TransTimeMon] (+)

NABRedFlag AudRegIssueGAITS (+) [TransTimeMon] (+)

NABRedFlag AssessMatrix (+) [TransTimeMon] (+)

+8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 39.4

Stage 2 39.5

Stage 2 39.13

Section Ref. (Relational Effect Path in bold)

322 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

895.

894.

893.

892.

Banks – NABRedFlag – Board Oversight of Risk Management – Compliance Breach Assessment and Reporting – Reporting of Breach By Group CRO to BRC and Board – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Compliance Breach Assessment and Reporting – Reporting of Breach to Relevant Regulator – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/ Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Compliance Breach Assessment and Reporting – Tagging and Forwarding of Potentially Reportable Breaches to Compliance – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Complex Issue Management and Closure – Group CRO Risk Targets Report for Matters of Interest (MOIs) – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) NABRedFlagCRORiskTargetsRep (+) [TransTimeMon] (+)

NABRedFlagComplyBr Tag (+) [TransTimeMon] (+)

NABRedFlagComplyBr ReportReg (+) [TransTimeMon] (+)

NABRedFlagComplyBr ReportCRO (+) [TransTimeMon] (+)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

(continued)

Stage 2 39.14

Stage 2 39.4

Stage 2 39.4

Stage 2 39.4

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 323

896.

899.

898.

897.

Governance variable and description and source

Banks – NABRedFlag – Board Oversight of Risk Management – Capture and Reporting of Customer Complaints – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Capture and Reporting of Complex or Increased Time Requirement Customer Complaints – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Customer Remediation – Centre for Customer Remediation (CCR) – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Customer Remediation Procedure – Need for Compensation or Other to Customers – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB)

No

Table 10.2 (continued)

NABRedFlagCustRemedProc (+) [TransTimeMon] (+)

NABRedFlagCustRemedCCR (+) [TransTimeMon] (+)

NABRedFlagCustComplain Complex (+) [TransTimeMon] (+)

NABRedFlagCustComplain (+) [TransTimeMon] (+)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 39.9

Stage 2 39.16

Stage 2 39.7

Stage 2 39.7

Section Ref. (Relational Effect Path in bold)

324 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

904.

903.

902.

901.

900.

Banks – NABRedFlag – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags Due to Design Gaps (Generally) – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Management of ‘Excessive’ Risks Beyond Risk Appetite – Risks with High Residual Risk Severity and Probability – Requirement of BEAR-endorsed Plan to Reduce Residual Risk within Specific Time Frame – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Breach Reporting Obligation – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/ Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Customer Remediation – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/ Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Resolving Customer Complaints – Slow Handling Process – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility (NAB) NABRedFlagFailCustTime (−) [TransTimeMon] (+) in the negative direction

NABRedFlagFailCustRemed (−) [TransTimeMon] (+) in the negative direction

NABRedFlagFailBrReport (−) [TransTimeMon] (+) in the negative direction

NABRedFlag ExcessRiskAppBEAR (+) [TransTimeMon] (+)

NABRedFlag DesignGap (−) [TransTimeMon] (+) in the negative direction

Stage 2 39.12

Stage 2 39.16

Stage 2 39.15

−8/100.00

−8/100.00

−8/100.00

(continued)

Stage 2 39.10

Stage 2 39.1

+8/100.00

−8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 325

905.

907.

906.

Governance variable and description and source

Banks – NABRedFlag – Board Oversight of Risk Management – Issue Management – Failure to Focus on Customer Voice in Characterising and Reporting Risk Issues and Events – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Regulatory Relationship Management – Failure to be Proactive and Relationship-Development Oriented – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Tracking and Delivering Against Regulatory Expectations – Failure or Inconsistencies in Capture, Monitoring and Governance of Non-Prudential Regulatory Commitments – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility (NAB)

No

Table 10.2 (continued)

NABRedFlagFailRegTrack&Deliver (−) [TransTimeMon] (+) in the negative direction

NABRedFlagFailRegRship (−) [TransTimeMon] (+) in the negative direction

NABRedFlagFailCustVoice (−) [TransTimeMon] (+) in the negative direction

Stage 2 39.13

Stage 2 39.17

Stage 2 39.17

−8/100.00

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

326 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

911.

910.

909.

908.

Banks – NABRedFlag – Board Oversight of Risk Management – Complex Issue Management and Closure – Extended Timeframes for Resolution Exceeded – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/ Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags Due to Gaps in Effectiveness of Practices in the Issue Management Framework (Generally) – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Operational Risk Management Policy – “Actions” (Activities) to Address Events or Issues – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/ Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Operational Risk Management Policy – Closing of Issues and Events – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) NABRedFlagOpRisk Close (+) [TransTimeMon] (+)

NABRedFlagOpRisk Actions (+) [TransTimeMon] (+)

NABRedFlagNotEffective (−) [TransTimeMon] (+) in the negative direction

NABRedFlagFailTimeframe (−) [TransTimeMon] (+) in the negative direction

+8/100.00

(continued)

Stage 2 39.2

Stage 2 39.2

Stage 2 39.1

−8/100.00

+8/100.00

Stage 2 39.14

−8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 327

912.

915.

914.

913.

Governance variable and description and source

Banks – NABRedFlag – Board Oversight of Risk Management – Operational Risk Management Policy – Documenting and Recording of Issues and Events – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Operational Risk Management Policy – Identification of “Events” or Problems that have Actually Occurred – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Operational Risk Management Policy – Identification of Issues and Events – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Operational Risk Management Policy – Identification of “Issues” which Could Lead to Events if Uncorrected – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB)

No

Table 10.2 (continued)

NABRedFlagOpRisk Issues (+) [TransTimeMon] (+)

NABRedFlagOpRisk ID (+) [TransTimeMon] (+)

NABRedFlagOpRisk Events (+) [TransTimeMon] (+)

NABRedFlagOpRisk DocRecord (+) [TransTimeMon] (+)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 39.2

Stage 2 39.2

Stage 2 39.2

Stage 2 39.2

Section Ref. (Relational Effect Path in bold)

328 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

920.

919.

918.

917.

916.

Banks – NABRedFlag – Board Oversight of Risk Management – Operational Risk Management Policy – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Operational Risk Management Policy – Monitoring of Tracking of Issues and Events – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Operational Risk Management Policy – Tracking of Issues and Events – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Regulatory Engagement by Group CRO – Co-ordination by Regulatory Strategy and Affairs (RSA) Function to Track Actions and Monitor Deadlines – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRedFlag – Board Oversight of Risk Management – Resolution of Significant Issues – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/ Responsibility (NAB) NABRedFlagSignifIssue (+) [TransTimeMon] (+)

NABRedFlagRegEngage CRORSA (+) [TransTimeMon] (+)

NABRedFlagOpRisk Track (+) [TransTimeMon] (+)

NABRedFlagOpRisk Monitor (+) [TransTimeMon] (+)

NABRedFlagOpRisk ManPolicy (+) [TransTimeMon] (+)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

+8/100.00

(continued)

Stage 2 39.8

Stage 2 39.11

Stage 2 39.2

Stage 2 39.3

Stage 2 39.2

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 329

921.

924.

923.

922.

Governance variable and description and source

Banks – NABRedFlag – Board Oversight of Risk Management – Whistleblower Program for Anonymous Reporting – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRiskMan – Risk Management and Compliance – Improvements from CPS 220 Review of Risk Management Framework (RMF) – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/ Responsibility (NAB) Banks – NABRiskMan – Risk Management and Compliance – Improvements to Give Focus on Customer Impact – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRiskMan – Risk Management and Compliance – Elements of Risk Management Framework – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB)

No

Table 10.2 (continued)

NABRiskMan ElementsRMF (+) [TransTimeMon] (+)

NABRiskMan CustOutcomesRMF (+) [TransTimeMon] (+)

NABRiskMan CPS220ReviewRMF (+) [TransTimeMon] (+)

NABRedFlagWhistle IntAud (+) [TransTimeMon] (+)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 49

Stage 2 49

Stage 2 49

Stage 2 39.6

Section Ref. (Relational Effect Path in bold)

330 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

928.

927.

926.

925.

Banks – NABRiskMan – Risk Management and Compliance – First Line Risk and Control Ownership and Management – Reliance on Enterprise Controls Function within Technology & Operations for Testing Operational Effectiveness of Controls – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRiskMan – Risk Management and Compliance – First Line Risk and Control Ownership and Management – Reliance on Enterprise Controls Function within Technology & Operations for Testing Operational Effectiveness of Controls – Failings in Enterprise Controls – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (NAB) Banks – NABRiskMan – Risk Management and Compliance – First Line Risk and Control Ownership and Management – Reliance on Enterprise Controls Function within Technology & Operations for Testing Operational Effectiveness of Controls – Improvements in Enterprise Controls – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/ Responsibility (NAB) Banks – NABRiskMan – Risk Management and Compliance – First Line Risk and Control Ownership and Management – Failings in First Line – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (NAB) NABRiskManFirstLine Fail (−) [TransTimeMon] (+) in the negative direction

NABRiskManFirstLine EntContImprove (+) [TransTimeMon] (+)

NABRiskManFirstLine EntContFail (−) [TransTimeMon] (+) in the negative direction

NABRiskManFirstLine EntCont (+) [TransTimeMon] (+)

Stage 2 49.1

−8/100.00

(continued)

Stage 2 49.1

Stage 2 49.1

−8/100.00

+8/100.00

Stage 2 49.1

+8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 331

929.

932.

931.

930.

Governance variable and description and source

Banks – NABRiskMan – Risk Management and Compliance – First Line Risk and Control Ownership and Management – Roles and Responsibilities – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRiskMan – Risk Management and Compliance – First Line Risk and Control Ownership and Management – Failings in First Line – Blurring of Responsibilities of First Line and Second Line – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (NAB) Banks – NABRiskMan – Risk Management and Compliance – Improvements in Risk Management Framework (RMF) – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRiskMan – Risk Management and Compliance – Material Risks – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB)

No

Table 10.2 (continued)

NABRiskMan MaterialRisks (+) [TransTimeMon] (+)

NABRiskMan ImproveRMF (+) [TransTimeMon] (+)

NABRiskManFirstLine SecLineBlur (−) [TransTimeMon] (+) in the negative direction

NABRiskManFirstLine Roles&Resps (+) [TransTimeMon] (+)

+8/100.00

Stage 2 49

Stage 2 49

Stage 2 49.1

−8/100.00

+8/100.00

Stage 2 49.1

Section Ref. (Relational Effect Path in bold)

+8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

332 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

936.

935.

934.

933.

Banks – NABRiskMan – Risk Management and Compliance – Risk Appetite – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (NAB) Banks – NABRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Compliance Function/ Framework – Failings in Compliance Function/Framework – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (NAB) Banks – NABRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Conduct Risk – Failings in Conduct Risk Management – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (NAB) Banks – NABRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Operational Risk – Failings in Operational Risk Management – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (NAB) NABRiskManSecLine OpRiskFail (−) [TransTimeMon] (+) in the negative direction

NABRiskManSecLine ConductRiskFail (−) [TransTimeMon] (+) in the negative direction

NABRiskManSecLine ComplyFail (−) [TransTimeMon] (+) in the negative direction

NABRiskMan RiskAppetite (+) [TransTimeMon] (+) Stage 2 49.2

Stage 2 49.2

Stage 2 49.2

−8/100.00

−8/100.00

−8/100.00

(continued)

Stage 2 49

+8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 333

937.

939.

938.

Governance variable and description and source

Banks – NABRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Operational Risk – Failings in Risk in Change – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (NAB) Banks – NABRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Operational Risk – Failings in Operational Risk Profiling – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (NAB) Banks – NABRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Risk Reporting – Failings in Risk Reporting – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (NAB)

No

Table 10.2 (continued)

NABRiskManSecLine RiskRepFail (−) [TransTimeMon] (+) in the negative direction

NABRiskManSecLine OpRiskProfFail (−) [TransTimeMon] (+) in the negative direction

NABRiskManSecLine OpRiskInChangeFail (−) [TransTimeMon] (+) in the negative direction

Stage 2 49.2

Stage 2 49.2

Stage 2 49.2

−8/100.00

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

334 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Banks – Non-Executive Chair – Access of Information to All Directors – Enhancement of Monitoring Effect (Walker Review 2009) Banks – Non-Executive Chair – Agenda-Setting Function and Time for Deliberation – Enhancement of Monitoring Effect (Walker Review 2009) Banks – Non-Executive Chair – Annual Election of Chairperson (Walker Review 2009)

Banks – Non-Executive Chair – Level of Banking Industry Experience (High) – Enhancement of Monitoring Effect (Walker Review 2009) Banks – Non-Executive Chair – Board Leadership Skills – Enhancement of Monitoring Effect (Walker Review 2009) Banks – Non-Executive Chair – Meetings for Non-Executive Directors in Absence of Executive Directors – Enhancement of Monitoring Effect (Walker Review 2009)

941.

944.

946.

945.

943.

942.

National Governance/ Shareholder Protection Regime (Stage 1)

940.

NEChairAccess (+) [BrdIndMon] (+) NEChairAgenda (+) [BrdIndMon] (+) NEChairAnnualElect (+) [BrdIndMon] (+) NEChairBankExper (+) [BrdIndMon] (+) NEChairLeader (+) [BrdIndMon] (+) NEChairNEDMeet (+) [BrdIndMon] (+)

NationGov* (+) (* variable may be suspended or of no effect in crisis times)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+8/100.00

(continued)

Stage 2 34.2

Stage 2 34.2

Stage 2 34.2

Stage 2 34.2

Stage 2 34.2

Stage 1 5.2.1.1 6.3.1 7.3.1.3 7.3.1.3.2 Stage 2 3.7 7.7 16.4 *28.10 Stage 2 34.2

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 335

947.

953.

952.

951.

950.

949.

948.

Governance variable and description and source

Banks – Non-Executive Chair – Level of Non-Financial Industry Leadership in Absence of Banking Experience (‘Exceptional’) – Enhancement of Monitoring Effect (Walker Review 2009) Banks – Non-Executive Chair – Removal of CEO with Support of Board – Enhancement of Monitoring Effect (Walker Review 2009) Banks – Non-Executive Chair – Senior Boardroom Capability as Senior Independent Director, Committee Chair or CEO – Enhancement of Monitoring Effect (Walker Review 2009) Banks – Non-Executive Chair – Terms of Reference for Chair Position – Enhancement of Monitoring Effect (OECD 2010 Conclusions and Practices) Banks – Non-Executive Chair – Proportion of Time Commitment (Minimum) – Enhancement of Monitoring Effect (Walker Review 2009 and BCBS Guidelines 2015) Banks – Non-Executive Directors – Deficiency in Banking Expertise – Reduction in Decision Quality (OECD Kirkpatrick Report 2009, Cheffins and Hopt) Banks – Non-Executive Directors – Deficiency in Knowledge of Risk Management Processes, Measurement and Methodology – Reduction in Decision Quality (OECD Kirkpatrick Report 2009, Cheffins and Hopt)

No

Table 10.2 (continued)

NEChairTermsofRef (+) [BrdIndMon] (+) NEChairTwoThirds (+) [BrdIndMon] (+) NEDBankNonExpertInfo (−) [BrdIndInfo] (−) NEDBankRiskManInfo (−) [BrdIndInfo] (−)

NEChairRemoveCEO (+) [BrdIndMon] (+) NEChairSnrBrdCapable (+) [BrdIndMon] (+)

NEChairNonBankLeader (+) [BrdIndMon] (+)

Stage 2 33.2 42.8 Stage 2 33.2 42.8

−4/50.00 −4/50.00

Stage 2 34.2

Stage 2 34.2

Stage 2 34.2

Stage 2 34.2

Stage 2 34.2

Section Ref. (Relational Effect Path in bold)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

336 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Banks – Non-Executive Directors – Policies and Standards on Bank-Specific Competencies, Skills and Professional Qualities – Enhancement of Monitoring and Skills Effects (OECD Key Findings 2009 and OECD 2010 Conclusions and Practices) Banks – Non-Executive Directors – Complex and Opaque Bank, Group and Entity Structures – Reduction in Decision Quality and Delineation and Disclosure of Powers, Duties and Lines of Responsibility (BCBS Guidelines 2015 and OECD 2010 Conclusions and Practices) Banks – Non-Executive Directors – Deficiency in Knowledge of Internal Workings of Banks – Reduction in Decision-making Quality (Adams)

Banks – Non-Executive Directors – Gender Diversity – Enhancement of Tackling Groupthink, Leadership Style, Board Meeting Attendance, Collective Intelligence and Firm Performance (Walker Review 2009, EC Green Paper 2010 and EC Second Green Paper 2011)

955.

958.

957.

956.

Banks – Non-Executive Directors – Deficiency in Knowledge of Securitization Process of Bank Financial Products – Reduction in Decision-making Quality (Adams)

954.

NEDDivGender* (+) (interim variable*) [BrdIndMon] (+)

NEDBankWorksInfo (−) [BrdIndInfo] (−)

NEDBankStructInfo (−) [BrdIndInfo] (−)

NEDBankSkillsMon (+) [BrdIndMon] (+)

NEDBankSecurznInfo (−) [BrdIndInfo] (−)

Stage 2 26.2 33.1 33.2 37.4 37.5.1 42.8 Stage 2 25.1

−4/50.00

+7/87.50

(continued)

Stage 2 37.4 37.5

−4/50.00

+7/87.50

Stage 2 26.2 33.1 33.2 37.4 37.5.1 42.8 45.2 Stage 2 26.3 29.1 33.2

−4/50.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 337

959.

963.

962.

961.

960.

Governance variable and description and source

Banks – Non-Executive Directors – Diversity in Independence – Enhancement in Monitoring and Challenge Effect (Walker Review 2009, EC Green Paper 2010 and EC Second Green Paper 2011) Banks – Non-Executive Directors – International Diversity – Enhancement in Monitoring and Challenge Effect (Walker Review 2009, EC Green Paper 2010 and EC Second Green Paper 2011) Banks – Non-Executive Directors – Diversity in Selection of Merit, Professional Qualifications and Experience – Enhancement in Monitoring and Challenge Effect (Walker Review 2009, EC Green Paper 2010 and EC Second Green Paper 2011) Banks – Non-Executive Directors – Diversity in Personal Qualities, Values, View and Competencies – Enhancement in Monitoring and Challenge Effect (Walker Review 2009, EC Green Paper 2010 and EC Second Green Paper 2011) Banks – Non-Executive Directors – Complex and Opaque Financial Products – Reduction in Decision-making Quality Delineation and Disclosure of Powers, Duties and Lines of Responsibility (Grosse)

No

Table 10.2 (continued)

NEDFinProdInfo (−) [BrdIndInfo] (−)

NEDDivValueViewComp* (+) (interim variable*) [BrdIndMon] (+)

NEDDivQualExper* (+) (interim variable*) [BrdIndMon] (+)

NEDDivInternat* (+) (interim variable*) [BrdIndMon] (+)

NEDDivInd* (+) (interim variable*) [BrdIndMon] (+)

Stage 2 25.1

Stage 2 37.5.1 37.8.1 42.8 45.2

−4/50.00

Stage 2 25.1

Stage 2 25.1

Stage 2 25.1

Section Ref. (Relational Effect Path in bold)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

338 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

968.

967.

966.

965.

964.

NEDRiskModelInfo (−) [BrdIndInfo] (−)

NEDRatingsInfo (−) [BrdIndInfo] (−)

NEDFit&ProperTest (+) [BrdIndMon] (+)

NFRAccFail ClearAccs (−) [TransTimeMon] (+) in the negative direction Alternatively, it is based on [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2 again in the negative direction Banks – Non-Financial Risk Accountabilities – “Accountabilities for NFRAccFail Non-Financial Risks were Not always Clear” for “Risks, Controls ClearMultiBU and Processes Span[ning] Multiple Business Units or Divisions” – (−) Reduction in Risk Management and Decision-making and [TransTimeMon] (+) Reporting – Reduction in Delineation and Disclosure of Powers, in the negative direction Duties and Lines of Responsibility and Decision-making (APRA Alternatively, it is based on [BrdSkills] Information Paper 2019) (+) with an additional overriding requirement of Compliance Factor No 2 again in the negative direction

Banks – Non-Executive Directors – Supervisory Authority Policies and Standards on ‘Fit and Proper Person’ Test – Enhancement of Monitoring and Skills Effects (OECD Key Findings 2009) Banks – Non-Executive Directors – Credit Ratings of Securitized Products – Conflicts of Interest of Ratings Agencies – Reduction in Risk Management, Monitoring and Decision Quality (Van Den Berge) Banks – Non-Executive Directors – Risk Modelling of Securitized Products – Failure to Price Risk Accurately – Reduction in Risk Management, Monitoring and Decision Quality (Van Den Berge) Banks – Non-Financial Risk Accountabilities – “Accountabilities for Non-Financial Risks were Not always Clear” (Generally) – Reduction in Risk Management and Decision-making and Reporting – Reduction in Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (APRA Information Paper 2019)

−8/100.00

−8/100.00

(continued)

Stage 2 20.9

Stage 2 27.2 42.8 45.2 Stage 2 27.1 42.8 45.2 Stage 2 20.9

−4/50.00

−4/50.00

Stage 2 26.3

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 339

Governance variable and description and source

Banks – Non-Financial Risk Accountabilities ––– Failure of Consequence Management for Individuals – Reduction in Risk Management and Decision-making and Reporting – Reduction in Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (APRA Information Paper 2019)

Banks – Non-Financial Risk Accountabilities ––– Failure of Consequence Management for Individuals “Between Divisions, Back and Front Office Functions, and Staff Levels” – Reduction in Risk Management and Decision-making and Reporting – Reduction in Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (APRA Information Paper 2019)

No

969.

970.

Table 10.2 (continued)

NFRAccFail ConseqMan (−) [TransTimeMon] (+) in the negative direction Alternatively, it is based on [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2 again in the negative direction NFRAccFail ConseqManMultiDivFnsLvls (−) [TransTimeMon] (+) in the negative direction Alternatively, it is based on [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2 again in the negative direction

Stage 2 20.9

Stage 2 20.9

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

340 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

973.

972.

971.

NFRAccFail EndToEndOshipProc (−) [TransTimeMon] (+) in the negative direction Alternatively, it is based on [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2 again in the negative direction Banks – Non-Financial Risk Accountabilities – “Accountabilities for NFRAccFail Non-Financial Risks were Not always Clear” – Multiple Forums and MultiForumsCms Committees…Confusing Accountabilities” – Reduction in Risk (−) Management and Decision-making and Reporting – Reduction in [TransTimeMon] (+) Delineation and Disclosure of Powers, Duties and Lines of in the negative direction Responsibility and Decision-making Alternatively, it is based on [BrdSkills] (APRA Information Paper 2019) (+) with an additional overriding requirement of Compliance Factor No 2 again in the negative direction Banks – Non-Financial Risk Accountabilities – “Accountabilities for NFRAccFail Non-Financial Risks were Not always Clear” – Multiple MultiLeaders Accountable Leaders Rotating Across or Leaving Institution – (−) Reduction in Risk Management and Decision-making and [TransTimeMon] (+) Reporting – Reduction in Delineation and Disclosure of Powers, in the negative direction Duties and Lines of Responsibility and Decision-making Alternatively, it is based on [BrdSkills] (APRA Information Paper 2019) (+) with an additional overriding requirement of Compliance Factor No 2 again in the negative direction

Banks – Non-Financial Risk Accountabilities – “Accountabilities for Non-Financial Risks were Not always Clear” – Failure of “End-toEnd Ownership of Processes” – Reduction in Risk Management and Decision-making and Reporting – Reduction in Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (APRA Information Paper 2019)

Stage 2 20.9

Stage 2 20.9

−8/100.00

−8/100.00

(continued)

Stage 2 20.9

−8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 341

NFRAccFail Org&ProcComplex (−) [TransTimeMon] (+) in the negative direction Alternatively, it is based on [BrdSkills] (+) with an additional overriding requirement of Compliance Factor No 2 again in the negative direction Banks – Non-Financial Risk Accountabilities – “Accountabilities for NFRAccFail Non-Financial Risks were Not always Clear” – Failure to Clarify Roles&Accs Roles and Accountabilities – Reduction in Risk Management and (−) Decision-making and Reporting – Reduction in Delineation and [TransTimeMon] (+) Disclosure of Powers, Duties and Lines of Responsibility and in the negative direction Decision-making Alternatively, it is based on [BrdSkills] (APRA Information Paper 2019) (+) with an additional overriding requirement of Compliance Factor No 2 again in the negative direction Banks – Non-Financial Risk Committee – Failings in Annual Review NFRCmFail of Operational Risk and Compliance Management Framework – AnnualReview Reduction in Information Flow – Reduction in Quality of Board and (−) Committee Effectiveness, Risk Management, Internal Monitoring [FailRedFlag] (−) identical to and Decision-making [TransTimeMon] (+) (APRA) in the negative direction

976.

975.

Governance variable and description and source

Banks – Non-Financial Risk Accountabilities – “Accountabilities for Non-Financial Risks were Not always Clear” – “Organisational and Process Complexity…Confusing Accountabilities” – Reduction in Risk Management and Decision-making and Reporting – Reduction in Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making (APRA Information Paper 2019)

974.

Stage 2 20.9

Stage 2 20.9

Stage 2 36.8

−8/100.00

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

No

Table 10.2 (continued)

342 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

981.

980.

979.

978.

977.

NFRCmFail Op&CompRiskDetails (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction Banks – Non-Financial Risk Committee – Failings in Engagement NFRCmFail with Developments in Operational and Compliance Risk – Op&CompRiskDevelops Reduction in Information Flow – Reduction in Quality of Board and (−) Committee Effectiveness, Risk Management, Internal Monitoring [FailRedFlag] (−) identical to and Decision-making [TransTimeMon] (+) (APRA) in the negative direction Banks – Non-Financial Risk Committee – Failings in Operational NFRCmFail and Compliance Risk Profile – Reduction in Information Flow – Op&CompRiskProfile Reduction in Quality of Board and Committee Effectiveness, Risk (−) Management, Internal Monitoring and Decision-making [FailRedFlag] (−) identical to (APRA) [TransTimeMon] (+) in the negative direction Banks – Non-Financial Risk Committee – Failings in Formal NFRCmFail Updates on Operational and Compliance Risk Profile – Reduction in Op&CompRiskUpdates Information Flow – Reduction in Quality of Board and Committee (−) Effectiveness, Risk Management, Internal Monitoring and [FailRedFlag] (−) identical to Decision-making [TransTimeMon] (+) (APRA) in the negative direction Banks – Non-Financial Risk Committee – Failings in Scope, Charter NFRCmFail and Responsibilities of Committee – Reduction in Information ScopeCharter&Resp Flow – Reduction in Quality of Board and Committee Effectiveness, (−) Risk Management, Internal Monitoring and Decision-making [FailRedFlag] (−) identical to (APRA) [TransTimeMon] (+) in the negative direction

Banks – Non-Financial Risk Committee – Failings in Details on Operational and Compliance Risk Profile – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA) Stage 2 36.8

Stage 2 36.8

Stage 2 36.8

Stage 2 36.8

−8/100.00

−8/100.00

−8/100.00

−8/100.00

(continued)

Stage 2 36.8

−8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 343

982.

984.

983.

Governance variable and description and source

Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks – Blurring of Roles and Responsibilities Between First and Second Lines – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks –- “Need to Improve Data, Measurement and Reporting for Non-financial Risks” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks – Failings in “Data Quality and Control Classification and Assessment Processes” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019)

No

Table 10.2 (continued)

NFRMan DataQualControlClass&Assess (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

NFRMan DataMeas&Report (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

NFRMan BlurredFirst&SecLineResps (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

Stage 2 36.9

Stage 2 36.9

Stage 2 36.9

−8/100.00

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

344 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

988.

987.

986.

985.

Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks –- Failure to “Analyse Why Sub-optimal Risk and Customer Outcomes Have Occurred” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks – Only Basic and Not Complex “Indicators and Metrics for Measuring and Monitoring Non-financial Risks” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks –- Failure to have a “Consolidated Report [for] all Key Audit, Risk, Regulatory and Customer Issues” Including Remediation Work Required and Status – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks – Failure to “Understand End-to-End Processes Across” Business Units – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) NFRMan FailEndToEndProc (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

NFRMan FailConsolReport (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

NFRMan FailBasicIndicators&Metrics (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

NFRMan FailAnalseRisk&CustOutcomes (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

Stage 2 36.9

Stage 2 36.9

Stage 2 36.9

−8/100.00

−8/100.00

−8/100.00

(continued)

Stage 2 36.9

−8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 345

989.

991.

990.

Governance variable and description and source

Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks –- Failure to “Escalate and Manage Issues” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks –- Failure to “Identify Emerging or Systemic Risks” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks – Failure of “Standalone Monitoring of ‘Conduct Risk’…with No Analysis or Reporting of Complaints Data…as a Lead Indicator” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019)

No

Table 10.2 (continued)

NFRMan FailStandaloneConductRisk (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

NFRMan FailIDEmerg&SystemicRisks (−) FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

NFRMan FailEscal&ManageIssues (−) FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

Stage 2 36.9

Stage 2 36.9

Stage 2 36.9

−8/100.00

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

346 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

995.

994.

993.

992.

Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks – Gaps and Control Weaknesses – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks – “Inconsistent and Reactive Risk Identification Processes” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks – “Lack of Risk Ownership by First Line Leading to Second Line Stepping In” – Reduction in Second Line Capability for Comprehensive Risk and Assurance Activities – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks – Lack of “Skills and Headcount” in Risk and Compliance Functions – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) NFRMan LackSkills&Headcount (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

NFRMan LackFirstLineOshipRisk (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

NFRMan Incon&ReactRiskID (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

NFRMan Gaps&ControlWeak (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction Stage 2 36.9

Stage 2 36.9

Stage 2 36.9

−8/100.00

−8/100.00

−8/100.00

(continued)

Stage 2 36.9

−8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 347

996.

998.

997.

Governance variable and description and source

Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks – “Lack of Status and Influence of the Risk and Compliance Functions” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Management – Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks – “Short-­term Tactical Fixes Rather than Long-Term Strategic Solutions” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – Inadequate Focus/Attention on “Underlying Assumptions and Risks Including Risks Associated with Investment Allocation” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019)

No

Table 10.2 (continued)

NFRWeak Assump&Risks (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

NFRMan STFixesNotLTStrategicSolns (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

NFRMan LackStatusInfluence (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

Stage 2 36.9

Stage 2 36.9

Stage 2 36.10

−8/100.00

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

348 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1003.

1002.

1001.

1000.

999.

Banks – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – Complexity “in Designing and Implementing Solutions” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – “Poor Identification of Systemic Issues” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – Inadequate Attention/Focus on Non-financial Risks – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – “Inadequate Root-Cause Analysis” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) Banks – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – Inadequate Focus/Attention on Key Insights and Issues – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019)

NFRWeak ComplexSolns (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction NFRWeak IDSystIssues (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction NFRWeak InadeqAttention (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction NFRWeak InadeqRootCause (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction NFRWeak KeyInsights&Issues (−) FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction Stage 2 36.10

Stage 2 36.10

Stage 2 36.10

Stage 2 36.10

−8/100.00

−8/100.0

−8/100.00

−8/100.00

(continued)

Stage 2 36.10

−8/100.00

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 349

Governance variable and description and source

1004. Banks – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – Inadequate Understanding/Focus/Attention on Materiality of Non-financial Risk Consequences – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) 1005. Banks – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – Inadequate Quality of Information or Reporting – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) 1006. Banks – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – Reactive Issue Recognition Only “under Regulatory Scrutiny, or After an Event Materialises” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019) 1007. Banks – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – “Tendency to Apply Tactical Fixes to Issues rather than Implement More Strategic Solutions” – Issues Subsequently Recurring – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA Information Paper 2019)

No

Table 10.2 (continued)

NFRWeak MaterialityNFRConseq (−) FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction NFRWeak QualInfo&Report (−) FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction NFRWeak RegScrut&EventMaterialising (−) FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction NFRWeak TactFixNotStratSoln (−) FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

Stage 2 36.10

Stage 2 36.10

Stage 2 36.10

Stage 2 36.10

−8/100.00

−8/100.00

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

350 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

−8/100.00

−6/75.00

NonAuditS (−) OtherATMs (−)

OutBrdPos (−)

OutBrdAdv (+)

1010. Non-Audit Services of External Auditor (Stage 1)

1011. Other Anti-Takeover Mechanisms (excludes staggered board elections) (Stage 1)

1012. Outside Board Positions of Independent Directors (Stage 1)

1013. Outside/External Board Advisers (Stage 1)

+7/87.50

−7/87.50

+7/87.50

NomGovInd (+)

1009. Nomination and Governance Committee – Independence Proportion (Stage 1) (re-named from NomInd in Stage 2 section 36.6)

+/−7/87.50

NomGovCom (+/−)

1008. Nomination and Governance Committee – Presence, Operation and Frequency (Stage 1) (re-named from NomCom in Stage 2 section 36.6)

(continued)

Stage 1 5.2.2.2 7.3.1.2.2 Stage 2 36.6 Stage 1 5.2.2.2 6.2.3.1.2 7.3.1.2.2 Stage 2 36.6 Stage 1 5.2.4.2 9.2.3.2–9.2.3.3 Stage 1 5.2.1.1 8.3.1 8.3.1.1 Stage 1 6.2.3.1.2 8.2.3.1 Stage 2 26.1 28.9 29.1 33.5 Stage 1 7.3.2.1.2 Stage 2 12.21

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 351

Governance variable and description and source

1015. Banks – Project Execution Capability – Failure of Adequate Review and Oversight on Long Projects – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) 1016. Banks – Project Execution Capability – Failure of Cross-Business Communication – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) 1017. Banks – Boards – Risk Appetite Statement – Aggregate Level and Types of Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1018. Banks – Boards – Risk Appetite Statement – Definition of Operating Boundaries, Limits and Business Considerations within Business Strategy – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS)

1014. Banks – Owner-Controlled Banks – Effect of Owner-Controlled Risk-Taking of Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure

No

Table 10.2 (continued)

RASBoundaryLimits (+) [BrdSkills] (+)

ProjectXBUComm (−) [TransTimeMon] (+) in the negative direction RASAggLevelType (+) [BrdSkills] (+)

OwnerControlRisk (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) ProjectReviewOSight (−) [TransTimeMon] (+) in the negative direction

Stage 2 45.10

Stage 2 40.5.2 45.2

−8/100.00

+7/87.50

Stage 2 40.5.2

Stage 2 45.10

−8/100.00

+7/87.50

Stage 2 16.4

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

352 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1019. Banks – Boards – Risk Appetite Statement – Measure of All Contingent Risks and Liabilities – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) 1020. Banks – Boards – Risk Appetite Statement – Measure of All Counterparty Risks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) 1021. Banks – Boards – Risk Appetite Statement – Communication of RAS in Terms of Day-to-Day Operational Decision-making – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1022. Banks – Boards – Risk Appetite Statement – Procedure for Escalating/Reporting Issues Across the Bank – Enhancement of Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1023. Banks – Boards – Risk Appetite Statement – Individual Level and Types of Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1024. Banks – Boards – Risk Appetite Statement – Monitoring of All RAS Risks Against Global Consolidated Limits (On-going) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) +7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

RASContingentRisk (+) [BrdSkills] (+)

RASCountPartyRisk (+) [BrdSkills] (+)

RASDecisionOps (+) [BrdSkills] (+)

RASEscalateReport (+) [BrdSkills] (+)

RASIndLevelType (+) [BrdSkills] (+) RASMonitorLimits (+) [BrdSkills] (+)

(continued)

Stage 2 40.5 45.2

Stage 2 40.5.2 45.2

Stage 2 40.5.2 45.2

Stage 2 40.5.2

Stage 2 40.5.2

Stage 2 40.5.2

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 353

Governance variable and description and source

1025. Banks – Boards – Risk Appetite Statement – Monitoring of Strategy and Capital Plan Against Financial Measures (On-going) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) 1026. Banks – Boards – Risk Appetite Statement – Measure of All Non-Contractual Risks and Liabilities – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) 1027. Banks – Boards – Risk Appetite Statement – Measure of All Off-Balance-Sheet Risks and Liabilities – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) 1028. Banks – Boards – Risk Appetite Statement – Periodic Review of Risk Appetite – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) 1029. Banks – Boards – Risk Appetite Statement – Qualitative Measure of Conduct Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS)

No

Table 10.2 (continued)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

RASMonitorStratCapPlan (+) [BrdSkills] (+)

RASNonContractRisk (+) [BrdSkills] (+)

RASOff-BalanceRisk (+) [BrdSkills] (+)

RASPeriodReview (+) [BrdSkills] (+) RASQualConductRisk (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 40.5.2

Stage 2 40.5.2

Stage 2 40.5.2 45.2

Stage 2 40.5.2

Stage 2 40.5.2 45.2

Section Ref. (Relational Effect Path in bold)

354 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1030. Banks – Boards – Risk Appetite Statement – Qualitative Measure of Money Laundering Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1031. Banks – Boards – Risk Appetite Statement – Qualitative Measure of Reputational Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1032. Banks – Boards – Risk Appetite Statement – Qualitative Measure of Unethical Practices Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1033. Banks – Boards – Risk Appetite Statement – Quantitative Measure of Capital Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1034. Banks – Boards – Risk Appetite Statement – Quantitative Measure of Earnings Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1035. Banks – Boards – Risk Appetite Statement – Quantitative Measure of Liquidity Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1036. Banks – Boards – Risk Appetite Statement – Other Quantitative Risk Measures – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) +7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

RASQualLaunderRisk (+) [BrdSkills] (+)

RASQualRepRisk (+) [BrdSkills] (+) RASQualUnethicsRisk (+) [BrdSkills] (+)

RASQuantCapitalRisk (+) [BrdSkills] (+) RASQuantEarnRisk (+) [BrdSkills] (+) RASQuantLiquidity (+) [BrdSkills] (+) RASQuantOtherRisks (+) [BrdSkills] (+)

(continued)

Stage 2 13.2 40.5.2 45.2 Stage 2 40.5.2

Stage 2 40.5.2

Stage 2 40.5.2 45.2

Stage 2 40.5.2

Stage 2 13.2 40.5.2

Stage 2 40.5.2

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 355

Governance variable and description and source

1037. Banks – Boards – Risk Appetite Statement – Risk Capacity – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1038. Banks – Boards – Risk Appetite Statement – Test Growth and Revenue Targets Against Risk Appetite (Ongoing) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) 1039. Banks – Boards – Risk Appetite Statement – Test Growth and Revenue Targets to Identify ‘Downsides’ (On-going) – Enhancement in Risk Management and Internal Monitoring Effect -– Enhancement in Quality of Decision-making (IIF) 1040. Banks – Audit Committee and Board Oversight of Risk Management – Extension of Due Dates for Red Audit Reports and Issues – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (APRA)

No

Table 10.2 (continued)

Stage 2 40.5.2

Stage 2 36.2

+7/87.50

−8/100.00

RASTestIDDownsides (+) [BrdSkills] (+)

RedAudExtendDueDates (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

Stage 2 40.5.2

+7/87.50

RASTestGrowRevTargets (+) [BrdSkills] (+)

Stage 2 40.5.2

+7/87.50

Section Ref. (Relational Effect Path in bold)

RASRiskCapacity (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

356 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1041. Banks – Audit Committee and Board Oversight of Risk Management – Failure of Issuer of Red Audit Report to Appear Before Audit Committee – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (APRA) 1042. Banks – Audit Committee and Board Oversight of Risk Management – Failure of Audit Committee to Approve Extensions for Red Audit Reports and Issues – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (APRA) 1043. Banks – Audit Committee and Board Oversight of Risk Management – Failure of Audit Committee to Follow-up Red Audit Reports in a Timely Fashion – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (APRA) 1044. Banks – Audit Committee and Board Oversight of Risk Management – Failure to Report Back to Audit Committee for Extension Issues – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (APRA) Stage 2 36.2

Stage 2 36.2

Stage 2 36.2

−8/100.00

−8/100.00

−8/100.00

RedAudFailApproveExt (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

RedAudFailFollowUp (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

RedAudFailReportBack (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

(continued)

Stage 2 36.2

−8/100.00

RedAudFailAppear (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 357

Governance variable and description and source

1045. Banks – Audit Committee and Board Oversight of Risk Management – Audit Committee Supplied with Summaries Rather than Actual Reports – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (APRA) 1046. Banks – Remediation of Risk – Successful Remediation Attributes – Oversight of Risk Remediation Program at Both Board and Executive Committee Level – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1047. Banks – Remediation of Risk – Successful Remediation Attributes – Secondment of Talent from Business Units into Remediation Program – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1048. Banks – Remediation of Risk – Successful Remediation Attributes – Clear Accountability (Generally) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making (APRA)

No

Table 10.2 (continued)

−8/100.00

+7/87.50

+7/87.50

+7/87.50

RedAudSummaries (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction RemedBrdECm (+) [BrdSkills] (+)

RemedBUTalent (+) [BrdSkills] (+)

RemedClearAcc (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 47.1

Stage 2 47.1

Stage 2 47.1

Stage 2 36.2

Section Ref. (Relational Effect Path in bold)

358 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1049. Banks – Remediation of Risk – Successful Remediation Attributes – Clear Accountability for Program Delivery – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making (APRA) 1050. Banks – Remediation of Risk – Successful Remediation Attributes – Clear Objectives – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1051. Banks – Remediation of Risk – Successful Remediation Attributes – Culture Change in Senior Executive Actions and Decisions – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1052. Banks – Remediation of Risk – Successful Remediation Attributes – Program Frameworks Embedded in Day-To-Day Operations – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1053. Banks – Remediation of Risk – Successful Remediation Attributes – Engagement of All Relevant Parties – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1054. Banks – Remediation of Risk – Successful Remediation Attributes – Identification of Programs to Defer to Deliver Remediation Program – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) +7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

RemedClearAccProgDelivery (+) [BrdSkills] (+)

RemedClearObject (+) [BrdSkills] (+) RemedCultChangeSnrExec (+) [BrdSkills] (+)

RemedDayToDayOps (+) [BrdSkills] (+)

RemedEngageAll (+) [BrdSkills] (+)

RemedIDDeferProgs (+) [BrdSkills] (+)

(continued)

Stage 2 47.1

Stage 2 47.1

Stage 2 47.1

Stage 2 47.1

Stage 2 47.1

Stage 2 47.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 359

Governance variable and description and source

1055. Banks – Remediation of Risk – Successful Remediation Attributes – Independent Review of Remediation Programs – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making (APRA) 1056. Banks – Remediation of Risk – Successful Remediation Attributes – Internal Audit to Conduct Assurance of Program – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1057. Banks – Remediation of Risk – Successful Remediation Attributes – Committed Multi-Year Budget – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1058. Banks – Remediation of Risk – Successful Remediation Attributes – Outside Function to Conduct Assurance of Program – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making (APRA)

No

Table 10.2 (continued)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

RemedIndReviewProg (+) [BrdSkills] (+)

RemedIntAudit (+) [BrdSkills] (+)

RemedMultiYrBudget (+) [BrdSkills] (+)

RemedOutsideFn (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 47.1

Stage 2 47.1

Stage 2 47.1

Stage 2 47.1

Section Ref. (Relational Effect Path in bold)

360 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1059. Banks – Remediation of Risk – Successful Remediation Attributes – Funding Outside Regular Annual Cycles – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1060. Banks – Remediation of Risk – Successful Remediation Attributes – Detailed Program Planning – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1061. Banks – Remediation of Risk – Successful Remediation Attributes – Rigourous Project Disciplines for Remediation Programs – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1062. Banks – Remediation of Risk – Successful Remediation Attributes – Remuneration Consequences for Unsuccessful Outcomes – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making (APRA) 1063. Banks – Remediation of Risk – Successful Remediation Attributes – Comprehensive Resource Plans – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1064. Banks – Remediation of Risk – Successful Remediation Attributes – Sequencing Initiatives and Sourcing Quantum of Skillsets for Adequate Attention of Subject Matter Experts – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) +7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

RemedOutsideFunding (+) [BrdSkills] (+)

RemedProgPlan (+) [BrdSkills] (+)

RemedProjDiscip (+) [BrdSkills] (+)

RemedRemunConseq (+) [BrdSkills] (+)

RemedResourcePlans (+) [BrdSkills] (+)

RemedSeqSourceSME (+) [BrdSkills] (+)

(continued)

Stage 2 47.1

Stage 2 47.1

Stage 2 47.1

Stage 2 47.1

Stage 2 47.1

Stage 2 47.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 361

+7/87.50

+8/100.00

RemedTimeCommit (+) [BrdSkills] (+)

ReputDiscl (+)

ReputRep (+)

SecLineAggControlEffectMetrics (−) [TransTimeMon] (+) in the negative direction

1068. Reputational Constraints – ‘Transparent Reporting’ (Stage 1)

1069. Banks – 2nd Line Risk Management Function – Use of Aggregate Metrics for Control Effectiveness rather than ‘More Granular Metrics’ – Erroneous Communication as being within Risk Appetite – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA)

−8/100.00

+8/100.00

+7/87.50

RemedSkinInGame (+) [BrdSkills] (+)

Governance variable and description and source

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

1065. Banks – Remediation of Risk – Successful Remediation Attributes – ‘Skin in the Game’ for Bank Senior Leadership – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1066. Banks – Remediation of Risk – Successful Remediation Attributes – Time Commitment for Senior Leadership for Program Director or Oversight Roles – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1067. Reputational Constraints – ‘Disclosure Standards’ (Stage 1)

No

Table 10.2 (continued)

Stage 1 5.2.5.1 6.2.3.1.4 10.4.1 Stage 1 5.2.5.1 6.2.3.1.4 10.4.1 Stage 2 45.1

Stage 2 47.1

Stage 2 47.1

Section Ref. (Relational Effect Path in bold)

362 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1070. Banks – 2nd Line Risk Management Function – Use of Aggregate Metrics for Residual Risks rather than ‘More Granular Metrics’ – Erroneous Communication as being within Risk Appetite – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA) 1071. Banks – 2nd Line Risk Management Function – Assessment and Measurement of Risks and Bank Exposures – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1072. Banks – 2nd Line Risk Management Function – Line 2 to Fulfil Assurance Responsibilities – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability/Responsibility (APRA) 1073. Banks – 2nd Line Risk Management Function – Backward-looking Metrics for Operational and Compliance Risk Profile – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA) 1074. Banks – 2nd Line Risk Management Function – Reporting of Bank-Wide (Aggregate of All Portfolios) Risk for Early Action – To CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) Stage 2 45.1

Stage 2 45.1

+8/100.00

−8/100.00

+8/100.00

SecLineAssureResps (+) [TransTimeMon] (+)

SecLineBackLookMetrics (−) [TransTimeMon] (+) in the negative direction SecLineBank-WideRisk (+) [TransTimeMon] (+)

(continued)

Stage 2 45.2 45.5

Stage 2 45.1

+7/87.50

SecLineAssess&Meas (+) [BrdSkills] (+)

Stage 2 45.1

−8/100.00

SecLineAggResidRiskMetrics (−) [TransTimeMon] (+) in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 363

Governance variable and description and source

1075. Banks – 2nd Line Risk Management Function –- Best Practice Template of Operational Risk and Compliance Risk Activities by Line of Accountability – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1076. Banks – 2nd Line Risk Management Function – Business Unit Separation of Operational Risk and Compliance Function – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1077. Banks – 2nd Line Risk Management Function – Challenging Decisions with Material Risks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS)

No

Table 10.2 (continued)

+7/87.50

+8/100.00

+7/87.50

SecLineBestPracTemplate (+) [BrdSkills] (+)

SecLineBUSepOpComp (+) [TransTimeMon] (+)

SecLineChallengeRisks (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 45.1

Stage 2 45.1

Stage 2 45.1

Section Ref. (Relational Effect Path in bold)

364 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1078. Banks – 2nd Line Risk Management Function – Closure of Issue by ‘Issue Owner’ and ‘Issue Manager’ – Specify Requirements to Verify Issue Closure – Reporting to Business Unit Management, CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1079. Banks – 2nd Line Risk Management Function – Compliance of Bank Activities – Access of Compliance Function to the Board – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1080. Banks – 2nd Line Risk Management Function – Compliance of Bank Activities – Authority of Compliance Function – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1081. Banks – 2nd Line Risk Management Function – Compliance of Bank Activities with Internal Codes of Conduct – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1082. Banks – 2nd Line Risk Management Function – Compliance of Bank Activities – Independence from Management – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) +8/100.00

+7/87.50

+7/87.50

+7/87.50

+7/87.50

SecLineClosureVerify (+) [TransTimeMon] (+)

SecLineComply Access (+) [BrdSkills] (+) SecLineComply Auth (+) [BrdSkills] (+) SecLineComply Codes* (+) (*interim variable) [BrdSkills] (+) SecLineComply IndMan (+) [BrdSkills] (+)

(continued)

Stage 2 45.14

Stage 2 45.14

Stage 2 45.14

Stage 2 45.14

Stage 2 45.5

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 365

Governance variable and description and source

1083. Banks – 2nd Line Risk Management Function – Compliance of Bank Activities with Applicable Laws – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1084. Banks – 2nd Line Risk Management Function – Compliance of Bank Activities with Compliance Manuals – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1085. Banks – 2nd Line Risk Management Function – Compliance of Bank Activities with Internal Policies – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1086. Banks – 2nd Line Risk Management Function – Compliance of Bank Activities with Practice Guidelines – Enhancement in Risk Management and Internal Monitoring Effect -– Enhancement in Quality of Decision-making (BCBS) 1087. Banks – 2nd Line Risk Management Function – Compliance of Bank Activities with Internal Procedures – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS)

No

Table 10.2 (continued)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

SecLineComply Laws (+) [BrdSkills] (+) SecLineComply Manual (+) [BrdSkills] (+) SecLineComply Policy (+) [BrdSkills] (+) SecLineComply PractGuides (+) [BrdSkills] (+) SecLineComply Proced (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 45.14

Stage 2 45.14

Stage 2 45.14

Stage 2 45.14

Stage 2 45.14

Section Ref. (Relational Effect Path in bold)

366 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1088. Banks – 2nd Line Risk Management Function – Recognition, Stature and Authority of Compliance Function – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1089. Banks – 2nd Line Risk Management Function – Compliance of Bank Activities with Applicable Regulations – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1090. Banks – 2nd Line Risk Management Function – Reporting of Compliance Function – Directly to Board – Enhancement in Information Flow to the Board – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1091. Banks – 2nd Line Risk Management Function – Compliance of Bank Activities – Resources of Compliance Function – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1092. Banks – 2nd Line Risk Management Function – Compliance of Bank Activities – No ‘Dual-Hatting’ of Head of Compliance Function with Other Functions – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) +8/100.00

+7/87.50

+8/100.00

+7/87.50

+7/87.50

SecLineComply RecogStat&Auth (+) [TransTimeMon] (+)

SecLineComply Regs (+) [BrdSkills] (+) SecLineComply ReportBrd (+) [TransTimeMon] (+)

SecLineComply Resources (+) [BrdSkills] (+) SecLineComply SingleHat (+) [BrdSkills] (+)

(continued)

Stage 2 45.14

Stage 2 45.14

Stage 2 45.14

Stage 2 45.14

Stage 2 13.1 45.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 367

Governance variable and description and source

1093. Banks – 2nd Line Risk Management Function – Compliance of Bank Activities – Stature/Status of Compliance Function – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1094. Banks – 2nd Line Risk Management Function – Whether Bank Should Engage in an Activity or Product – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1095. Banks – 2nd Line Risk Management Function – ASIC Definition for Conduct Risk Policy – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA)

No

Table 10.2 (continued)

+7/87.50

+8/100.00

+8/100.00

SecLineComply Stature (+) [BrdSkills] (+) SecLineComply ShouldWe? (+) [TransTimeMon] (+)

SecLineCondRiskDefine (+) [TransTimeMon] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 45.1

Stage 2 45.1

Stage 2 45.14

Section Ref. (Relational Effect Path in bold)

368 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1096. Banks – 2nd Line Risk Management Function – Policy for “Frontline and Risk Management Staff to Consider and Manage Conduct Risk arising from New and Changed Products” – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1097. Banks – 2nd Line Risk Management Function – Conduct Risk Review for Business Units and Decision-Making Processes – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1098. Banks – 2nd Line Risk Management Function – Conduct Risk Strategy “to Embed the ‘Should We?’ Question into Key DecisionMaking Processes” – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1099. Banks – 2nd Line Risk Management Function – “Control Environment is Robust, Reflecting Effective Control Design and Testing” – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) +8/100.00

+8/100.00

+8/100.00

+8/100.00

SecLineCondRiskProducts (+) [TransTimeMon] (+)

SecLineCondRiskReview (+) [TransTimeMon] (+)

SecLineCondRiskStrategy (+) [TransTimeMon] (+)

SecLineContDesignTest (+) [TransTimeMon] (+)

(continued)

Stage 2 45.1

Stage 2 45.1

Stage 2 45.1

Stage 2 45.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 369

Governance variable and description and source

1100. Banks – 2nd Line Risk Management Function –- Coordination with Finance and Treasury Functions – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) 1101. Banks – 2nd Line Risk Management Function –- Bank Culture – Perception of Second Line as Low Priority or Administrative – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA) 1102. Banks – 2nd Line Risk Management Function – Operational and Compliance Risk ‘Deep Dive’ Reviews – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1103. Banks – 2nd Line Risk Management Function – Absence of Detailed Metrics for Operational and Compliance Risk Profile – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA)

No

Table 10.2 (continued)

Stage 2 45.1 45.2

Stage 2 45.1

Stage 2 45.1

Stage 2 45.1

+7/87.50

−7/87.50

+8/100.00

−8/100.00

SecLineCultLowPriority (−) [BrdSkills] (+) in the negative direction SecLineDeepDiveReview (+) [TransTimeMon] (+)

SecLineDetailedMetrics (−) [TransTimeMon] (+) in the negative direction

Section Ref. (Relational Effect Path in bold)

SecLineCoordFinTreas (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

370 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1104. Banks – 2nd Line Risk Management Function – Approval and Documentation of Deviations from Roles and Responsibilities – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1105. Banks – 2nd Line Risk Management Function –- Failure of Early and Open Engagement of Line 2 Experts by Line 1 in Decision-making – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA) 1106. Banks – 2nd Line Risk Management Function – Early Warning System for Breach of Risk Appetite or Limits – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1107. Banks – 2nd Line Risk Management Function – ERM Function – Identification of External Risk Events – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (OECD Kirkpatrick Report 2009) 1108. Banks – 2nd Line Risk Management Function – ERM Function – Identification of Internal Risk Events – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (OECD Kirkpatrick Report 2009) 1109. Banks – 2nd Line Risk Management Function – ERM Function – Identification of Risk Event Opportunities – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (OECD Kirkpatrick Report 2009) Stage 2 45.1

−7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

SecLineEarlyEngage&Input (−) [BrdSkills] (+) in the negative direction SecLineEarlyWarnSys (+) [BrdSkills] (+)

SecLineERMIDRiskEventExt (+) [BrdSkills] (+)

SecLineERMIDRiskEventInt (+) [BrdSkills] (+)

SecLineERMIDRiskEventOpp (+) [BrdSkills] (+)

(continued)

Stage 2 45.2

Stage 2 45.2

Stage 2 45.2

Stage 2 45.1 45.2

Stage 2 45.1

+7/87.50

SecLineDeviations (+) [BrdSkills] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 371

Governance variable and description and source

1110. Banks – 2nd Line Risk Management Function – ERM Function – Internal Environment and Basis of Assessing Risk – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (OECD Kirkpatrick Report 2009) 1111. Banks – 2nd Line Risk Management Function – ERM Function – Objective Setting in Assessing Risk – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (OECD Kirkpatrick Report 2009) 1112. Banks – 2nd Line Risk Management Function – ERM Function – Align Risk Response to Risk Appetite – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (OECD Kirkpatrick Report 2009) 1113. Banks – 2nd Line Risk Management Function – ERM Function – Assessment of Risk Events (Generally) – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (OECD Kirkpatrick Report 2009) 1114. Banks – 2nd Line Risk Management Function – ERM Function – Assessment of Impact/Magnitude of Risk Event – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (OECD Kirkpatrick Report 2009)

No

Table 10.2 (continued)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

SecLineERMIntEnviro (+) [BrdSkills] (+)

SecLineERMObjective (+) [BrdSkills] (+)

SecLineERMRiskAppAlign (+) [BrdSkills] (+)

SecLineERMRiskAssess (+) [BrdSkills] (+)

SecLineERMRiskImpact (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 45.2

Stage 2 45.2

Stage 2 45.2

Stage 2 45.2

Stage 2 45.2

Section Ref. (Relational Effect Path in bold)

372 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1115. Banks – 2nd Line Risk Management Function – ERM Function – Assessment Likelihood of Risk Events – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (OECD Kirkpatrick Report 2009) 1116. Banks – 2nd Line Risk Management Function – ERM Function – Monitoring of Risk Management and Modifications Made – Enhancement in Risk Management and Monitoring Effect (OECD Kirkpatrick Report 2009) 1117. Banks – 2nd Line Risk Management Function – ERM Function – Risk Response Policies – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (OECD Kirkpatrick Report 2009) 1118. Banks – 2nd Line Risk Management Function – ERM Function – Risk Response Procedures – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (OECD Kirkpatrick Report 2009) 1119. Banks – 2nd Line Risk Management Function – ERM Function – Align Risk Response to Risk Tolerances – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (OECD Kirkpatrick Report 2009) 1120. Banks – 2nd Line Risk Management Function – “Capabilities and Subject Matter Expertise of Operational and Risk Compliance Staff” – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) +7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

SecLineERMRiskLikely (+) [BrdSkills] (+)

SecLineERMRiskMan&Mod (+) [BrdSkills] (+) SecLineERMRiskPolicy (+) [BrdSkills] (+) SecLineERMRiskProced (+) [BrdSkills] (+) SecLineERMRiskToler (+) [BrdSkills] (+)

SecLineExpertRiskStaff (+) [BrdSkills] (+)

(continued)

Stage 2 45.1

Stage 2 45.2

Stage 2 45.2

Stage 2 45.2

Stage 2 45.2

Stage 2 45.2

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 373

Governance variable and description and source

1121. Banks – 2nd Line Risk Management Function – Failure to Aggregate Risks from Specific Disaggregated Reporting – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA) 1122. Banks – 2nd Line Risk Management Function – Lack of Urgency and Comprehensiveness in Closing Audit Issues – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA) 1123. Banks – 2nd Line Risk Management Function – Complex Documentation of Policies – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA)

No

Table 10.2 (continued)

Stage 2 45.1

Stage 2 45.1

Stage 2 45.1

−8/100.00

−8/100.00

−8/100.00

SecLineFailCloseAudIssue (−) [TransTimeMon] (+) in the negative direction

SecLineFailComplexPolicies (−) [TransTimeMon] (+) in the negative direction

Section Ref. (Relational Effect Path in bold)

SecLineFailAggregate (−) [TransTimeMon] (+) in the negative direction

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

374 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1124. Banks – 2nd Line Risk Management Function – Key Controls for Inherently ‘Very High’ or ‘High’ Risks being Rated as Marginal or Unsatisfactory – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect (APRA) 1125. Banks – 2nd Line Risk Management Function – Line 2 Performing Line 1 Activities – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making – Reduction in Quality of Accountability/ Responsibility (APRA) 1126. Banks – 2nd Line Risk Management Function – Failure to Assess Issues Across Multiple Business Units – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) 1127. Banks – 2nd Line Risk Management Function – Failure to Aggregate Issues from Multiple Sources of Data – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (APRA) 1128. Banks – 2nd Line Risk Management Function – Failure of Adequate Number of Risk Professionals with Skill Sets – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA) Stage 2 45.10

Stage 2 45.10

Stage 2 45.1

−8/100.00

−8/100.00

−8/100.00

SecLineFailRedFlagMultiBU (−) [TransTimeMon] (+) in the negative direction SecLineFailRedFlagMultiSource (−) [TransTimeMon] (+) in the negative direction

(continued)

Stage 2 45.1

−8/100.00

SecLineFailLine1Activity (−) [TransTimeMon] (+) in the negative direction

SecLineFailRiskProfess (−) [TransTimeMon] (+) in the negative direction

Stage 2 45.1

−8/100.00

SecLineFailKeyControls (−) [TransTimeMon] (+) in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 375

Governance variable and description and source

1129. Banks – 2nd Line Risk Management Function – Over-Focus on Assessing Compliance with Policies and Procedures – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA) 1130. Banks – 2nd Line Risk Management Function – Rules-based Policies with Heavy Procedural Bias – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA) 1131. Banks – 2nd Line Risk Management Function – Failure to Proactively Identify, Measure and Manage Potential Risks and Vulnerabilities – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA)

No

Table 10.2 (continued)

Stage 2 45.1

Stage 2 45.1

Stage 2 45.1

−8/100.00

−8/100.00

−8/100.00

SecLineFailRuleBasedPolicies (−) [TransTimeMon] (+) in the negative direction

SecLineFailRuleProactive (−) [TransTimeMon] (+) in the negative direction

Section Ref. (Relational Effect Path in bold)

SecLineFailRuleAssessComply (−) [TransTimeMon] (+) in the negative direction

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

376 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1132. Banks – 2nd Line Risk Management Function – Group Risk Appetite Statement (RAS) to Include “Limits and Triggers for ‘More Granular’ Operational and Compliance Risk Metrics by Theme” – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1133. Banks – 2nd Line Risk Management Function – Head of Compliance to be Appointed and Removed by BRC – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1134. Banks – 2nd Line Risk Management Function – Head of Compliance to have Direct Access to Board – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1135. Banks – 2nd Line Risk Management Function – Head of Compliance to be Member of Executive Committee – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) +8/100.00

+8/100.00

+8/100.00

+8/100.00

SecLineGrpRASLimitTrig (+) [TransTimeMon] (+)

SecLineHeadAppointRemoveBRC (+) [TransTimeMon] (+)

SecLineHeadBrdAccess (+) [TransTimeMon] (+)

SecLineHeadComplyEC (+) [TransTimeMon] (+)

(continued)

Stage 2 45.1

Stage 2 45.1

Stage 2 45.1

Stage 2 45.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 377

Governance variable and description and source

1136. Banks – 2nd Line Risk Management Function – Head of Compliance to be Member of Non-Financial Risk Committee – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1137. Banks – 2nd Line Risk Management Function – “Focus on ‘Big Picture’ and Identify Emerging Risks” – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1138. Banks – 2nd Line Risk Management Function – Identification of Material Risks (Aggregate) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1139. Banks – 2nd Line Risk Management Function – Identification of Material Risks (Emerging) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS)

No

Table 10.2 (continued)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

SecLineHeadComplyNFRC (+) [TransTimeMon] (+)

SecLineIDEmergeRisk (+) [TransTimeMon] (+)

SecLineIDRisksAgg (+) [TransTimeMon] (+)

SecLineIDRisksEmerge (+) [TransTimeMon] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 45.1

Stage 2 45.1

Stage 2 45.1

Stage 2 45.1

Section Ref. (Relational Effect Path in bold)

378 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1140. Banks – 2nd Line Risk Management Function – Identification of Material Risks (Individual) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1141. Banks – 2nd Line Risk Management Function – Logging of ‘Incident’ “Causing Unexpected Outcomes from Business Processes” – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1142. Banks – 2nd Line Risk Management Function –- Independence from Organisations/Activities/Business Units to be Reviewed – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF and APRA) 1143. Banks – 2nd Line Risk Management Function – Reporting of Individual Portfolio Risk for Early Action – To CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1144. Banks – 2nd Line Risk Management Function – Closure of Issue by ‘Issue Owner’ and ‘Issue Manager’ – Reporting to Business Unit Management, CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (APRA) +8/100.00

+8/100.00

+7/87.50

+8/100.00

+8/100.00

SecLineIDRisksIndiv (+) [TransTimeMon] (+)

SecLineIncidentLog (+) [TransTimeMon] (+)

SecLineInd (+) [BrdSkills] (+)

SecLineIndivPortRisk (+) [TransTimeMon] (+)

SecLineIssueClosure (+) [TransTimeMon] (+)

(continued)

Stage 2 45.5

Stage 2 45.5

Stage 2 45.1

Stage 2 45.5

Stage 2 45.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 379

Governance variable and description and source

1145. Banks – 2nd Line Risk Management Function – Logging of ‘Issue’ of “Control Weakness or Gap that Exposes the Bank to Potential Losses, Reputational Damage or Breach of Regulation” – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1146. Banks – 2nd Line Risk Management Function – Rating of Logged Issues – Rating According to “Likelihood an Incident Will Occur in Next 12 Months and Potential Impact” – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1147. Banks – 2nd Line Risk Management Function – Minimum Standards in Group Policies – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1148. Banks – 2nd Line Risk Management Function – Information Silos – Impediment to Risk Reporting for Early Action – Reduction in Information Flow – Diminution/Failure of Monitoring Effect – Reduction in Quality of Decision-making (BCBS)

No

Table 10.2 (continued)

Stage 2 45.1

Stage 2 45.5

+8/100.00

−8/100.00

SecLineMinStandGrpPols (+) [TransTimeMon] (+)

SecLineNonDiscloseSilos (−) [TransTimeMon] (+) in the negative direction

Stage 2 45.5

+8/100.00

SecLineIssueRating (+) [TransTimeMon] (+)

Stage 2 45.5

+8/100.00

Section Ref. (Relational Effect Path in bold)

SecLineIssueLog (+) [TransTimeMon] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

380 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1149. Banks – 2nd Line Risk Management Function – Absence of Metrics for Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA) 1150. Banks – 2nd Line Risk Management Function – Operational Risk Monitoring Register – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1151. Banks – 2nd Line Risk Management Function – Prioritisation, Conciseness and Contextualisation of Risk Reporting for Early Action – To CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1152. Banks – 2nd Line Risk Management Function – Failure to Escalate Problems or Red Flags in relation to Business Strategy – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (BCBS) 1153. Banks – 2nd Line Risk Management Function – Failure to Escalate Problems or Red Flags in relation to Firm Financial Condition – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (BCBS) Stage 2 45.5

Stage 2 45.2 45.9

Stage 2 45.2 45.9

+8/100.00

−8/100.00

−8/100.00

SecLinePriorityContextRisk (+) [TransTimeMon] (+)

SecLineRedFlagBusStrat (−) [TransTimeMon] (+) in the negative direction SecLineRedFlagFinCond (−) [TransTimeMon] (+) in the negative direction

(continued)

Stage 2 45.1

+8/100.00

SecLineOpRiskMonReg (+) [TransTimeMon] (+)

Stage 2 45.1

−8/100.00

SecLineOpComplyMetrics (−) [TransTimeMon] (+) in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 381

Governance variable and description and source

1154. Banks – 2nd Line Risk Management Function – Failure to Escalate Problems or Red Flags in relation to Firm Financial Performance – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (BCBS) 1155. Banks – 2nd Line Risk Management Function – Failure by Senior Management to Escalate Problems or Red Flags in relation to Failures in Internal Controls – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (BCBS) 1156. Banks – 2nd Line Risk Management Function – Failure to Escalate Problems or Red Flags in relation to Legal or Regulatory Issues – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (BCBS) 1157. Banks – 2nd Line Risk Management – Failure to Escalate Problems or Red Flags in relation to Risk Appetite – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (BCBS) 1158. Banks – 2nd Line Risk Management Function – Failure to Escalate Problems or Red Flags in relation to Breaches of Risk Limits and Compliance Rules – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (BCBS)

No

Table 10.2 (continued)

Stage 2 45.2 45.9

Stage 2 45.2 45.9

Stage 2 45.2 45.9

Stage 2 45.2 45.9

Stage 2 45.2 45.9

−8/100.00

−8/100.00

−8/100.00

−8/100.00

−8/100.00

SecLineRedFlagIntConts (−) [TransTimeMon] (+) in the negative direction

SecLineRedFlagLegal (−) [TransTimeMon] (+) in the negative direction SecLineRedFlagRiskApp (−) [TransTimeMon] (+) in the negative direction SecLineRedFlagRiskLimit (−) [TransTimeMon] (+) in the negative direction

Section Ref. (Relational Effect Path in bold)

SecLineRedFlagFinPerform (−) [TransTimeMon] (+) in the negative direction

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

382 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1159. Banks – 2nd Line Risk Management Function – Failure to Escalate Problems or Red Flags in relation to Risk Strategy – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (BCBS) 1160. Banks – 2nd Line Risk Management Function – Failure to Escalate Problems or Red Flags in relation to Whistleblowing Procedures – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (BCBS) 1161. Banks – 2nd Line Risk Management Function – Review of Roles and Responsibilities of Line 1 and Line 2 to Executive Committee and BRC – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1162. Banks – 2nd Line Risk Management Function – Risk Governance Framework including Risk Culture, Appetite and Limits in Managing Day-to-Day Activities – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (BCBS and IIF) 1163. Banks – 2nd Line Risk Management Function – Risk Monitoring of Risk Activities including Risk Appetite – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1164. Banks – 2nd Line Risk Management Function – Risk Monitoring of Risk Activities including Risk Limits – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) Stage 2 45.2 45.5 45.9

−8/100.00

+7/87.50

+7/87.50

+7/87.50

+7/87.50

SecLineRedFlagRiskWhistle (−) [TransTimeMon] (+) in the negative direction SecLineReviewRoles&Resp (+) [BrdSkills] (+)

SecLineRiskFrameDayToDay (+) [BrdSkills] (+)

SecLineRiskMonApp (+) [BrdSkills] (+)

SecLineRiskMonLimits (+) [BrdSkills] (+)

(continued)

Stage 2 45.1

Stage 2 45.1

Stage 2 45.1

Stage 2 45.1

Stage 2 45.2 45.9

−8/100.00

SecLineRedFlagRiskStrat (−) [TransTimeMon] (+) in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 383

Governance variable and description and source

1165. Banks – 2nd Line Risk Management Function – Risk Monitoring of Risk Activities including Capital/Liquidity Needs – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1166. Banks – 2nd Line Risk Management Function – Absence of Metrics for Operational and Compliance Risk Profile – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA) 1167. Banks – 2nd Line Risk Management Function – Reporting of Risk According Severity Trigger ($) to Appropriate/Predetermined Level – Reporting to CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions on all 2nd Line Responsibilities/Functions – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1168. Banks – 2nd Line Risk Management Function – ‘Root Causes’ Addressed in Timely and Effective Manner – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA)

No

Table 10.2 (continued)

Stage 2 45.1

−8/100.00

+8/100.00

+8/100.00

SecLineRiskProfileMetrics (−) [TransTimeMon] (+) in the negative direction SecLineRiskReportTrigLevel (+) [TransTimeMon] (+)

SecLineRootCauses (+) [TransTimeMon] (+)

Stage 2 45.1

Stage 2 45.5

Stage 2 45.1

+7/87.50

Section Ref. (Relational Effect Path in bold)

SecLineRiskMonCap/Liq (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

384 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1169. Banks – 2nd Line Risk Management Function – Reporting of Scenario Tests/Analyses for Early Action – To CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1170. Banks – 2nd Line Risk Management Function –- Specify Roles and Responsibilities of Line 1 and Line 2 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1171. Banks – 2nd Line Risk Management Function –- Failure of Second Line to Sign-Off for Initiatives that Materially Change Risk Profile – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA) 1172. Banks – 2nd Line Risk Management Function –- Failure of Staff Training in Roles and Responsibilities – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (APRA) 1173. Banks – 2nd Line Risk Management Function – Standard and Methodology for Completing Minimum Compliance Monitoring Requirements – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) Stage 2 45.1

Stage 2 45.1

−7/87.50

−7/87.50

+8/100.00

SecLineSign-OffRiskProfile (−) [BrdSkills] (+) in the negative direction SecLineStaffTraining (−) [BrdSkills] (+) in the negative direction SecLineStandMonReqs (+) [TransTimeMon] (+)

(continued)

Stage 2 45.1

Stage 2 45.1

+7/87.50

SecLineSetRoles&Resp (+) [BrdSkills] (+)

Stage 2 45.2 45.5

+8/100.00

SecLineScenarioRisk (+) [TransTimeMon] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 385

Governance variable and description and source

1174. Banks – 2nd Line Risk Management Function – Reporting of Stress-Test Risks for Early Action – To CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1175. Banks – 2nd Line Risk Management Function – Timing, Accuracy and Understandability of Risk Reporting for Early Action – To CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making (BCBS) 1176. Banks – 2nd Line Risk Management Function –- Risk Staff Training and Recruitment – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA) 1177. Banks – SedgwickRev – Board Oversight of Governance, Culture, Remuneration and Performance – Bank Culture to be based on Ethics and Customer Service – Enhancement of Level of RiskTaking in Alignment with Shareholders (Sedgwick)

No

Table 10.2 (continued)

+8/100.00

+8/100.00

+7/87.50

+7/87.50

SecLineStressRisk (+) [TransTimeMon] (+)

SecLineTimeAccUstandRisk (+) [TransTimeMon] (+)

SecLineTrainRecruit (+) [BrdSkills] (+)

SedgCult9EthicsCustServ (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 19.3

Stage 2 45.1

Stage 2 45.5

Stage 2 45.2 45.5

Section Ref. (Relational Effect Path in bold)

386 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1178. Banks – SedgwickRev – Board Oversight of Governance, Culture, Remuneration and Performance – Removal of Sales Bias from Bank Culture – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Sedgwick) 1179. Banks – SedgwickRev – Board Oversight of Governance, Culture, Remuneration and Performance – Bank to Review Performance Management System to Align Staff Incentives with Recs 2–8 – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Sedgwick) 1180. Banks – SedgwickRev – Board Oversight of Governance, Culture, Remuneration and Performance – Bank to Review Performance Management System to Embed Recs 2–8 – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Sedgwick) 1181. Banks – SedgwickRev – Board Oversight of Governance, Culture, Remuneration and Performance – Managers to Reflect Ethical and Customer Focus with Staff, in Performance Management and Allocating Variable Rewards – Enhancement of Level of RiskTaking in Alignment with Shareholders (Sedgwick) 1182. Banks – SedgwickRev – Board Oversight of Governance, Culture, Remuneration and Performance – Removal of Leaderboards from Bank Culture in Favour of Ethics and Customer Outcome Enhancement of Level of Risk-Taking in Alignment with Shareholders (Sedgwick) +7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

SedgCult9RemoveSalesBias (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) SedgCult10AlignIncent (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

SedgCult10PerfManSyst (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) SedgCult11ManFocusEthicsCust (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

SedgCult12MethodFocusEthicsCust (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

(continued)

Stage 2 19.3

Stage 2 19.3

Stage 2 19.3

Stage 2 19.3

Stage 2 19.3

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 387

Governance variable and description and source

1183. Banks – SedgwickRev – Board Oversight of Governance, Culture, Remuneration and Performance – Dominant Variable Reward and Performance Measures for Senior and Middle-Level Executives to Reflect Ethical and Non-Financial Customer Measures – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Sedgwick) 1184. Banks – SedgwickRev – Board Oversight of Governance, Culture, Remuneration and Performance – Variable Reward and Performance Measures for Senior and Middle-Level Executives to Reflect Breadth of Role – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Sedgwick) 1185. Banks – SedgwickRev – Board and CEO Oversight of Governance, Culture, Remuneration and Performance – Boards and CEO Provide Feedback Channels for Frontline Staff Feedback and Whistleblower Arrangements – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Sedgwick) 1186. Banks – SedgwickRev – Board and CEO Oversight of Governance, Culture, Remuneration and Performance – Boards and CEO Implement Sedgwick Review Recommendations and Report in Annual Report to Shareholders - Enhancement of Level of RiskTaking in Alignment with Shareholders (Sedgwick)

No

Table 10.2 (continued)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

SedgCult13SnrMidExecEthicsCust (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

SedgCult13SnrMidExecsPerfMeas (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

SedgCult14BrdCEOFeedbackWhistle (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

SedgCult14BrdCEOImplementRecs (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 19.3

Stage 2 19.3

Stage 2 19.3

Stage 2 19.3

Section Ref. (Relational Effect Path in bold)

388 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

SManRedFlagBusStrat (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction SManRedFlagFinCond (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction SManRedFlagFinPerform (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

1188. Banks – Risk Management – Failure by Senior Management to Escalate Problems or Red Flags in relation to Business Strategy – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (BCBS) 1189. Banks – Risk Management – Failure by Senior Management to Escalate Problems or Red Flags in relation to Firm Financial Condition – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (BCBS) 1190. Banks – Risk Management – Failure by Senior Management to Escalate Problems or Red Flags in relation to Firm Financial Performance – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (BCBS) 1191. Banks – Risk Management – Failure by Senior Management to Escalate Problems or Red Flags in relation to Failures in Internal Controls – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (BCBS) SManRedFlagIntConts (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

ShortTOpts (−)

1187. Short-Term Option Holdings/Plans of Directors and Executives (Stage 1)

Stage 2 40.3.1 45.2

Stage 2 40.3.1 45.2

−8/100.00

−8/100.00

(continued)

Stage 2 40.3.1 45.2

Stage 1 5.2.2.1 5.2.3.2.1 6.2.3.1.4 10.2.5.1 Stage 2 11.2 12.20 Stage 2 40.3.1 45.2

−8/100.00

−8/100.00

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 389

Governance variable and description and source

1192. Banks – Risk Management – Failure by Senior Management to Escalate Problems or Red Flags in relation to Legal or Regulatory Issues – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (BCBS) 1193. Banks – Risk Management – Failure by Senior Management to Escalate Problems or Red Flags in relation to Risk Appetite – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (BCBS) 1194. Banks – Risk Management – Failure by Senior Management to Escalate Problems or Red Flags in relation to Breaches of Risk Limits and Compliance Rules – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (BCBS) 1195. Banks – Risk Management – Failure by Senior Management to Escalate Problems or Red Flags in relation to Risk Strategy – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (BCBS) 1196. Banks – Risk Management – Failure by Senior Management to Escalate Problems or Red Flags in relation to Whistleblowing Procedures – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making (BCBS)

No

Table 10.2 (continued)

SManRedFlagRiskStrat (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction SManRedFlagRiskWhistle (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

SManRedFlagLegal (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction SManRedFlagRiskApp (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction SManRedFlagRiskLimit (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) in the negative direction

Stage 2 40.3.1 45.2

Stage 2 40.3.1 45.2

Stage 2 40.3.1 45.2

Stage 2 40.3.1 45.2

Stage 2 40.3.1 45.2 45.5

−8/100.00

−8/100.00

−8/100.00

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

390 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Stage 2 45.3

Stage 1 8.3.1 8.3.1.1 Stage 2 37.8.2 45.2 Stage 2 27.3 37.8.1 45.2

+7/87.50

−8/100.00 −8/100.00

−8/100.00

SManSecLineResources (+) [BrdSkills] (+)

StagBrdElect (−) TransTimeFinProd (−) [TransTimeMon] (+) in the negative direction TransTimeHideLev (−) [TransTimeMon] (+) in the negative direction

1201. Banks – Deficiencies in Disclosure of Financial Products – Reduction in Transparency and Timing of Reporting and Internal and External Monitoring (IIF) 1202. Banks – ‘Hidden Leverage’ in Financial Statements and OffBalance-Sheet Entities – Reduction in Transparency and Timing of Reporting and Internal and External Monitoring (Sahlman)

(continued)

Stage 2 45.3

+7/87.50

SManSecLinePlanBudget (+) [BrdSkills] (+)

Stage 2 45.3

+7/87.50

SManSecLineExperStatus (+) [BrdSkills] (+)

1197. Banks – Senior Management –- Experience, Qualification and Status (All High) of 2nd Line Risk Management Personnel – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (IIF) 1198. Banks – Senior Management – Resources Provided to 2nd Line by Senior Management to be Available for Planning and Budgeting – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (IIF) 1199. Banks – Senior Management –- Amount and Quality of Resources Provided to 2nd Line by Senior Management – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making (IIF) 1200. Staggered Board Elections (Stage 1)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 391

Governance variable and description and source

1203. Transparency and Timing of Reporting – Monitoring Effect (Stage 1)

No

Table 10.2 (continued)

TransTimeMon (+) +8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox Stage 1 5.2.1.1 5.2.3 5.2.5.1 6.2.3.1.3 9.1.2.1 Stage 2 1.1 1.6 3.7 4.5 4.6 4.7 4.12 5 9.2 10 12.7 12.17 13.3 13.4 17.3 20.1 20.2 20.3 20.5 20.7 20.8

Section Ref. (Relational Effect Path in bold)

392 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

(continued)

20.9 27.3 29.6 29.7 29.8 30.3 30.4 30.7 30.8 30.9 31.3 32.1 36.2 36.3 36.7 36.8 36.9 36.10 37.7.1 37.8.2 38 38.3.1 38.3.3 38.4 38.5 38.6 38.7 38.8 38.9 38.10 38.11 38.12 38.13 38.14

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 393

No

Governance variable and description and source

Table 10.2 (continued) Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox 38.15 38.16 38.17 38.18 38.19 38.20 38.21 38.22 38.23 39 39.18 40.1 40.3.1 41.5 42.1 42.6 43.5 43.6 44.8 44.9 45.1 45.3 45.5 45.7 45.8 45.9 45.10

Section Ref. (Relational Effect Path in bold)

394 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

+7/87.50

−8/100.00

WBCAllocateInvest BSRProc (+) [BrdSkills] (+) WBCAudFail AmberAudits (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction

1205. Banks – WBCAllocateInvest – Financial Prioritisation – Investment Allocation Decisions – Board Strategy Review Process for Executive Team and Board for High-Level Initiatives – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1206. Banks – Audit Committee and Board Oversight of Risk Management – Reporting From Group Audit – Failure of Reports to Include Summary or Thematic Information on All Amber Audits – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac)

−4/50.00

TransTimeRedn (−)

1204. Transparency and Timing of Reporting – Information Flow Reduction Effect (Stage 1)

(continued)

Stage 2 36.3

45.11 45.12 45.14 45.15 48 49 49.2 50.1 50.2 50.3 Stage 1 5.2.3 5.2.5.1 6.2.3.1.3 9.1.2.1 Stage 2 29.9

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 395

Governance variable and description and source

1207. Banks – Audit Committee and Board Oversight of Risk Management – Reporting From Group Audit – Failure of Reports to Include Extensions to Agreed Due Dates to Resolve ‘High-Rated Issues’ – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1208. Banks – Audit Committee and Board Oversight of Risk Management – Reporting From Group Audit – Failure of Reports to Include Every ‘Red’ Audit or Actions and Deadlines to Address Issues in ‘Red’ Audits – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (Westpac) 1209. Banks – Board Risk Committee –- Assessment of the Efficiency and Adequacy of Time Allocated for BRC Work - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac) 1210. Banks – Board Risk Committee – Assessment of Employees to Avoid Over-reliance on Individuals – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac)

No

Table 10.2 (continued)

Stage 2 36.3

−8/100.00

+7/87.50

+7/87.50

WBCAudFail RedAudits (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction

WBCBRC AssessEffic&AdeqTime (+) [BrdSkills] (+) WBCBRC AssessEmploy (+) [BrdSkills] (+)

Stage 2 43.4

Stage 2 43.4

Stage 2 36.3

−8/100.00

Section Ref. (Relational Effect Path in bold)

WBCAudFail InformExtend (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

396 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1211. Banks – Board Risk Committee – Attendance of General Manager of Group Audit – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac) 1212. Banks – Board Risk Committee – BRC Chair to Meet Presenters Before BRC Meeting – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac) 1213. Banks – Board Risk Committee – Chair of BRC to be Member of Board Audit Committee – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (Westpac) 1214. Banks – Board Risk Committee – Direct Access to Responsible Employees for Specific Risks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac) 1215. Banks – Board Risk Committee – Enhancement of Contents of BRC Reports – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decisionmaking – Enhancement in Quality of Accountability/Responsibility (Westpac) 1216. Banks – Board Risk Committee –- BRC Oversight of Issue Resolution and Closure – 30% of Issues are Extended – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) Stage 2 43.6

Stage 2 43.4

+8/100.00

−7/87.50

WBCBRC EnhanceReportContents (+) [TransTimeMon] (+) WBCBRC ExtendedIssues (−) [BrdSkills] (+) in the negative direction

(continued)

Stage 2 43.4

+7/87.50

WBCBRC DirectAccess (+) [BrdSkills] (+)

Stage 2 43.6

Stage 2 43.4

+7/87.50

+8/100.00

Stage 2 43.4

+7/87.50

WBCBRC ChairMemberAudCom (+) [TransTimeMon] (+)

WBCBRC AttendGMGrpAudit (+) [BrdSkills] (+) WBCBRC ChairMeetPresent (+) [BrdSkills] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 397

Governance variable and description and source

1217. Banks – Board Risk Committee – Key Considerations Do Not Always Highlight Main Points or Gravity of a Particular Risk – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1218. Banks – Board Risk Committee – Monitoring of Risk Appetite – Non-Financial Risk Classes Outside Appetite ‘Red’ – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1219. Banks – Board Risk Committee – Monitoring of Risk Appetite – Non-Financial Risk Classes Outside Appetite ‘Red’ – “Result of the Later Maturation of Non-Financial Risk Management” for Appetites Set After Business Practice Began – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1220. Banks – Board Risk Committee – Monitoring of Risk Appetite – Non-Financial Risk Classes Outside Tolerance ‘Amber’ – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac)

No

Table 10.2 (continued)

Stage 2 41.5

Stage 2 41.5

Stage 2 41.5

−8/100.00

−8/100.00

−8/100.00

WBCBRC FailNFRMaturation (−) [TransTimeMon] (+) but in the negative direction

WBCBRC FailNFRTolerAmber (−) [TransTimeMon] (+) but in the negative direction

WBCBRC FailKeyConsids&Gravity (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction WBCBRC FailNFRAppetiteRed (−) [TransTimeMon] (+) but in the negative direction

Stage 2 43.6

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

398 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1221. Banks – Board Risk Committee – Monitoring of Risk Appetite – Non-Financial Risk Classes Outside Appetite ‘Red’ – Failure to Take Prompt Remedial Action vis-à-vis Number and Duration of Risks – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1222. Banks – Board Risk Committee – Monitoring of Risk Appetite – Failure to Quantify Appetite for Conduct Risk – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1223. Banks – Board Risk Committee – Failure to Highlight “Top Issues” and Report and Escalate Issues – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1224. Banks – Board Risk Committee – Group Executives of each Division Prepare and Submit an Update to the BRC – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (Westpac) 1225. Banks – Board Risk Committee –- BRC Oversight of Issue Resolution and Closure – “Percentage of High-Rated Issues Extended More than Once is Outside of Risk Appetite” – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) Stage 2 43.6

Stage 2 43.6

Stage 2 43.4

−8/100.00

+8/100.00

−7/87.50

WBCBRC FailTopIssues&Escalate (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction WBCBRC GroupExecDivnUpdate (+) [TransTimeMon] (+)

(continued)

Stage 2 41.5

−8/100.00

WBCBRC FailQuantConduct (−) [TransTimeMon] (+) but in the negative direction

WBCBRC High-RatedExtendedIssues (−) [BrdSkills] (+) in the negative direction

Stage 2 41.5

−8/100.00

WBCBRC FailPromptRemedAction (−) [TransTimeMon] (+) but in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 399

Governance variable and description and source

1226. Banks – Board Risk Committee –- BRC Oversight of Issue Resolution and Closure – 16% of Open Issues are Long-outstanding Issues (more than 365 days) – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1227. Banks – Board Risk Committee – Overly-extensive Level of Analysis and Documentation in Reporting to BRC – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1228. Banks – Board Risk Committee – Volume and Complexity of Agenda items, Reports and Information for BRC Members – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1229. Banks – Board – Failure of Customer Complaints Dashboard to Board – Failure to Report Negative ‘Tail’ of Most Serious and Extreme Customer Complaints – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac)

No

Table 10.2 (continued)

Stage 2 43.4

Stage 2 43.6

Stage 2 43.6

Stage 2 45.11

−7/87.50

−8/100.00

−8/100.00

−8/100.00

WBCBRC OverExtenAnalyis&Docs (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction WBCBRC VolumeComplexInfo (−) [FailRedFlag] (−) identical to [TransTimeMon] (+) but in the negative direction WBCBrdCust FailRedFlagTail (−) [TransTimeMon] (+) in the negative direction

Section Ref. (Relational Effect Path in bold)

WBCBRC Long-OutstandIssues (−) [BrdSkills] (+) in the negative direction

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

400 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1230. Banks – Board – Reporting of Customer Complaints Dashboard to Board – Enhancement in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1231. Banks – WBCBrdRep – Reporting to the Board – Reporting for Investment Allocation Decisions of the EIP (Enterprise Investment Pool) – Decisions Approving Overall Size and Allocation of EIP – Failure to Describe the Risk and Compliance Issues of Not Proceeding with An Initiative thus Under-weighing Risk Considerations – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (Westpac) 1232. Banks – Business Units – Operation of Line 1 – Clarify Roles and Responsibilities Across All 3 Lines of Defence for Non-financial Risks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac) 1233. Banks – Business Units – Operation of Line 1 – Enhancement of Ownership and Accountability of Line 1 for Risk and Compliance Management – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac) 1234. Banks – Business Units – Operation of Line 1 – Line 1 Enhancement of Sufficient Skills, Capabilities and Mindsets to Mature Ownership of Risks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac) +7/87.50

+7/87.50

WBCBU EnhanceRiskOwn&Acc (+) [BrdSkills] (+) WBCBU EnhanceSkillsCapMind (+) [BrdSkills] (+)

(continued)

Stage 2 42.1

Stage 2 42.1

Stage 2 42.1

Stage 2 30.4

−8/100.00

+7/87.50

Stage 2 45.11

+8/100.00

WBCBU ClarifyRoles&Resps3LODNFRs (+) [BrdSkills] (+)

WBCBrdCust RedFlagDashboard (+) [TransTimeMon] (+) WBCBrdRep AllocateEIPRiskComply (−) [TransTimeMon] (+) in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 401

Governance variable and description and source

1235. Banks – Business Units – Operation of Line 1 – Blurring of Line 1 and Line 2 – Line 2 Performing Line 1 Activities for Inadequate Line 1 Maturity – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1236. Banks – Business Units – Operation of Line 1 – Blurring of Line 1 and Line 2 – Line 2 Performing Line 1 Activities for Inadequate Line 1 Maturity – Reduction of Independence of Review and Challenge of Line 1 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1237. Banks – Business Units – Operation of Line 1 – Line 1 Failure of Ownership and Accountability of the Risks of the Business Unit – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1238. Banks – Business Units – Operation of Line 1 – Line 1 Failure of Clarity or Understanding of Risk Ownership Principles – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1239. Banks – Business Units – Operation of Line 1 – Failure to Describe L1 and L2 Roles and Responsibilities for Non-financial Risks – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac)

No

Table 10.2 (continued)

WBCBU FailRiskOwn (−) [BrdSkills] (+) in the negative direction WBCBU FailRiskOwnPrinciples (−) [BrdSkills] (+) in the negative direction WBCBU FailRoles&RespsL1&L2NFRs (−) [BrdSkills] (+) in the negative direction

WBCBU FailBlurredL1&L2 (−) [BrdSkills] (+) in the negative direction WBCBU FailIndepL1&L2 (−) [BrdSkills] (+) in the negative direction

Stage 2 42.1

Stage 2 42.1

Stage 2 42.1

Stage 2 42.1

Stage 2 42.1

−7/87.50

−7/87.50

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

402 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1245.

1244.

1243.

1242.

WBCComp DeferralFrameAllSTVR (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) WBCComp FixedPaySalary (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) Banks – WBCComp – Compensation/Remuneration Committee – WBCComp Long Term Variable Reward in the Form of Deferred Shares or Share LTVRShares&RightsRestrictPerf Rights Subject to Restrictions and Performance Hurdles – (+) Enhancement of Level of Risk-Taking in Alignment with [EqOptRiskAlignHighEnd] (+) Shareholders identical to [EqOptIncent] (+) (Westpac) Banks – WBCComp – Compensation/Remuneration Committee – WBCComp No Clawback for Variable Reward After Vested or Paid – RiskMalusNoClawback Taking in Excess of Risk Appetite – Likelihood of Bank Failure (−) (Westpac) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) Banks – WBCComp – Compensation/Remuneration Committee – WBCComp Malus Provisions for Variable Reward Granted But Not Yet MalusNotVested Vested – Enhancement of Level of Risk-Taking in Alignment with (+) Shareholders [EqOptRiskAlignHighEnd] (+) (Westpac) identical to [EqOptIncent] (+) Banks – WBCComp – Compensation/Remuneration Committee – WBCComp Problems in Navigating Multiple Group and Divisional Frameworks MultiGrp&DivFrames and Policies – Risk-Taking in Excess of Risk Appetite – Likelihood (−) of Bank Failure [EqOptRiskFailHighEnd] (−) (Westpac) identical to [EqOptEntrch] (−)

1240. Banks – WBCComp – Compensation/Remuneration Committee – Group Variable Reward Deferral Framework for All Employees Receiving STVR – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac) 1241. Banks – WBCComp – Compensation/Remuneration Committee – Fixed Pay Comprising Salary and Salary-Sacrificed Items (Westpac)

Stage 2 15.4

−7/87.50

(continued)

Stage 2 15.5

Stage 2 15.5

−7/87.50

+7/87.50

Stage 2 15.1

Stage 2 15.1

+7/87.50

+7/87.50

Stage 2 15.6

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 403

Governance variable and description and source

1247. Banks – WBCComp – Compensation/Remuneration Committee – Problems of Consistency in Divisions and Committees Defining/ Referring Terms including to Risk Gate and Risk Adjustment Criteria – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (Westpac) 1248. Banks – WBCComp – Compensation/Remuneration Committee – Early Implementation of Sedgwick Review Recommendations by 1 October 2018 – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac) 1249. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward in Form of Cash, Deferred Shares or Share Rights – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac) 1250. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Division-Level Risk Gate Criteria – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac)

1246. Banks – WBCComp – Compensation/Remuneration Committee – Problems of Consistency in Recording Practices – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (Westpac)

No

Table 10.2 (continued)

WBCComp SedgwickReview (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) WBCComp STVRCash&DeferShares&Rights (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) WBCComp STVRDivLvlRiskGateCriteria (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

WBCComp MultiRecordPractices (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) WBCComp MultiTerms (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

Stage 2 15.7

Stage 2 15.1

Stage 2 15.2

+7/87.50

+7/87.50

Stage 2 15.4

−7/87.50

+7/87.50

Stage 2 15.4

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

404 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1251. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Division-Level Risk Gate Criteria – Variation Between Divisions with Specificity/Clarity of Criteria – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (Westpac) 1252. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Group-wide Risk Gate Criteria of Code of Conduct – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac) 1253. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Group-wide Risk Gate Criteria of Risk Management and Compliance Requirements – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac) 1254. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments for Risk, Compliance and Behaviour Criteria – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac) 1255. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments for Employees on Discretionary STVR Plans without Scorecards – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac) Stage 2 15.2

WBCComp +7/87.50 STVRGrpWideRiskGateCode (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) WBCComp +7/87.50 STVRGrpWideRiskGateRisk&Comply (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) WBCComp STVRRiskAdjustCriteria (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) WBCComp STVRRiskAdjustDiscretion (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

Stage 2 15.3

+7/87.50

(continued)

Stage 2 15.3

+7/87.50

Stage 2 15.2

Stage 2 15.2

−7/87.50

WBCComp STVRDivLvlRiskGateVariation (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 405

Governance variable and description and source

1256. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments for Employees on Discretionary STVR Plans without Scorecards – Formal Risk Adjustments Rare and No Recording of Discrete Risk Adjustments Limiting Effectiveness – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (Westpac) 1257. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments – Perceived “Anchor” or Indicative Level of STVR to which Adjustments are Made Restricts Impact on Risk Behaviours – RiskTaking in Excess of Risk Appetite – Likelihood of Bank Failure (Westpac) 1258. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments – Failure to Produce Aggregated Data of Total Risk Adjustments – RiskTaking in Excess of Risk Appetite – Likelihood of Bank Failure (Westpac) 1259. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments – Failure to Produce Reasons for Adjustments at Aggregated Level – RiskTaking in Excess of Risk Appetite – Likelihood of Bank Failure (Westpac)

No

Table 10.2 (continued)

Stage 2 15.3

Stage 2 15.3

Stage 2 15.3

Stage 2 15.3

−7/87.50

−7/87.50

−7/87.50

−7/87.50

WBCComp STVRRiskAdjustEfficacy (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) WBCComp STVRRiskAdjustReportAgg (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) WBCComp STVRRiskAdjustReportReason (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

Section Ref. (Relational Effect Path in bold)

WBCComp STVRRiskAdjustDiscretionRare (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

406 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1260. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments Reviewed by Risk and Compliance and HR Functions – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac) 1261. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments for Senior Management – Metricated Scorecard with Percentage Weightings – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac) 1262. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments for Senior Management – Metricated Scorecard with Percentage Weightings – 2018 Modification for “Reputation and Risk” Component (but subject to insufficient granularity at the specific activity level) - Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac) 1263. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments for Senior Management – Metricated Scorecard with Percentage Weightings – Risk Weighting Subject to Maximum of 10% Allows High Percentage of Target Incentive Achieved for Poor Risk Behaviours and Low Risk Management Score – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (Westpac) Stage 2 15.3

−7/87.50

WBCComp STVRRiskAdjustScoreMetric10%Max (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

(continued)

Stage 2 15.3

Stage 2 15.3

+7/87.50

+7/87.50

Stage 2 15.3

+7/87.50

WBCComp STVRRiskAdjustScoreMetricRisk& Rep (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

WBCComp STVRRiskAdjustReview (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) WBCComp STVRRiskAdjustScoreMetric (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 407

Governance variable and description and source

1268. Banks – WBCCultCare – Caring Culture – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac)

1264. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments for Employees Below GM – Variation Between Divisions with Specificity/Clarity of Criteria – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (Westpac) 1265. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Gates for Eligibility Criteria – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac) 1266. Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Division-Level Risk Gate Closure Reviewed by Risk and Compliance and HR Functions – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac) 1267. Banks – WBCComp – Compensation/Remuneration Committee – STVR Subject to Risk Gates and Risk Adjustments – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac)

No

Table 10.2 (continued)

+7/87.50

+7/87.50

Stage 2 31.12

Stage 2 15.1

Stage 2 15.2

+7/87.50

WBCComp STVRRiskGates&RiskAdj (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) WBCCultCare (+) [BrdSkills] (+)

Stage 2 15.2

+7/87.50

WBCComp STVRRiskGates (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) WBCComp STVRRiskGateCloseReview (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

Stage 2 15.3

−7/87.50

Section Ref. (Relational Effect Path in bold)

WBCComp STVRRiskAdjustVariation (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

408 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1273. Banks – WBCCultComplete – Benefits in Completeness or “Maximalism” in Approach to Work – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac) 1274. Banks – WBCCultComplete – Acceptance and Perpetuation of Complexity – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac)

1272. Banks – WBCCultCollab – Overcollaboration – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac)

1270. Banks – WBCCultCollab – Collaboration – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac) 1271. Banks – WBCCultCollab – Collaboration between Risk Function and Businesses – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac)

1269. Banks – WBCCultCare – Caring and Relationship Downsides – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac)

WBCCultComplete ComplexAccept (−) [BrdSkills] (+) in the negative direction

WBCCultCollab LackRisk&Bus (−) [BrdSkills] (+) in the negative direction WBCCultCollab Over (−) [BrdSkills] (+) in the negative direction WBCCultComplete Benefits (+) [BrdSkills] (+)

WBCCultCare &RelationDownsides (−) [BrdSkills] (+) in the negative direction WBCCultCollab (+) [BrdSkills] (+)

(continued)

Stage 2 31.14

−7/87.50

Stage 2 31.12

−7/87.50

Stage 2 31.14

Stage 2 31.12

−7/87.50

+7/87.50

Stage 2 31.12

Stage 2 31.12

+7/87.50

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 409

Governance variable and description and source

1279. Banks – WBCCultConcept – Preferring Process Over Outcomes – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac)

1277. Banks – WBCCultConcept – Conceptualising Frameworks and Policies Over Rigorous Execution to bring Conceptual Products to Fruition – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1278. Banks – WBCCultConcept – Drivers of Conceptualisation – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac)

1275. Banks – WBCCultComplete – Drivers of Completeness or “Maximalism” in Approach to Work – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1276. Banks – WBCCultComplete – Completeness or “Maximalism” in Approach to Work – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac)

No

Table 10.2 (continued)

WBCCultComplete Drivers (−) [BrdSkills] (+) in the negative direction WBCCultComplete Max (−) [BrdSkills] (+) in the negative direction WBCCultConcept Proc (−) [BrdSkills] (+) in the negative direction WBCCultConcept ProcDrivers (−) [BrdSkills] (+) in the negative direction WBCCultConcept ProcOut (−) [BrdSkills] (+) in the negative direction

Stage 2 31.14

Stage 2 31.14

Stage 2 31.17

Stage 2 31.17

Stage 2 31.17

−7/87.50

−7/87.50

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

410 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1285.

1284.

1283.

1282.

1281.

WBCCultConcept ProcOutDrivers (−) [BrdSkills] (+) in the negative direction Banks – WBCCultLearn –- Mechanisms and Programs for Employee WBCCultLearn Learning – Enhancement in Risk Management and Internal Mech&Prog Monitoring Effect – Enhancement in Quality of Decision-making (+) (Westpac) [BrdSkills] (+) Banks – WBCCultLearn –- Drivers Influencing the Levels of WBCCultLearn Learning and Reflection – Reduction in Risk Management and &ReflectDrivers Internal Monitoring Effect – Reduction in Quality of (−) Decision-making [BrdSkills] (+) (Westpac) in the negative direction Banks – WBCCultLearn –- Learning and Reflection Not Embedded WBCCultLearn in Day-to-Day Activities of Employees – Reduction in Risk &ReflectEmbed Management and Internal Monitoring Effect – Reduction in Quality (−) of Decision-making [BrdSkills] (+) (Westpac) in the negative direction Banks – WBCCultLearn –- Learning and Reflection Not Embedded WBCCultLearn at Institutional Level – Reduction in Risk Management and Internal &ReflectInstitLevel Monitoring Effect – Reduction in Quality of Decision-making (−) (Westpac) [BrdSkills] (+) in the negative direction Banks – WBCCultNFR – Non-Financial Risk Awareness by Board WBCCultNFR and Executive Team (High) – Enhancement in Risk Management AwareBrd&ET and Internal Monitoring Effect – Enhancement in Quality of (+) Decision-making [BrdSkills] (+) (Westpac)

1280. Banks – WBCCultConcept – Drivers of Preferring Process Over Outcomes – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac)

Stage 2 31.18

Stage 2 31.18

−7/87.50

−7/87.50

(continued)

Stage 2 31.11

Stage 2 31.18

−7/87.50

+7/87.50

Stage 2 31.18

Stage 2 31.17

+7/87.50

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 411

1290.

1289.

1288.

1287.

Stage 2 31.11

Stage 2 31.11

Stage 2 31.11

Stage 2 31.15

Stage 2 31.15

−7/87.50

−7/87.50

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

WBCCultNFR Aware&CapabilityFactors (−) [BrdSkills] (+) in the negative direction Banks – WBCCultNFR – Non-Financial Risk Awareness by GMs WBCCultNFR and GM-1s Materially Inconsistent – Reduction in Risk Management AwareGM&GM-1 and Internal Monitoring Effect – Reduction in Quality of (−) Decision-making [BrdSkills] (+) (Westpac) in the negative direction Banks – WBCCultNFR – Non-Financial Risk Capability at Lower WBCCultNFR Confidence – Reduction in Risk Management and Internal Capability Monitoring Effect – Reduction in Quality of Decision-making (−) (Westpac) [BrdSkills] (+) in the negative direction Banks – WBCCultNoChall – Challenge Culture/Environment Failure WBCCultNoChall in Some Parts of Bank – Drivers – Reduction in Risk Management Drivers and Internal Monitoring Effect – Reduction in Quality of (−) Decision-making [BrdSkills] (+) (Westpac) in the negative direction Banks – WBCCultNoChall – Challenge Culture/Environment Failure WBCCultNoChall in Some Parts of Bank – Reduction in Risk Management and Fail Internal Monitoring Effect – Reduction in Quality of (−) Decision-making [BrdSkills] (+) (Westpac) in the negative direction

Governance variable and description and source

1286. Banks – WBCCultNFR – Non-Financial Risk Awareness and Capability Factors – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac)

No

Table 10.2 (continued)

412 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

WBCCultNoChall RedSpeakUp (−) [BrdSkills] (+) in the negative direction WBCCultOwn EmpowerDefaultCollective (−) [BrdSkills] (+) in the negative direction WBCCultOwn EmpowerDrivers (−) [BrdSkills] (+) in the negative direction WBCCultOwn PersonalDrivers (−) [BrdSkills] (+) in the negative direction 1295. Banks – WBCCultPriority – Prioritising, Making Decisions and WBCCultPriority Saying “No” – Low Expectation that Leaders Can Prioritise or Make (−) Trade-offs – Reduction in Risk Management and Internal Monitoring [BrdSkills] (+) Effect – Reduction in Quality of Decision-making in the negative direction (Westpac) 1296. Banks – WBCCultPriority – Drivers of Prioritising, Making WBCCultPriority Decisions and Saying “No” – Reduction in Risk Management and Drivers Internal Monitoring Effect – Reduction in Quality of (−) Decision-making [BrdSkills] (+) (Westpac) in the negative direction

1291. Banks – WBCCultNoChall – “Red” Risk Appetite Dashboard for Speak-Up – Employee Fear to “Call Out” Issues, Risks and Concerns – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1292. Banks – WBCCultOwn – Lack of Empowerment Resulting in Default to Collective Decision-making – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1293. Banks – WBCCultOwn – Lack of Empowerment Outcomes and Drivers Resulting in Difficulty in Delivering Optimal Service – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1294. Banks – WBCCultOwn – Insufficient Personal Ownership Drivers – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) Stage 2 31.13

Stage 2 31.13

Stage 2 31.13

Stage 2 31.16

Stage 2 31.16

−7/87.50

−7/87.50

−7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 31.15

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 413

Governance variable and description and source

1297. Banks – WBCCultPriority – Prioritising, Making Decisions and Saying “No” – Prioritisation Issues in Risk Management Function – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1298. Banks – WBCCultRelation – Relationships Integral to Risk Matters – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac) 1299. Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac) 1300. Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Values Not Translated to Business Units and Senior Management – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1301. Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Core Values of Integrity, Service, One Team, Courage and Achievement Well-Communicated – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac)

No

Table 10.2 (continued)

WBCCultTopClear BUs&SMan (−) [BrdSkills] (+) in the negative direction WBCCultTopClear CoreValues (+) [BrdSkills] (+)

WBCCultPriority RiskMan (−) [BrdSkills] (+) in the negative direction WBCCultRelation &Risk (+) [BrdSkills] (+) WBCCultTopClear (+) [BrdSkills] (+)

Stage 2 31.16

Stage 2 31.12

Stage 2 31.10

Stage 2 31.10

Stage 2 31.10

+7/87.50

+7/87.50

−7/87.50

+7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

414 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1302. Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Core Values of Integrity, Service, One Team, Courage and Achievement – Achievement linked to Productivity and Cost Reduction – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1303. Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Core Values of Integrity, Service, One Team, Courage and Achievement – Courage Not Sufficiently Ingrained – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1304. Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Core Values of Integrity, Service, One Team, Courage and Achievement – Integrity (the ‘Right Thing’) Strongly Embedded for Customers, Bank and Colleagues – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac) 1305. Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Core Values of Integrity, Service, One Team, Courage and Achievement Not Put into Practice – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1306. Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Core Values of Integrity, Service, One Team, Courage and Achievement – Service and One Team Not Sufficiently Ingrained – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) Stage 2 31.10

Stage 2 31.10

Stage 2 31.10

Stage 2 31.10

−7/87.50

+7/87.50

−7/87.50

−7/87.50

WBCCultTopClear CoreValuesCourage (−) [BrdSkills] (+) in the negative direction WBCCultTopClear CoreValuesIntegrity (+) [BrdSkills] (+)

WBCCultTopClear CoreValuesPract (−) [BrdSkills] (+) in the negative direction WBCCultTopClear CoreValuesServiceOneTeam (−) [BrdSkills] (+) in the negative direction

(continued)

Stage 2 31.10

−7/87.50

WBCCultTopClear CoreValuesAchievement (−) [BrdSkills] (+) in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 415

Governance variable and description and source

1307. Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – GM-1 Drawbacks in Practice – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1308. Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – GM-2 Drawbacks in Practice – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1309. Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Strong GM-1 Experts and Role Models – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac) 1310. Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – GM Bottlenecks to Decision-making, Managing and Filtering Upward Messaging – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1311. Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Strong Intent and Tone from the Top – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac)

No

Table 10.2 (continued)

Stage 2 31.10

Stage 2 31.10

+7/87.50

−7/87.50

+7/87.50

WBCCultTopClear GMBottleneck (−) [BrdSkills] (+) in the negative direction WBCCultTopClear Intent&ToneTop (+) [BrdSkills] (+)

Stage 2 31.10

Stage 2 31.10

−7/87.50

WBCCultTopClear GM-1Drawbacks (−) [BrdSkills] (+) in the negative direction WBCCultTopClear GM-2Drawbacks (−) [BrdSkills] (+) in the negative direction WBCCultTopClear GM-1Expert&RoleModels (+) [BrdSkills] (+)

Stage 2 31.10

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

416 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1312. Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Comfort to Speak up and Challenge Inconsistent within Executive Team – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1313. Banks – WBCCustRedFlag – Enhancements to Customer Complaint Reporting – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1314. Banks –WBCCustRedFlag – Westpac Group Complaints Management Policy for Process of Handling Customer Complaints – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1315. Banks – WBCCustRedFlag – Complex Complaints Referred to Customer Solutions Team – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1316. Banks – WBCCustRedFlag – Escalation to Westpac Customer Advocate – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1317. Banks – WBCCustRedFlag – No Consultation with Compliance or Operational Risk when Assessing Customer Complaints – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) Stage 2 45.11

−8/100.00

(continued)

Stage 2 45.11

+8/100.00

WBCCustRedFlag EscalCustAdvo (+) [TransTimeMon] (+) WBCCustRedFlag FailCompOpRiskAssess (−) [TransTimeMon] (+) in the negative direction

Stage 2 45.11

+8/100.00

Stage 2 45.11

Stage 2 45.11

+8/100.00

+8/100.00

Stage 2 31.10

−7/87.50

WBCCustRedFlag CustSolnsTeam (+) [TransTimeMon] (+)

WBCCultTopClear SpeakUp&ChallengeET (−) [BrdSkills] (+) in the negative direction WBCCustRedFlag ComplaintsEnhance (+) [TransTimeMon] (+) WBCCustRedFlag ComplaintsManPol (+) [TransTimeMon] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 417

Governance variable and description and source

1322. Banks – WBCCustRedFlag –- Failure to Identify Vulnerable Customers – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac)

1318. Banks –WBCCustRedFlag – No Recording in Customer Complaints Dashboard of Other Long-dated Complaints Matters Carrying Conduct and Reputation Risk – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1319. Banks –WBCCustRedFlag – No Recording of Customer Complaints or Issues Directly in Group Executive Scorecards – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1320. Banks –WBCCustRedFlag – No Recording of Customer Complaints Resolved Within 5 Business Days – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1321. Banks –WBCCustRedFlag – Systemic Customer Complaints Not Reported – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac)

No

Table 10.2 (continued)

Stage 2 45.11

Stage 2 45.11

Stage 2 45.11

Stage 2 45.11

Stage 2 45.11

−8/100.00

−8/100.00

−8/100.00

−8/100.00

−8/100.00

WBCCustRedFlag FailExecScore (−) [TransTimeMon] (+) in the negative direction WBCCustRedFlag FailNo5DaysReport (−) [TransTimeMon] (+) in the negative direction WBCCustRedFlag FailNoSystReport (−) [TransTimeMon] (+) in the negative direction WBCCustRedFlag FailVulnCusts (−) [TransTimeMon] (+) in the negative direction

Section Ref. (Relational Effect Path in bold)

WBCCustRedFlag FailCond&RepRisk (−) [TransTimeMon] (+) in the negative direction

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

418 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1323. Banks – WBCCustRedFlag – Westpac Group Complaints Management Standard for Handling Customer Complaints – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1324. Banks – WBCCustRedFlag – Initiatives to Enhance Identification of Vulnerable Customers – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1325. Banks – WBCCustRedFlag –- Transitioning of Life and General Insurance Complaints from BT Financial Group to Customer & Corporate Relations Division – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1326. Banks – WBCETRISKCO – Oversight of Executive Team – Oversight of Group-Wide Risk through RISKCO – RISKCO Overseen by BRC – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (Westpac) 1327. Banks – WBCETRISKCO – Oversight of Executive Team – Oversight of Group-Wide Risk through RISKCO – RISKCO Risk and Compliance Reporting Consistent with BRC – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (Westpac) +8/100.00

+8/100.00

+8/100.00

+8/100.00

+8/100.00

WBCCustRedFlag GrpComplaintsManStnd (+) [TransTimeMon] (+) WBCCustRedFlag IDVulnCusts (+) [TransTimeMon] (+) WBCCustRedFlag Life&GenInsCCR (+) [TransTimeMon] (+)

WBCETRISKCO BRCOsight (+) [TransTimeMon] (+)

WBCETRISKCO BRCRiskReport (+) [TransTimeMon] (+)

(continued)

Stage 2 30.8

Stage 2 30.8

Stage 2 45.11

Stage 2 45.11

Stage 2 45.11

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 419

Governance variable and description and source

1328. Banks – WBCETRISKCO – Oversight of Executive Team – Oversight of Group-Wide Risk Through RISKCO – Within Board-approved Risk Appetite – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (Westpac) 1329. Banks – WBCETRISKCO – Oversight of Executive Team – Oversight of Group-Wide Risk Through RISKCO – Composition Includes all Group Executives – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (Westpac) 1330. Banks – WBCETRISKCO – Oversight of Executive Team – Oversight of Group-Wide Risk through RISKCO – Oversight of All Material Risks – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (Westpac) 1331. Banks – WBCETRISKCO – Oversight of Executive Team – Oversight of Group-Wide Risk through RISKCO – RISKCO Sub-committees – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (Westpac)

No

Table 10.2 (continued)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

WBCETRISKCO BrdRiskApp (+) [TransTimeMon] (+)

WBCETRISKCO GroupExecs (+) [TransTimeMon] (+)

WBCETRISKCO MatRisks (+) [TransTimeMon] (+)

WBCETRISKCO SubCms (+) [TransTimeMon] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 30.8

Stage 2 30.8

Stage 2 30.8

Stage 2 30.8

Section Ref. (Relational Effect Path in bold)

420 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1332. Banks – WBCET – Oversight of Executive Team – Functioning of Executive Team – Comprising CEO and Group Executives – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (Westpac) 1333. Banks – WBCExecTeam – Oversight of Executive Team – Functioning of Executive Team – Level of Challenge Amongst Executive Team Members – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (Westpac) 1334. Banks – WBCExecTeam – Oversight of Executive Team – Functioning of Executive Team – “Remnants of Good News Culture” Amongst Executive Team Members – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1335. Banks – WBCExecTeam – Oversight of Executive Team – Functioning of Executive Team – Increased Focus – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (Westpac) Stage 2 30.8

Stage 2 30.8

−8/100.00

−8/100.00

+8/100.00

WBCExecTeam Challenge (−) [TransTimeMon] (+) in the negative direction

WBCExecTeam GoodNewsCult (−) [TransTimeMon] (+) in the negative direction

WBCExecTeam IncreasedFocus (+) [TransTimeMon] (+)

(continued)

Stage 2 30.8

Stage 2 30.8

+8/100.00

WBCExecTeam CEOGroupExecs (+) [TransTimeMon] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 421

Governance variable and description and source

1336. Banks – WBCExecTeam – Oversight of Executive Team – Functioning of Executive Team – Executive Committee Discussions Concluded for Bilateral Challenge Offline – Dual Direction in Information Flow – Dual Direction in Quality of Risk Management and Internal Monitoring and Decision-making – Dual Direction in Quality of Accountability/Responsibility (Westpac) 1337. Banks – WBCFailAllocateInvest – Financial Prioritisation – Investment Allocation Decisions – Enterprise Investment Pool (EIP) – Failure to Identify Non-financial Risks Inherent in Initiative or if Initiative Does Not Proceed – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1338. Banks – WBCFailInvest – Financial Prioritisation – Business Acquisition on Assumption Risk and Compliance Matters Could be Resolved During Integration – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1339. Banks – WBCFailInvest – Financial Prioritisation – Funding Decisions without Full Understanding of Risk and Compliance Issues – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac)

No

Table 10.2 (continued)

Stage 2 30.8

Stage 2 29.9

Stage 2 29.9

Stage 2 29.9

+/−8/100.00

−7/87.50

−7/87.50

−7/87.50

WBCFailAllocateInvest EIPNFRs (−) [BrdSkills] (+) in the negative direction WBCFailInvest AcquisitionRisk&Comply (−) [BrdSkills] (+) in the negative direction WBCFailInvest FundingRisk&Comply (−) [BrdSkills] (+) in the negative direction

Section Ref. (Relational Effect Path in bold)

WBCExecTeam OffLineConverse (+/−) [TransTimeMon] (+) in the dual direction

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

422 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1340. Banks – WBCFinPriority – Financial Prioritisation – Financial Prioritisation Over Risk – Governance Committee to Scrutinise Project-delivered Initiatives endorsed by Executive Team and Approved by the Board – Enterprise Portfolio Oversight Committee Considers Non-Regulatory Change Initiatives – Group Executives Delegating Attendance to Divisional CFOs – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1341. Banks – WBCFinPriority – Financial Prioritisation – Financial Prioritisation Over Risk – Influence of Finance and HR Functions Over Business Units – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1342. Banks – WBCFinPriority – Financial Prioritisation – Financial Prioritisation Over Risk – Consideration of Financial and Nonfinancial Risks including on Customer and Market – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1343. Banks – WBCFinPriority – Financial Prioritisation – Financial Prioritisation Over Risk – Lack of Robust Approach to Non-financial Risks – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1344. Banks – WBCFinPriority – Financial Prioritisation – Financial Prioritisation Over Risk – Standing and Authority of Operational Risk and Compliance Functions Not Elevated – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) Stage 2 29.9

Stage 2 29.9

Stage 2 29.9

+7/87.50

−7/87.50

−7/87.50

(continued)

Stage 2 29.9

−7/87.50

WBCFinPriority Fin&HRInfluence (−) [BrdSkills] (+) in the negative direction WBCFinPriority Fin&NFRsCustMkt (+) [BrdSkills] (+) WBCFinPriority NFRsFailRobustApproach (−) [BrdSkills] (+) in the negative direction WBCFinPriority OpRisk&ComplyLowStand (−) [BrdSkills] (+) in the negative direction

Stage 2 29.9

−7/87.50

WBCFinPriority EPOCDelegateCFO (−) [BrdSkills] (+) in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 423

Governance variable and description and source

1345. Banks – Westpac – Issue and Incident Management – Issue Escalation – Assessment of Incident of Breach of Compliance Obligations and Significance by Staff without Adequate Compliance or Operational Risk Knowledge – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1346. Banks – Westpac – Issue and Incident Management – Issue Escalation – Compliance Obligation in JUNO Not Linked to Control – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1347. Banks – Westpac – Issue and Incident Management – Issue Identification by Staff – Issues Logged in JUNO System by Line 1 – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1348. Banks – Westpac – Issue and Incident Management – Issue Reporting – JUNO System Requires Employee to Manually Add Stakeholder to be Notified – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac)

No

Table 10.2 (continued)

Stage 2 45.10

Stage 2 45.10

Stage 2 45.10

−8/100.00

+8/100.00

−8/100.00

WBCIssueMan ComplyObNoControlLink (−) [TransTimeMon] (+) in the negative direction WBCIssueMan IssuesLogJUNO (+) [TransTimeMon] (+) WBCIssueMan JUNOSystManualStakeholder (−) [TransTimeMon] (+) in the negative direction

Stage 2 45.10

−8/100.00

Section Ref. (Relational Effect Path in bold)

WBCIssueMan AssessBreach&SignifError (−) [TransTimeMon] (+) in the negative direction

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

424 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1349. Banks – Westpac – Issue and Incident Management – Issue Identification by Staff – Line 1 Speak-Up Culture – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1350. Banks – Westpac – Issue and Incident Management – Systemic Issue Identification – Systemic Issues Require Manual Aggregation of Data – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1351. Banks – Westpac – Issue and Incident Management – Issue Identification by Staff – Failure to Report Break-down of New Issues by LOD – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1352. Banks – Westpac – Issue and Incident Management – Issue Reporting – Lack of Formal Requirements in Issue Frameworks/ Policies to Report High-Rated Issues and Near Misses to RISKCO and BRC – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1353. Banks – Westpac – Issue and Incident Management – Issue Reporting – No Mechanism to Report Near-misses to RISKCO and BRC – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1354. Banks – Westpac – Issue and Incident Management – Issue Resolution and Closure – Open Issues which are Extended more than Once – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) Stage 2 45.10

Stage 2 45.10

Stage 2 45.10

Stage 2 45.10

−8/100.00

−8/100.00

−8/100.00

−8/100.00

(continued)

Stage 2 45.10

−8/100.00

WBCIssueMan ManualAggData (−) [TransTimeMon] (+) in the negative direction WBCIssueMan NewIssuesReportByLOD (−) [TransTimeMon] (+) in the negative direction WBCIssueMan NoFormalReportPolsHighRatedIss (−) [TransTimeMon] (+) in the negative direction WBCIssueMan NoReportNearMiss (−) [TransTimeMon] (+) in the negative direction WBCIssueMan OpenIssuesExtend>1 (−) [TransTimeMon] (+) in the negative direction

Stage 2 45.10

+8/100.00

WBCIssueMan Line1SpeakUpCult (+) [TransTimeMon] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 425

Governance variable and description and source

1355. Banks – Westpac – Issue and Incident Management – Issue Resolution and Closure – Open Issues which are Extended – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1356. Banks – Westpac – Issue and Incident Management – Issue Resolution and Closure – Factors Why Open Issues Identified by Line 1 Not Effectively Closed – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1357. Banks – Westpac – Issue and Incident Management – Issue Resolution and Closure – Open Issues which are Long-standing – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1358. Banks – Westpac – Issue and Incident Management – Issue Resolution and Closure – Open Issues Identified by Line 1 Not Effectively Closed – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1359. Banks – Westpac – Issue and Incident Management – Issue Resolution and Closure – Program Development – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac)

No

Table 10.2 (continued)

WBCIssueMan OpenIssuesLT (−) [TransTimeMon] (+) in the negative direction WBCIssueMan OpenIssesNotClosed (−) [TransTimeMon] (+) in the negative direction WBCIssueMan OpenIssuesProg (+) [TransTimeMon] (+)

WBCIssueMan OpenIssuesExtended (−) [TransTimeMon] (+) in the negative direction WBCIssueMan OpenIssesFactors (−) [TransTimeMon] (+) in the negative direction

Stage 2 45.10

Stage 2 45.10

Stage 2 45.10

Stage 2 45.10

Stage 2 45.10

−8/100.00

−8/100.00

−8/100.00

+8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

426 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1360. Banks – Westpac – Issue and Incident Management – Issue Identification by Staff – Remuneration Reward for Positive Risk Behaviour by Identifying and Preventing an Issue – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1361. Banks – Westpac – Issue and Incident Management – Issue Identification by Staff – Line 1 Speak-Up Culture – Regular Reporting of Issues to Senior Management and BRC by Theme and Division – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1362. Banks – Westpac – Issue and Incident Management – Issue Identification by Staff – Line 1 Speak-Up Culture – “Safe to Speak-Up Metric” on Group Risk Appetite Dashboard – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1363. Banks – Westpac – Issue and Incident Management – Issue Identification by Staff – Line 1 Speak-Up Culture – Mechanisms to Test and Report Speak-Up Culture – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1364. Banks – WBCNonRem – Non-Remuneration Consequence Management – No Definition of Accountability or Accountability Distinguished from Responsibility – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (Westpac) Stage 2 45.10

Stage 2 15.9

+8/100.00

+8/100.00

−7/87.50

WBCIssueMan SpeakUpCultDashMetric (+) [TransTimeMon] (+)

WBCIssueMan SpeakUpCultTest&Report (+) [TransTimeMon] (+)

WBCNonRemConseqMan AccDefn (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

(continued)

Stage 2 45.10

Stage 2 45.10

+8/100.00

WBCIssueMan ReportSnrMan&BRC (+) [TransTimeMon] (+)

Stage 2 45.10

+8/100.00

WBCIssueMan RemRewardPosRiskBehave (+) [TransTimeMon] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 427

Stage 2 15.9

Stage 2 15.9

Stage 2 15.8

Stage 2 15.8

+7/87.50

+7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

WBCNonRemConseqMan AccDiffuseFactors (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−) 1366. Banks – WBCNonRem – Non-Remuneration Consequence WBCNonRemConseqMan Management – Articulation of Accountability for Directors, Group BEARAcc Executives and GMs under the BEAR – Enhancement of Level of (+) Risk-Taking in Alignment with Shareholders [EqOptRiskAlignHighEnd] (+) (Westpac) identical to [EqOptIncent] (+) 1367. Banks – WBCNonRem – Non-Remuneration Consequence WBCNonRemConseqMan Management - Outcomes for Employees below GM-1 – Examples of Behaviours Unacceptable Behaviours and Associated Consequences – (+) Enhancement of Level of Risk-Taking in Alignment with [EqOptRiskAlignHighEnd] (+) Shareholders identical to [EqOptIncent] (+) (Westpac) 1368. Banks – WBCNonRem – Non-Remuneration Consequence WBCNonRemConseqMan Management - Outcomes for Employees below GM-1 – Failure to FailGrpWideReview Have Group-Wide Process to Review Outcomes for Consistency – (−) Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure [EqOptRiskFailHighEnd] (−) (Westpac) identical to [EqOptEntrch] (−)

Governance variable and description and source

1365. Banks – WBCNonRem – Non-Remuneration Consequence Management – Factors Affecting Diffusion of Accountability – RiskTaking in Excess of Risk Appetite – Likelihood of Bank Failure (Westpac)

No

Table 10.2 (continued)

428 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1369. Banks – WBCNonRem – Non-Remuneration Consequence Management – Outcomes for Employees at GM and GM-1 Levels – Failure to Have Group-Wide Process to Review Outcomes for Consistency – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (Westpac) 1370. Banks – WBCNonRem – Non-Remuneration Consequence Management – Group Consequence Management Framework – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac) 1371. Banks – WBCNonRem – Non-Remuneration Consequence Management – Pre-2018 Misconduct and Disciplinary Policy – Insufficient Guidance on Outcomes for Different Types of Misconduct – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (Westpac) 1372. Banks – WBCNonRem – Non-Remuneration Consequence Management – Supplementary Frameworks for Consumer Bank, Business Bank, BTFG and Specific Behaviours – Problem of Navigating Multiple Frameworks with Inconsistent Outcomes Across Divisions – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (Westpac) 1373. Banks – WBCNonRem – Non-Remuneration Consequence Management – Outcomes for Employees below GM-1 – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac) Stage 2 15.9

Stage 2 15.9

−7/87.50

−7/87.50

+7/87.50

WBCNonRemConseqMan SuppMultiFrames (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

WBCNonRemConseqMan Types (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+)

(continued)

Stage 2 15.8

Stage 2 15.9

+7/87.50

WBCNonRemConseqMan GrpFrame (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) WBCNonRemConseqMan Miscond&Discip (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

Stage 2 15.8

−7/87.50

WBCNonRemConseqMan FailGrpWideReviewGM&GM-1 (−) [EqOptRiskFailHighEnd] (−) identical to [EqOptEntrch] (−)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 429

Governance variable and description and source

1374. Banks – WBCNonRem – Non-Remuneration Consequence Management - Outcomes for Employees at GM and GM-1 Levels – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Westpac) 1375. Banks – WBCProjectDel – Financial Prioritisation – Project Delivery – Pressure to Adhere to Initial Cost Estimates at High Level – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1376. Banks – WBCProjectDel – Financial Prioritisation – Project Delivery – Project Steering Committee Established to Oversee Initiative – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1377. Banks – Board - WBCRegRedFlag – Issues Identified by Regulators and External Parties – Issues Identified by Regulator Extended More than Employee-identified Issues – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1378. Banks – Board -WBCRegRedFlag – Issues Identified by Regulators and External Parties – Issues Identified by Regulator Given Highest Priority - Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac)

No

Table 10.2 (continued)

Stage 2 29.9

Stage 2 29.9

Stage 2 45.12

−7/87.50

+7/87.50

−8/100.00

+8/100.00

WBCRegRedFlag RegIssueExtend (−) [TransTimeMon] (+) in the negative direction WBCRegRedFlag RegResponseHigh (+) [TransTimeMon] (+)

Stage 2 45.12

Stage 2 15.8

Section Ref. (Relational Effect Path in bold)

+7/87.50

WBCNonRemConseqMan TypesGM&GM-1 (+) [EqOptRiskAlignHighEnd] (+) identical to [EqOptIncent] (+) WBCProjectDel InitialCostPressure (−) [BrdSkills] (+) in the negative direction WBCProjectDel ProjSteerCm (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

430 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1379. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Insufficient Emphasis by 2nd Line on Training and Consultation in Developing Group-Wide Policies – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1380. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Conduct Risk Management – Conduct Risk Standing Agenda Item for Divisional Risk Committees – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (Westpac) 1381. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Conduct Risk Management – Conduct Framework for Managing Risk of Misconduct Not Yet Ingrained in Practice – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1382. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Conduct Risk Management – Conduct Risk Incorporated into HR Frameworks – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (Westpac) Stage 2 50.2

−8/100.00

+8/100.00

WBCRiskManSecLine CondRiskFrame (−) [TransTimeMon] (+) in the negative direction

WBCRiskManSecLine CondRiskHR (+) [TransTimeMon] (+)

(continued)

Stage 2 50.2

Stage 2 50.2

+8/100.00

WBCRiskManSecLine CondRiskAgenda (+) [TransTimeMon] (+)

Stage 2 50.3

−8/100.00

WBCRiskManSecLine ChangeManageGrp-WidePols (−) [TransTimeMon] (+) in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 431

Governance variable and description and source

1383. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Conduct Risk Management – Design and Implement Conduct Risk Program – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (Westpac) 1384. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Conduct Risk Management – Conduct Risk Education and Training Across 3 LOD – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decisionmaking – Enhancement in Quality of Accountability/Responsibility (Westpac) 1385. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Conduct Risk Management – Conduct Risk Workshops to Identify Specific Conduct Risks with Line 1 Facilitated by Line 2 – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (Westpac)

No

Table 10.2 (continued)

+8/100.00

+8/100.00

+8/100.00

WBCRiskManSecLine CondRiskProg (+) [TransTimeMon] (+)

WBCRiskManSecLine CondRiskTrain (+) [TransTimeMon] (+)

WBCRiskManSecLine CondRiskWorkshops (+) [TransTimeMon] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 50.2

Stage 2 50.2

Stage 2 50.2

Section Ref. (Relational Effect Path in bold)

432 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1386. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Division-specific Processes and Controls on Disparate Set of IT Systems – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1387. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Group-wide Risk Policies Overlapping Division Policies and Processes – Reduction in Ability to Aggregate Risks Group-wide – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1388. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Complexity from Multiple System Use and Multiple Overlapping Systems/Processes – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1389. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Failure to Follow Systematic and User-Centric Approach in Design, Implementation and Communication of Policies – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) Stage 2 50.3

Stage 2 50.3

Stage 2 50.3

−8/100.00

−8/100.00

−8/100.00

WBCRiskManSecLine DivGrp-WidePolicy (−) [TransTimeMon] (+) in the negative direction

WBCRiskManSecLine DivMulti-Syst (−) [TransTimeMon] (+) in the negative direction

WBCRiskManSecLine FailSyst&UserApproach (−) [TransTimeMon] (+) in the negative direction

(continued)

Stage 2 50.3

−8/100.00

WBCRiskManSecLine DivDisparateITSyst (−) [TransTimeMon] (+) in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 433

Governance variable and description and source

1390. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Compliance and Conduct Risks – Use of Lagging/Retrospective Measures for Changes in Risk – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1391. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Reputation Risk Management – Reputation Risk Management Framework to Identify, Assess and Escalate Reputation Risks – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (Westpac) 1392. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Reputation Risk Management – Reputation Risk Management Framework to Be Rolled Out Across 3 LOD to Clarify Roles and Responsibilities to Identify, Assess, Manage and Escalate Reputation Risks from Underlying Non-financial Risks – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (Westpac)

No

Table 10.2 (continued)

−8/100.00

+8/100.00

+8/100.00

WBCRiskManSecLine LaggingMeas (−) [TransTimeMon] (+) in the negative direction

WBCRiskManSecLine ReputRiskFrame (+) [TransTimeMon] (+)

WBCRiskManSecLine ReputRiskRoles&RespsNFRs (+) [TransTimeMon] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 50.2

Stage 2 50.2

Stage 2 50.1

Section Ref. (Relational Effect Path in bold)

434 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1393. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Compliance and Conduct Risk – Failings to Specify Appetite for Each Compliance and Conduct Risk – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility (Westpac) 1394. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Compliance and Conduct Risks – Failings to Specify Measures and Metrics of Each Specific Compliance and Conduct Risk – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (Westpac) 1395. Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Operational Risk – Failings to Sufficiently Specify Appetite of Specific Operational Risks – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility (Westpac) 1396. Banks –2nd Line Risk Management Function – Gaps in Compliance Key Risk Issues Report – New and Emerging Risks or Changes to Materiality Level of Existing Risks – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) Stage 2 50.1

Stage 2 50.1

Stage 2 45.1

−8/100.00

−8/100.00

−8/100.00

WBCRiskManSecLine SpecificMeas&Metrics (−) [TransTimeMon] (+) in the negative direction

WBCRiskManSecLine SpecificOpRiskApp (−) [TransTimeMon] (+) in the negative direction

WBCSecLine KeyRiskIssuesGap (−) [TransTimeMon] (+) in the negative direction

(continued)

Stage 2 50.1

−8/100.00

WBCRiskManSecLine SpecificComplyCondRiskApp (−) [TransTimeMon] (+) in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 435

Governance variable and description and source

1397. Banks – 2nd Line Risk Management Function – No Additional Test for Compliance Employees Outside Assurance Testing – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1398. Banks – 2nd Line Risk Management Function – Perception of Lower Skills and Capabilities of 2nd Line Staff affecting Stature, Standing and Authority to Challenge Line 1 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1399. Banks – 2nd Line Risk Management Function – Process to Regularly Review, Assess and Test Controls – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac)

No

Table 10.2 (continued)

Stage 2 45.1

−7/87.50

+8/100.00

WBCSecLine PerceiveStature (−) [BrdSkills] (+) in the negative direction WBCSecLine ReviewAssessTestConts (+) [TransTimeMon] (+)

Stage 2 45.1

Stage 2 45.1

−8/100.00

Section Ref. (Relational Effect Path in bold)

WBCSecLine NoAdditionTestComply (−) [TransTimeMon] (+) in the negative direction

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

436 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1400. Banks – 2nd Line Risk Management Function – Common Risk and Control Language – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (Westpac) 1401. Banks – 2nd Line Risk Management Function – Common Risk and Control Language Across Bank but Business Units can Tailor Their Own Controls and Identifiers – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1402. Banks – 2nd Line Risk Management Function – Common Risk and Control Language Across Bank but Not All Controls Linked to Compliance Obligations – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1403. Banks – 2nd Line Risk Management Function – Common Risk and Control Language for Operational Risk Lacking Sufficient Granularity – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) Stage 2 45.1

Stage 2 45.1

Stage 2 45.1

−8/100.00

−8/100.00

−8/100.00

WBCSecLine Risk&ContLanguageBUControl (−) [TransTimeMon] (+) in the negative direction

WBCSecLine Risk&ContLanguageFailCompy (−) [TransTimeMon] (+) in the negative direction

WBCSecLine Risk&ContLanguageInsuffGran (−) [TransTimeMon] (+) in the negative direction

(continued)

Stage 2 45.1

+8/100.00

WBCSecLine Risk&ContLanguage (+) [TransTimeMon] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 437

Governance variable and description and source

1406. Banks – 2nd Line Risk Management Function – Incomplete Representation of Senior 2nd Line at Divisional and Functional Executive Team Levels – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1407. Banks – Board – WBCWhistleRedFlag – Issues Identified by Whistleblowers – ABA Guiding Principles “Improving Protections for Whistleblowers” – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac)

1404. Banks – 2nd Line Risk Management Function – Enhancement Required in Skills and Capabilities of 2nd Line Staff – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac) 1405. Banks – 2nd Line Risk Management Function – Small Teams for Divisional CROs – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (Westpac)

No

Table 10.2 (continued)

WBCWhistleRedFlag ABAPrin (+) [TransTimeMon] (+)

WBCSecLine Skills&Capability (−) [BrdSkills] (+) in the negative direction WBCSecLine SmallDivTeams (−) [BrdSkills] (+) in the negative direction WBCSecLine SnrPresenceFail (−) [BrdSkills] (+) in the negative direction

Stage 2 45.1

−7/87.50

Stage 2 45.12

Stage 2 45.1

−7/87.50

+8/100.00

Stage 2 45.1

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

438 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1408. Banks – Board – WBCWhistleRedFlag – Issues Identified by Whistleblowers – Automation of System to Record Whistleblower Concerns – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1409. Banks – Board – WBCWhistleRedFlag – Issues Identified by Whistleblowers – Regular Awareness Campaign for “Speak Up” Culture – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1410. Banks – Board – WBCWhistleRedFlag – Issues Identified by Whistleblowers – Benchmarking and Uplift of Whistleblower Frameworks and Practices – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1411. Banks – Board – WBCWhistleRedFlag – Issues Identified by Whistleblowers – Enhancement of Frameworks and Practices to Manage Issues Raised by Whistleblowers – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1412. Banks – Board – WBCWhistleRedFlag – Issues Identified by Whistleblowers – Single Group-Wide Approach for Consistency in Whistleblower Investigations – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) +8/100.00

+8/100.00

+8/100.00

+8/100.00

+8/100.00

WBCWhistleRedFlag AutoRecord (+) [TransTimeMon] (+) WBCWhistleRedFlag AwareCampaign (+) [TransTimeMon] (+) WBCWhistleRedFlag Bench&UpliftFrame (+) [TransTimeMon] (+)

WBCWhistleRedFlag EnhanceFrames (+) [TransTimeMon] (+)

WBCWhistleRedFlag GrpWideApproach (+) [TransTimeMon] (+)

(continued)

Stage 2 45.12

Stage 2 45.12

Stage 2 45.12

Stage 2 45.12

Stage 2 45.12

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 439

Governance variable and description and source

1413. Banks – Board – WBCWhistleRedFlag – Issues Identified by Whistleblowers – Oversight Group and Practice Group for Whistleblower Governance and Integrated Initiatives – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1414. Banks – Board – WBCWhistleRedFlag – Issues Identified by Whistleblowers – Enhanced Reporting for More Detail for Board and Executive Team – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making (Westpac) 1415. 220BrdRisk – Board Oversight of Risk Management – Setting Risk Appetite, Risk Appetite Statement and Risk Management Strategy – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-making (APRA CPS 220) 1416. 220BrdRisk – Board Oversight of Risk Management – Set Risk Culture Within Risk Appetite and Identify Changes in Risk Culture and Steps to Address Changes – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-making (APRA CPS 220)

No

Table 10.2 (continued)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

WBCWhistleRedFlag Oversight&PractGrp (+) [TransTimeMon] (+)

WBCWhistleRedFlag ReportPractsDetail (+) [TransTimeMon] (+)

220BrdRisk AppRASRMS (+) [TransTimeMon] (+) 220BrdRisk CultureChangeSteps (+) [TransTimeMon] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 38.3.2

Stage 2 38.3.2

Stage 2 45.12

Stage 2 45.12

Section Ref. (Relational Effect Path in bold)

440 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1417. 220BrdRisk – Board Oversight of Risk Management – Ensure Senior Management Monitor and Manage All Material Risks Consistent with the Strategic Objectives, RAS and Board Policies – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-making (APRA CPS 220) 1418. 220BrdRisk – Board Oversight of Risk Management – Board to Ensure Operational Structure of the Bank Facilitates Effective Risk Management – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-making (APRA CPS 220) 1419. 220BrdRisk – Board Oversight of Risk Management ––- Board to Ensure Policies and Processes are Developed for Risk-taking that are Consistent with the RMS and the Risk Appetite – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-making (APRA CPS 220) 1420. 220BrdRisk – Board Oversight of Risk Management – Board to Recognise Uncertainties, Limitations and Assumptions Attached to the Measurement of each Material Risk – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-making (APRA CPS 220) 1421. 220BrdRisk – Board Oversight of Risk Management ––- Board to Ensure that Sufficient Resources are Dedicated to Risk Management – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-making (APRA CPS 220) +8/100.00

+8/100.00

+8/100.00

+8/100.00

+8/100.00

220BrdRisk Monitor&ManageSnrMan (+) [TransTimeMon] (+)

220BrdRisk OpStructureRiskMan (+) [TransTimeMon] (+)

220BrdRisk PolicesRMSRAS (+) [TransTimeMon] (+)

220BrdRisk RecogniseUncert&LimitsAss (+) [TransTimeMon] (+)

220BrdRisk ResourcesRiskMan (+) [TransTimeMon] (+)

(continued)

Stage 2 38.3.2

Stage 2 38.3.2

Stage 2 38.3.2

Stage 2 38.3.2

Stage 2 38.3.2

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 441

Governance variable and description and source

1422. 220BusPlan – Business Plan – Written Business Plan to Implement Strategic Objectives – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 220) 1423. 220HeadRisk – Head of Group Oversight of Risk Management ––Head of Group to Maintain Board-Approved Liquidity Management Policy for the Group – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-making (APRA CPS 220) 1424. 220HeadRisk – Head of Group Oversight of Risk Management ––Head of Group to Maintain Processes for the Group Risk Management Framework – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-making (APRA CPS 220) 1425. 220Pol&Proc – Policies and Procedures – Policies and Procedures under Section 30 RMS – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 220)

No

Table 10.2 (continued)

+7/87.50

+8/100.00

+8/100.00

+7/87.50

220BusPlan BrdApproveStratObjects (+) [BrdSkills] (+) 220HeadRisk LiqManPolicy (+) [TransTimeMon] (+)

220HeadRisk RMFProcesses (+) [TransTimeMon] (+)

220Pol&Proc Requirements (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 40.6

Stage 2 38.3.3

Stage 2 38.3.3

Stage 2 40.6

Section Ref. (Relational Effect Path in bold)

442 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1426. 220Pol&Proc – Policies and Procedures – Monitoring Dates that Policies and Procedures are Last Revised, Date of Next Review and Person Responsible – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 220) 1427. 220RAS – Risk Appetite Statement – Board to Set and Approve a Clear and Concise RAS to Address Material Risks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 220) 1428. 220RAS – Risk Appetite Statement – Minimum Requirements for RAS – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 220) 1429. 220 RMF – Risk Management Framework – Annual Declaration to APRA on Risk Management in Attachment A – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (APRA CPS 220) 1430. 220 RMF – Risk Management Framework – Annual Review of RMF by Internal and/or External Audit – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (APRA CPS 220) +8/100.00

Stage 2 48.1

+8/100.00

220RMF AnnualReview (+) [TransTimeMon] (+)

Stage 2 40.5.1

+7/87.50

220RAS MinimumRequirements (+) [BrdSkills] (+) 220RMF AnnualDeclarationAPRA (+) [TransTimeMon] (+)

(continued)

Stage 2 48.1

Stage 2 40.5.1

+7/87.50

220RAS BrdRespSet&ApproveRAS (+) [BrdSkills] (+)

Stage 2 40.6

+7/87.50

220Pol&Proc Revise&ReviewDates (+) [BrdSkills] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 443

Governance variable and description and source

1431. 220 RMF – Risk Management Framework – Comprehensive Review of RMF by Independent, Competent Persons (including External Consultants) At Least Every 3 Years – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (APRA CPS 220) 1432. 220 RMF – Risk Management Framework to be Consistent with Business Plan Under Section 31 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (APRA CPS 220) 1433. 220 RMF – Elements of Risk Management Framework and Material Risk – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (APRA CPS 220) 1434. 220 RMF – Risk Management Framework to Provide Structure to Identify and Manage Each Material Risk Having Regard to Size, Business Mix and Complexity of Operations – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (APRA CPS 220)

No

Table 10.2 (continued)

+8/100.00

+8/100.00

+8/100.00

+8/100.00

220RMF ComprehenExtReview3Years (+) [TransTimeMon] (+)

220RMF ConsistentBusPlanSec31 (+) [TransTimeMon] (+)

220RMF Elements&MatRisk (+) [TransTimeMon] (+) 220RMF ID&ManRiskSizeMixComplex (+) [TransTimeMon] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 48.1

Stage 2 48.1

Stage 2 48.1

Stage 2 48.1

Section Ref. (Relational Effect Path in bold)

444 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1435. 220 RMF – Maintain Risk Management Framework – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (APRA CPS 220) 1436. 220 RMF – Risk Management Framework – Minimum Requirements of Material Risks – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (APRA CPS 220) 1437. 220 RMF – Minimum Requirements of Risk Management Framework – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility (APRA CPS 220) 1438. 220 RMF – Risk Management Framework – Requirements of Management Information System – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (APRA CPS 220) 1439. 220 RMF – Risk Management Framework – Notification to APRA of Revisions and Breaches/Deviations – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility (APRA CPS 220) +8/100.00

+8/100.00

+8/100.00

+8/100.00

+8/100.00

220RMF Institution-Wide (+) [TransTimeMon] (+) 220RMF MinimumMaterialRisks (+) [TransTimeMon] (+)

220RMF MinimumRequirements (+) [TransTimeMon] (+) 220RMF MISRequireBrdCmsSnrMan (+) [TransTimeMon] (+)

220RMF NotifyAPRARevisionsBreach (+) [TransTimeMon] (+)

(continued)

Stage 2 48.1

Stage 2 48.1

Stage 2 48.1

Stage 2 48.1

Stage 2 48.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 445

Governance variable and description and source

1440. 220 RMF – Risk Management Framework to “Include ForwardLooking Scenario Analysis and Stress Testing Programs” Having Regard to “Size, Business Mix and Complexity…Based on Severe But Plausible Assumptions – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/ Responsibility (APRA CPS 220) 1441. 220RMS – Risk Management Strategy – Board Approved RMS for each Material Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 220) 1442. 220RMS – Risk Management Strategy – Minimum Requirements for RMS – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 220) 1443. 220SecLine – 2nd Line Risk Management Function – CRO to be Independent from Business Lines/Units, Revenue-Generation and Finance Function and Cannot be the CEO, CFO, Appointed Actuary or Head of Internal Audit – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 220)

No

Table 10.2 (continued)

Stage 2 40.5.1

Stage 2 40.5.1

Stage 2 45

+7/87.50

+7/87.50

+7/87.50

220RMS BrdApprovedEachMatRisk (+) [BrdSkills] (+) 220RMS MinimumRequirements (+) [BrdSkills] (+) 220SecLine CROIndependence (+) [BrdSkills] (+)

Stage 2 48.1

+8/100.00

Section Ref. (Relational Effect Path in bold)

220RMF Scenario&StressTests (+) [TransTimeMon] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

446 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1444. 220SecLine – 2nd Line Risk Management Function – CRO to Have Direct Reporting Line to CEO and Regular and Unfettered Access to Board and BRC – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 220) 1445. 220SecLine – 2nd Line Risk Management Function – Bank Must Have Designated Compliance Function to Manage Compliance Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 220) 1446. 220SecLine – 2nd Line Risk Management Function – Bank to Designate CRO with Authority to Challenge Activities and Decisions Affecting Risk Profile – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 220) 1447. 220SecLine – 2nd Line Risk Management Function – Minimum Requirements for the Risk Management Function – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 220) 1448. 510AudCom – APRA-regulated Institution to have Independent and Adequately Resourced Internal Audit Function – Enhancement in Risk Management, Monitoring and Audit – Enhancement in Internal and External Reporting – Enhancement in Quality of Decision-making (APRA CPS 510) 1449. 510AudCom – Audit Committee Must Invite Auditor and Appointed Actuary to Committee Meetings – Enhancement in Risk Management, Monitoring and Audit – Enhancement in Internal and External Reporting – Enhancement in Quality of Decision-making (APRA CPS 510) +7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

220SecLine CROReportLines&Access (+) [BrdSkills] (+) 220SecLine DesignateComplyFn (+) [BrdSkills] (+) 220SecLine DesignateCRO (+) [BrdSkills] (+)

220SecLine RiskManFnMinRequire (+) [BrdSkills] (+) 510AudCom InternalAuditFn (+) [AudCom] (+) with additional Responsibility Factor No 8 510AudCom InviteAuditor&Actuary (+) [AudCom] (+) with additional Responsibility Factor No 8

(continued)

Stage 2 36.1

Stage 2 36.1

Stage 2 45

Stage 2 45

Stage 2 45

Stage 2 45

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 447

Governance variable and description and source

1450. 510AudCom – Audit Committee Members to be Available to Meet with APRA on Request – Enhancement in Risk Management, Monitoring and Audit – Enhancement in Internal and External Reporting – Enhancement in Quality of Decision-making (APRA CPS 510) 1451. 510AudCom – Internal Auditor Must Have Reporting Line and Unfetterred Access to Audit Committee – Enhancement in Risk Management, Monitoring and Audit – Enhancement in Internal and External Reporting – Enhancement in Quality of Decision-making (APRA CPS 510) 1452. 510AudCom – Audit Committee Requirements – Enhancement in Risk Management, Monitoring and Audit – Enhancement in Internal and External Reporting – Enhancement in Quality of Decision-making (APRA CPS 510) 1453. 510AudCom – Audit Committee Roles and Responsibilities – Enhancement in Risk Management, Monitoring and Audit – Enhancement in Internal and External Reporting – Enhancement in Quality of Decision-making (APRA CPS 510) 1454. 510AudCom – Audit Committee to Ensure Whistle-blower Procedures – Enhancement in Risk Management, Monitoring and Audit – Enhancement in Internal and External Reporting – Enhancement in Quality of Decision-making (APRA CPS 510)

No

Table 10.2 (continued)

510AudCom MeetAPRA (+) [AudCom] (+) with additional Responsibility Factor No 8 510AudCom ReportLineInternalAuditor (+) [AudCom] (+) with additional Responsibility Factor No 8 510AudCom Requirements (+) [AudCom] (+) with additional Responsibility Factor No 8 510AudCom Roles&Resps (+) [AudCom] (+) with additional Responsibility Factor No 8 510AudCom Whistleblower (+) [AudCom] (+) with additional Responsibility Factor No 8

Stage 2 36.1

Stage 2 36.1

Stage 2 36.1

Stage 2 36.1

Stage 2 36.1

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Section Ref. (Relational Effect Path in bold)

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

448 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1455. 510BRC – Board Risk Committee – BRC Composition and Member Requirements – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 510) 1456. 510BRC – Board Risk Committee – BRC to Provide Prior Endorsement for Appointment and Removal of CRO – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 510) 1457. 510BRC – Board Risk Committee – BRC to Have Free and Unfettered Access in Carrying Out Duties – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 510) 1458. 510BRC – Board Risk Committee – BRC Must Invite CRO to Attend All Relevant Sections of BRC Meetings – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 510) 1459. 510BRC – Board Risk Committee – Prohibition on Constraining Any Person from Disclosing Information to APRA – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 510) 1460. 510BRC – Board Risk Committee – Prohibition on Internal Policies or Contractual Arrangements from Constraining Auditor or Other Parties from Communicating with APRA – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 510) +7/87.50

+8/100.00

+8/100.00

510BRC InviteCROAttendMeetings (+) [BrdSkills] (+) 510BRC NoConstraintsInfoAPRA (+) [TransTimeMon] (+) 510BRC NoConstraintsPolicies&Contracts (+) [TransTimeMon] (+)

(continued)

Stage 2 44.9

Stage 2 44.9

Stage 2 43

Stage 2 43

Stage 2 43

+7/87.50

+7/87.50

Stage 2 43

+7/87.50

510BRC Free&UnfetteredAccess (+) [BrdSkills] (+)

510BRC Composition&IndepRequirements (+) [BrdSkills] (+) 510BRC EndorseAppointRemoveCRO (+) [BrdSkills] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 449

Governance variable and description and source

1461. 510BRC – Board Risk Committee – Requirement for BRC with Non-executive Oversight of the Implementation and Operation of the RMF – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 510) 1462. 510BRC – Board Risk Committee – BRC to Have Powers Necessary to Perform its Functions – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 510) 1463. 510BRC – Board Risk Committee – BRC Written Charter, Roles, Responsibilities and Terms of Operation – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (APRA CPS 510) 1464. 510Brd – Board – Board and Senior Management Requirements – Enhancement in Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA CPS 510) 1465. CPS 510BrdReview – Board of Directors – Annual Review of Performance of Individual Directors – Enhancement of Monitoring Effect (APRA CPS 510)

No

Table 10.2 (continued)

Stage 2 23

Stage 2 35.3

+7/87.50

+7/87.50

+7/87.50

510BRC WrittenCharterTermRoles&Resps (+) [BrdSkills] (+) 510Brd Board&SnrManRequirements (+) [BrdSkills] (+) 510BrdReview AnnualIndivDirReview (+) [BrdReview] (+) which is a ‘strongform’ of [BrdIndMon] (+)

Stage 2 43

Stage 2 43

+7/87.50

510BRC PowersForFns (+) [BrdSkills] (+)

Stage 2 43

+7/87.50

Section Ref. (Relational Effect Path in bold)

510BRC NonExecOsightRMF (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

450 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1471.

1470.

1469.

1468.

1467.

510BrdReview AnnualObjectivesReview (+) [BrdReview] (+) which is a ‘strongform’ of [BrdIndMon] (+) CPS 510BrdReview – Board of Directors – Formal Policy for Board 510BrdReview Renewal – Enhancement of Monitoring Effect BrdRenewalPolicy (APRA CPS 510) (+) [BrdReview] (+) which is a ‘strongform’ of [BrdIndMon] (+) CPS 510Compose – Board Composition Requirements – 510Compose Enhancement of Monitoring Effect IndepBrdComposeRequire (APRA CPS 510) (+) [BrdIndMon] (+) CPS 510Compose – Board Composition Requirements for 510Compose Subsidiaries of APRA-Regulated Institutions or Overseas IndepBrdComposeSubsids Equivalents – Enhancement of Monitoring Effect (+) (APRA CPS 510) [BrdIndMon] (+) 510Compose CPS 510Compose – Board Representation Consistent with Shareholding – Enhancement of Monitoring Effect RepresBasedShareholding (APRA CPS 510) (+) [BrdIndMon] (+) 510Head – Head of Group – Ensuring Directors and Senior 510Head Management have Full Range of Skills – Enhancement in Quality of BrdGrpDirSnrManSkills Group Effectiveness, Risk Management, Internal Monitoring and (+) Decision-making [BrdSkills] (+) (APRA CPS 510)

1466. CPS 510BrdReview – Board of Directors – Annual Review of Board Performance Relative to Objectives – Enhancement of Monitoring Effect (APRA CPS 510)

+78/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 22.2

Stage 2 29

Stage 2 29

Stage 2 29

Stage 2 35.3

Stage 2 35.3

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 451

Governance variable and description and source

Stage 2 26

Stage 2 22.2

+7/87.50

+7/87.50

510Head GrpPolicies&FnsBrdApproved (+) [BrdSkills] (+)

Stage 2 22.2

Stage 2 26

+7/87.50

510Head GovArrangements (+) [BrdSkills] (+)

Stage 2 22.2

Section Ref. (Relational Effect Path in bold)

+7/87.50

+7/87.50

510Head BrdGrpRequirements (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

510Indep DirDefinition (+) [BrdIndMon] (+) 1476. 510NED – Definition for Non-Executive Director – Enhancement of 510NED Monitoring Effect Definition (APRA CPS 510) (+) [BrdIndMon] (+)

1472. 510Head – Head of Group – Maintenance of Group Policies, Functions and Committees – Enhancement in Quality of Group Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA CPS 510) 1473. 510Head – Head of Group – Maintenance of Governance Arrangements for the Group – Enhancement in Quality of Group Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA CPS 510) 1474. 510Head – Board of APRA-regulated Institution to Approve Use of Group Policies and Functions – Enhancement in Quality of Group Effectiveness, Risk Management, Internal Monitoring and Decision-making (APRA CPS 510) 1475. 510Indep – Definition for Independent Director – Enhancement of Monitoring Effect (APRA CPS 510)

No

Table 10.2 (continued)

452 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1481. 510RemPol – Remuneration Policy – Remuneration Policy to Cover Service Contracts of Non-related Body Corporate of Institution – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 510) 1482. 510RemPol – Remuneration Policy – Must Maintain Documented Remuneration Policy with Remuneration Objectives and Structure – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 510)

1480. 510RemPol – Remuneration Policy – Institution May Adopt Group Remuneration Policy Approved by the Board – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 510)

1477. 510RemPol – Remuneration Policy – APRA May Determine an Individual or Class of Person to be Covered by the Remuneration Policy – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 510) 1478. 510RemPol – Remuneration Policy – Board to Make Adjustments to Performance-based Remuneration Downwards to Zero if Appropriate – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 510) 1479. 510RemPol – Remuneration Policy – Board Must Approve Remuneration Policy – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 510)

510RemPol APRADetermineCoverIndivClass (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 510RemPol BrdAdjustPerformcRemunDownZero (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 510RemPol BrdApproval (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 510RemPol BrdApprovedGroupRemPol (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 510RemPol CoverServiceContractsNon-related (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 510RemPol DocRemPolObjectStruct (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) Stage 2 21.8

+7/87.50

Stage 2 21.8

+7/87.50

(continued)

Stage 2 21.8

+7/87.50

Stage 2 21.8

Stage 2 21.8

+7/87.50

+7/87.50

Stage 2 21.8

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 453

1487.

1486.

1485.

1484.

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

510RemPol MinPersonsCoveredByPolicy (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 510RemPol – Remuneration Policy – Performance-based 510RemPol Remuneration Must Align Prudent Risk-taking and Adjustments – PerformcAlignRisk&Adjustments Enhancement of Level of Risk-Taking in Alignment with (+) Shareholders [EqOptRiskAlignHighEnd] (+) which is (APRA CPS 510) identical to [EqOptIncent] (+) 510RemPol – Remuneration Policy – Remuneration Policy Must 510RemPol Prohibit Fit and Proper Persons under CPS 520 Who Receive Equity ProhibitFit&ProperEquityHedging from Hedging Exposure – Enhancement of Level of Risk-Taking in (+) Alignment with Shareholders [EqOptRiskAlignHighEnd] (+) which is (APRA CPS 510) identical to [EqOptIncent] (+) 510RemPol – Remuneration Policy – Objectives of Remuneration 510RemPol Policy’s Performance-based Remuneration – Enhancement of Level RemPerformcObjectsLTSound&RMF of Risk-Taking in Alignment with Shareholders (+) (APRA CPS 510) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 510RemPol – Remuneration Policy – Remuneration Policy to be 510RemPol Provided to APRA on Request – Enhancement of Level of RiskRemunPolicyProvideAPRA Taking in Alignment with Shareholders (+) (APRA CPS 510) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

Governance variable and description and source

1483. 510RemPol – Remuneration Policy – Minimum Persons Covered by the Remuneration Policy – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 510)

No

Table 10.2 (continued)

Stage 2 21.8

Stage 2 21.8

Stage 2 21.8

Stage 2 21.8

Stage 2 21.8

Section Ref. (Relational Effect Path in bold)

454 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

Stage 2 21.2

Stage 2 21.2

Stage 2 21.2

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 21.8

Stage 2 21.8

Stage 2 21.8

+7/87.50

510RemPol +7/87.50 RemunPolicyRMF (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 510RemPol +7/87.50 Risk&FinControlPersonsIndep (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

510RemPol TypesRemunArrangements (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 1491. 511BrdRole – Remuneration Framework of APRA-regulated 511BrdRole Entity – Board Establishment of Board Compensation/Remuneration EstabCC Committee – Enhancement of Level of Risk-Taking in Alignment (+) with Shareholders [EqOptRiskAlignHighEnd] (+) which is (APRA CPS 511) identical to [EqOptIncent] (+) 1492. 511BrdRole – Remuneration Framework of APRA-regulated 511BrdRole Entity – Board Oversight and Approval of Remuneration Policy OsightApproveRemPolicy20 Under Paragraph 20 of CPS 511 – Enhancement of Level of (+) Risk-Taking in Alignment with Shareholders [EqOptRiskAlignHighEnd] (+) which is (APRA CPS 511) identical to [EqOptIncent] (+) 1493. 511BrdRole – Remuneration Framework of APRA-regulated 511BrdRole Entity – Board Oversight of Remuneration Framework and its OsightRemFrame&Application Effective Application – Enhancement of Level of Risk-Taking in (+) Alignment with Shareholders [EqOptRiskAlignHighEnd] (+) which is (APRA CPS 511) identical to [EqOptIncent] (+)

1489. 510RemPol – Remuneration Policy – Remuneration Policy Must Ensure that Remuneration and Performance-based Components of Risk and Financial Control Personnel Do Not Compromise Independence – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 510) 1490. 510RemPol – Remuneration Policy – Types of Remuneration Arrangements Captured by CPS 510 – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 510)

1488. 510RemPol – Remuneration Policy – Remuneration Policy to Form Part of Institution’s RMF – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 510)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 455

Governance variable and description and source

1494. 511BrdRole – Remuneration Framework of APRA-regulated Entity – Board to Establish Formal Process for Compensation/ Remuneration Committee to Consult BRC and CRO – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1495. 511CC – Compensation/Remuneration Committee – Compensation/ Remuneration Committee Must Obtain Comprehensive Reporting to Determine Whether Remuneration Outcomes Align with Arrangements in section 19 (Remuneration Framework) – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1496. 511CC – Compensation/Remuneration Committee – CC must consult BRC and CRO to Reflect Risk Outcomes in Remuneration Outcomes for Persons in “Specified Roles” and Following a Documented Process – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1497. 511CC – Compensation/Remuneration Committee – Compensation/ Remuneration Committee to Have Free and Unfettered Access to Board Committees and Risk and Financial Control Personnel and Other Relevant Parties (Internal and External) – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511)

No

Table 10.2 (continued)

Stage 2 12.6

Stage 2 12.6

511CC +7/87.50 Free&UnfetteredAccess (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

Stage 2 12.6

Stage 2 21.2

Section Ref. (Relational Effect Path in bold)

511CC +7/87.50 ConsultBRC&CRORisk&RemDocs (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

511BrdRole +7/87.50 ProcessCCConsultBRCCRO (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511CC +7/87.50 ComprehenReportingOutsAlign19 RemFrame (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

456 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1503.

1502.

1501.

1500.

1499.

511CC NonExecComposition (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511CC – Compensation/Remuneration Committee – Written Charter 511CC for Compensation/Remuneration Committee – Enhancement of WrittenCharterRoles&Resps Level of Risk-Taking in Alignment with Shareholders (+) (APRA CPS 511) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511Defer&Claw – Deferral and Clawback of Variable 511Defer&Claw Remuneration – Criteria for Application of Clawback – CriteriaForClawback55 Enhancement of Level of Risk-Taking in Alignment with (+) Shareholders [EqOptRiskAlignHighEnd] (+) which is (APRA CPS 511) identical to [EqOptIncent] (+) 511Defer&Claw – Deferral and Clawback of Variable 511Defer&Claw Remuneration – Minimum Remuneration for Deferral Requirements DeferVarRemunMin$50K to Apply is AUD $50,000 per Financial Year – Enhancement of (+) Level of Risk-Taking in Alignment with Shareholders [EqOptRiskAlignHighEnd] (+) which is (APRA CPS 511) identical to [EqOptIncent] (+) 511Defer&Claw – Deferral and Clawback of Variable 511Defer&Claw Remuneration – Deferral Period Requirements – Enhancement of DeferralPeriodRequirements Level of Risk-Taking in Alignment with Shareholders (+) (APRA CPS 511) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511Defer&Claw – Deferral and Clawback of Variable 511Defer&Claw Remuneration – Deferral of Vesting of Variable Remuneration – DeferVestingVarRem Enhancement of Level of Risk-Taking in Alignment with (+) Shareholders [EqOptRiskAlignHighEnd] (+) which is (APRA CPS 511) identical to [EqOptIncent] (+)

1498. 511CC – Compensation/Remuneration Committee – Composition of Compensation/Remuneration Committee – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 21.7

Stage 2 21.7

Stage 2 21.7

Stage 2 21.7

Stage 2 12.6

Stage 2 12.6

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 457

Governance variable and description and source

1504. 511Defer&Claw – Deferral and Clawback of Variable Remuneration – Entity Must Take Reasonable Steps to Appropriately Apply Clawback at Minimum for Criteria in Para 55 – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1505. 511Defer&Claw – Deferral and Clawback of Variable Remuneration – Clawback Required for Variable Remuneration for Senior Managers, Executive Directors and Highly Paid Material Risk-Takers in Circumstances of Para 55 – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1506. 511OtherReq – Other Requirements of CPS 511 – Conditions for Entity to Apply to APRA for Approval of Alternative Compensation/ Remuneration Committee Arrangements that Meet Objectives of CPS 511 – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1507. 511OtherReq – Other Requirements of CPS 511 – Conditions for Entity which is Part of a Group, or Corporate Group in the Case of Private Health Insurer, to use Group Compensation/Remuneration Committee and Group Remuneration Policy – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511)

No

Table 10.2 (continued)

Stage 2 21.9

Stage 2 21.9

511OtherReq +7/87.50 EntityInGroupUseGroupCC&Rem PolConds (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

Stage 2 21.7

Stage 2 21.7

Section Ref. (Relational Effect Path in bold)

511OtherReq +7/87.50 AlternativeCCArrangeConds (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

511Defer&Claw +7/87.50 ReasStepsToApplyClawback56 (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511Defer&Claw +7/87.50 SnrManExecDir&MRTClawback54 (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

458 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1508. 511OtherReq – Other Requirements of CPS 511 – Entity Not to Pay Remuneration Through Vehicles/Methods That Undermine CPS 511 – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1509. 511RemDesign – Design of Variable Remuneration – Adjustment of Variable Remuneration “Potentially to Nil, for Adverse Risk and Conduct Outcomes, Based on Clearly Defined Risk Criteria” – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1510. 511RemDesign – Design of Variable Remuneration – Design of Variable Remuneration to Align with Remuneration Objectives – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1511. 511RemDesign – Design of Variable Remuneration – Appropriate Steps to Assess and Mitigate Conflicts of Interest in Remuneration Arrangements Including Service Contracts – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1512. 511RemDesign – Design of Variable Remuneration – Specific Criteria for Application of Malus to Unvested Variable Remuneration – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1513. 511RemDesign – Design of Variable Remuneration – Material Weighting to Non-Financial Measures for Performance-Related Variable Remuneration – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 511RemDesign Arrangements (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511RemDesign Assess&MitigateConflicts (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511RemDesign CriteriaApplicationMalus38 (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511RemDesign MatWeightNonFinPerformMeas (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

Stage 2 21.4

Stage 2 21.4

Stage 2 21.4

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 21.4

Stage 2 21.4

Stage 2 21.9

+7/87.50

511OtherReq +7/87.50 NoMethodsUndermineCPS511&59 (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511RemDesign +7/87.50 AdjustmentRisk&ConductOuts (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 459

Governance variable and description and source

1514. 511RemDesign – Design of Variable Remuneration – No Acceleration of Vesting of Unvested Variable Remuneration for a Person in a “Specified Role” No Longer Employed or Engaged by Entity – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1515. 511RemDesign – Design of Variable Remuneration – Reasonable Steps to Reduce Any Unvested Variable Remuneration for Circumstances in Paragraph 38 (Criteria for Malus of Unvested Variable Remuneration) – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1516. 511RemDesign – Design of Variable Remuneration – “Appropriate Steps to Assess and Mitigate Conflicts of Interest in the Design of its Remuneration Arrangements” – Enhancement of Level of RiskTaking in Alignment with Shareholders (APRA CPS 511) 1517. 511RemFrame – Remuneration Framework of APRA-regulated Entity – Entity Must Maintain a Remuneration Framework – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511)

No

Table 10.2 (continued)

Stage 2 21.4

Stage 2 21.4

511RemDesign +7/87.50 ReasStepsToReduceUnvestVarRem38 (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511RemDesign +7/87.50 StepsAssessMitigateConflicts (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511RemFrame +7/87.50 AlignPromoteSupport (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

Stage 2 21.1

Stage 2 21.4

Section Ref. (Relational Effect Path in bold)

511RemDesign +7/87.50 NoAccelerationOfVestingVarRem (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

460 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1518. 511RemFrame – Remuneration Framework of APRA-regulated Entity – At Least Annual Review of Remuneration Framework for Compliance with CPS 511 – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1519. 511RemFrame – Remuneration Framework of APRA-regulated Entity – Comprehensive Review of Effectiveness of Remuneration Framework by Operationally Independent, Appropriately Experienced and Competent Persons at Least Every 3 Years – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1520. 511RemFrame – Remuneration Framework of APRA-regulated Entity – Remuneration Framework Must Include Documented Remuneration Policy – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1521. 511RemFrame – Remuneration Framework of APRA-regulated Entity – Material Change in Size, Business Mix and Complexity of Operations Identified Outside 3-Yearly Comprehensive Review – Entity to Consider and Address Need to Amend or Review the Remuneration Framework – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1522. 511RemFrame – Remuneration Framework of APRA-regulated Entity – Requirements for 3-Yearly Comprehensive Review – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 511RemFrame +7/87.50 RequirementsFor3YearReviews (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

511RemFrame +7/87.50 DocPolicy (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511RemFrame +7/87.50 MatChangeSizeMixComplex (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

511RemFrame +7.87.50 AnnualReview (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511RemFrame +7/87.50 ComprehenReview3Years (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

(continued)

Stage 2 21.3

Stage 2 21.3

Stage 2 21.1

Stage 2 21.3

Stage 2 21.3

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 461

Governance variable and description and source

1523. 511RemFrame – Remuneration Framework of APRA-regulated Entity – Results of Annual and 3-Year Reviews Documented and Reported to Compensation/Remuneration Committee in Timely Manner – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1524. 511RemOuts – Variable Remuneration Outcomes – Conditions for Entity to Pay or Vest Variable Remuneration to a Person – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1525. 511RemOuts – Variable Remuneration Outcomes – Variable Remuneration Outcomes Must be Linked to and Supported by Entity’s Performance Management System, Code of Conduct and Consequence Management Processes – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1526. 511RemOuts – Variable Remuneration Outcomes – Variable Remuneration Outcomes to be Aligned with Performance and Risk Outcomes – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511)

No

Table 10.2 (continued)

511RemOuts +7/87.50 Perform&RiskAlign (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

Stage 2 21.5

511RemOuts +7/87.50 CondsPay&VestVarRem (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511RemOuts +7/87.50 PerfManSystCodeConductConseqMan (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

Stage 2 21.5

Stage 2 21.5

Stage 2 21.3

Section Ref. (Relational Effect Path in bold)

511RemFrame +7/87.50 ReviewReportsToCC (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

462 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1527. 511RemOuts – Variable Remuneration Outcomes – Minimum Criteria Where Entity Must Take Reasonable Steps to Reduce Unvested Deferred Variable Remuneration – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1528. 511RemOuts – Variable Remuneration Outcomes – Reflect Appropriate Application of Remuneration Adjustment Tools in Variable Remuneration Outcomes from CPS511 Para 36(c) – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1529. 511SpecRole – Specified Roles – Board or Oversight Function to Approve Variable Remuneration Outcomes for Persons in Specified Roles – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1530. 511SpecRole – Specified Roles – Compensation/Remuneration Committee to Recommend Annually to Board on Remuneration Arrangements and Variable Remuneration Outcomes for Specified Roles – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1531. 511SpecRole – Specified Roles – Compensation/Remuneration Committee to Give Clear Guidance to Senior Management on its Expectations in Determining the Appropriate Level and Timing of Risk Adjustments to Variable Remuneration Outcomes for Specified Roles – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 511SpecRole +7/87.50 BrdApproveVarRemOutcomes (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511SpecRole +7/87.50 CCAssess&RecToBrdAnnually VarRem47 (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511SpecRole +7/87.50 CCGuideSnrManLvlTimeRiskAdjust (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

511RemOuts +7/87.50 ReasStepsReduceUnvestDefVarRemun (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511RemOuts +7/87.50 ReflectRemAdjustTools36(c) (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

(continued)

Stage 2 21.6

Stage 2 21.6

Stage 2 21.6

Stage 2 21.5

Stage 2 21.5

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 463

Governance variable and description and source

1532. 511SpecRole – Specified Roles – Compensation/Remuneration Committee to Obtain Sufficient Information to Enable Remunerations Outcomes to be Commensurate with Performance and Risk Outcomes – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1533. 511SpecRole – Specified Roles – Entity Must Prudently Manage the Variable Remuneration Arrangements of All Specified Roles – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1534. 511SpecRole – Specified Roles – Variable Remuneration Arrangements for Risk and Financial Control Personnel – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA CPS 511) 1535. 520FitProp – Fit and Proper Persons – APRA May Determine Person is NOT a Responsible Person if Not in Significant Role in Management or Control Nor Materially Impacts Prudential Matters – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520)

No

Table 10.2 (continued)

Stage 2 21.6

511SpecRole +7/87.50 PrudManVarRemunSpecRole (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 511SpecRole +7/87.50 VarRemRisk&FinControlPersonsIndep (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 520FitProp +7/87.50 APRADetermineNOTRespPerson (+) [BrdSkills] (+)

Stage 2 26.4

Stage 2 21.6

Stage 2 21.6

Section Ref. (Relational Effect Path in bold)

511SpecRole +7/87.50 CCObtainInfoDetermination (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

464 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1536. 520FitProp – Fit and Proper Persons – APRA May Determine Person is a Responsible Person if in a Significant Role in Management or Control or Materially Impacts Prudential Matters – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1537. 520FitProp – Fit and Proper Persons – Institution May Adopt a Group Fit and Proper Policy if Approved by the Board – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1538. 520FitProp – Fit and Proper Persons – Institution Must Define and Document Criteria Required for Each Responsible Person Position – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1539. 520FitProp – Fit and Proper Persons – Institution Must Define and Document Competencies Required for Each Responsible Person Position – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1540. 520FitProp – Fit and Proper Persons – Definition of Responsible Person – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1541. 520FitProp – Fit and Proper Persons – Definition of Responsible Person Need Not Be An Employee Including Consultant, Contractor or Employee of Another Entity – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) Stage 2 26.4

Stage 2 26.4

+7/87.50

+7/87.50

+7/87.50

+7/87.50

520FitProp CriteriaRespPersonPosition (+) [BrdSkills] (+)

520FitProp Define&DocCompetencies (+) [BrdSkills] (+) 520FitProp DefintionRespPerson (+) [BrdSkills] (+) 520FitProp DefnRespPersonExtended (+) [BrdSkills] (+)

(continued)

Stage 2 26.4

Stage 2 26.4

Stage 2 26.4

+7/87.50

520FitProp BrdGroupFit&ProperPolicy (+) [BrdSkills] (+)

Stage 2 26.4

+7/87.50

520FitProp APRADetermineRespPerson (+) [BrdSkills] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 465

Governance variable and description and source

1542. 520FitProp – Fit and Proper Persons – Definition of Senior Manager – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1543. 520FitProp – Fit and Proper Persons – Definition of Senior Manager Carrying Out Responsibilities Does Not Include Those Responsibilities Carried Out By A Director – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1544. 520FitProp – Fit and Proper Persons – Institution Must Have a Documented Fit and Proper Policy for Responsible Persons – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1545. 520FitProp – Fit and Proper Persons – Fit and Proper Person Policy to Have Annual Assessments for Each Responsible Person Position – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1546. 520FitProp – Fit and Proper Persons – Board Must Approve Fit and Proper Policy – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520)

No

Table 10.2 (continued)

+7/87.50

+7/87.50

520FitProp Fit&ProperPolicyAnnualAssess (+) [BrdSkills] (+) 520FitProp Fit&ProperPolicyBrdApprove (+) [BrdSkills] (+)

Stage 2 26.4

Stage 2 26.4

Stage 2 26.4

Stage 2 26.4

+7/87.50

+7/87.50

Stage 2 26.4

Section Ref. (Relational Effect Path in bold)

+7/87.50

520FitProp Fit&ProperPolicy (+) [BrdSkills] (+)

520FitProp DefnSeniorManager (+) [BrdSkills] (+) 520FitProp DefnSnrManNotIncludeDirector (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

466 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1547. 520FitProp – Fit and Proper Persons – Fit and Proper Policy to Be Provided to Candidates for Director and Others Before Assessment of their Fitness and Propriety – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1548. 520FitProp – Fit and Proper Persons – Fit and Proper Policy Assessment to be Completed Prior to Person Holding a Responsible Person Position – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1549. 520FitProp – Fit and Proper Persons – Fit and Proper Policy to Require Sufficient Documentation For Assessments to be Retained – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1550. 520FitProp – Fit and Proper Persons – Fit and Proper Policy to Include Process of Assessment – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1551. 520FitProp – Fit and Proper Persons – Fit and Proper Policy to Have Provisions Encouraging/Enabling Disclosure of Information and Giving/Obtaining Consents for Collection/Use of Information by the Institution or APRA – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1552. 520FitProp – Fit and Proper Persons – Person May Have Interim Appointment to Responsible Person Position Without Full Assessment for 90 Days if Reasonable Steps Taken to Assess Person – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) +7/87.50

+7/87.50

Stage 2 26.4

+7/87.50

520FitProp Fit&ProperPolicyIncludeProcess (+) [BrdSkills] (+) 520FitProp Fit&ProperPolicyInfoProvisions (+) [BrdSkills] (+)

520FitProp Fit&ProperPolicyIntAppointNoAssess (+) [BrdSkills] (+)

Stage 2 26.4

+7/87.50

520FitProp Fit&ProperPolicyDocuments (+) [BrdSkills] (+)

(continued)

Stage 2 26.4

Stage 2 26.4

Stage 2 26.4

+7/87.50

520FitProp Fit&ProperPolicyCompleteAssess (+) [BrdSkills] (+)

Stage 2 26.4

+7/87.50

520FitProp Fit&ProperPolicyCandidatesDir (+) [BrdSkills] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 467

Governance variable and description and source

1553. 520FitProp – Fit and Proper Persons – Institution Must Take Reasonable Steps to Ensure Each Responsible Person is Aware/ Understands the Fit and Proper Policy – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1554. 520FitProp – Fit and Proper Persons – Fit and Proper Policy Must Form Part of Institution’s Risk Management Framework – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1555. 520FitProp – Fit and Proper Persons – Fit and Proper Policy to Specify the Actions to be Taken Where Person Assessed as NOT Fit and Proper – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1556. 520FitProp – Fit and Proper Persons – Head of a Group Must Maintain a Group Fit and Proper Policy – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1557. 520FitProp – Fit and Proper Persons – Head of a Group Must Ensure Fit and Proper Policy to Apply to Persons in a Non-APRA Regulated Institution Which Affects Whole/Substantial Part of Group – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520)

No

Table 10.2 (continued)

Stage 2 26.4

Stage 2 26.4

Stage 2 26.4

+7/87.50

+7/87.50

+7/87.50

520FitProp Fit&ProperPolicySpecifyActions NotFitProp (+) [BrdSkills] (+) 520FitProp HeadGroupFit&ProperPolicy (+) [BrdSkills] (+) 520FitProp HeadNon-RegFit&ProperPolicy (+) [BrdSkills] (+)

Stage 2 26.4

+7/87.50

520FitProp Fit&ProperPolicyRMF (+) [BrdSkills] (+)

Stage 2 26.4

+7/87.50

Section Ref. (Relational Effect Path in bold)

520FitProp Fit&ProperPolicyReasSteps (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

468 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1558. 520FitProp – Fit and Proper Persons – Head of a Group Must Notify APRA of Each Responsible Person Across the Group – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1559. 520FitProp – Fit and Proper Persons – Institution Must Manage the Risks which Responsible Person Positions that are Not Fit and Proper Pose to the Institution’s Business and Financial Standing – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1560. 520FitProp – Fit and Proper Persons – Person Not to be Appointed to or Hold Responsible Person Position if the Institution or Reasonable Person Would Assess Person as Not Fit and Proper – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1561. 520FitProp – Fit and Proper Persons – Fit and Proper Person Assessment Must Make All Reasonable Enquiries Including Collecting Sensitive Information Relevant to the Assessment – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1562. 520FitProp – Fit and Proper Persons – Institution Subsequently Aware of Information that Person May Not be Fit and Proper Must Make All Reasonable Enquiries Including Collecting Sensitive Information to Prudently Conclude No Concern – If Concern Exists, Full Assessment to be Conducted – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) +7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

520FitProp HeadNotifyAPRAGroupRespPerson (+) [BrdSkills] (+) 520FitProp ManageRisksNotFitProp (+) [BrdSkills] (+)

520FitProp NotHoldReasPersonPosition (+) [BrdSkills] (+)

520FitProp ReasEnquiriesCollectInfo (+) [BrdSkills] (+)

520FitProp SubseqAwareInfoNOTFitProp (+) [BrdSkills] (+)

(continued)

Stage 2 26.4

Stage 2 26.4

Stage 2 26.4

Stage 2 26.4

Stage 2 26.4

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 469

Governance variable and description and source

1563. 520FitPropInfo – Fit and Proper Persons – APRA Not to Require Disclosure of Spent Convictions Precluded Under Part VIIC Crimes Act 1914 – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1564. 520FitPropInfo – Fit and Proper Persons – Details of Responsible Person to be Given to APRA – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1565. 520FitPropInfo – Fit and Proper Persons – Information Provided to APRA to Remain Correct and Any Change or New Appointment Notified Within 28 Days – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1566. 520FitPropInfo – Fit and Proper Persons – Information and Notifications to be Given to APRA by Form and Procedures on APRA Website – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1567. 520FitPropInfo – Fit and Proper Persons – Must Notify APRA Within 10 Business Days if Assess that Responsible Person is NOT Fit and Proper – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520)

No

Table 10.2 (continued)

+7/87.50

+7/87.50

520FitPropInfo NotifyAPRANOTFitProp10BusDays (+) [BrdSkills] (+)

Stage 2 26.4

Stage 2 26.4

Stage 2 26.4

+7/87.50

520FitPropInfo FormAPRAWebsite (+) [BrdSkills] (+)

Stage 2 26.4

+7/87.50

520FitPropInfo DetailsRespPersonAPRA (+) [BrdSkills] (+) 520FitPropInfo EnsureInfoCorrect28Days (+) [BrdSkills] (+)

Stage 2 26.4

+7/87.50

Section Ref. (Relational Effect Path in bold)

520FitPropInfo APRANotRequireSpentConvict (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

470 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1568. 520FitPropInfo – Fit and Proper Persons – Institution to Take Reasonable Steps to Obtain Information/Documentation Requested by APRA to Provide that Information to APRA for Assessment – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1569. 520FitPropWhistle – Fit and Proper Persons – Whistleblowing – Fit and Proper Policy to Contain Consent for Responsible Person Disclosing Information or Documents to APRA of Reasons for Resignation, Retirement or Removal – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1570. 520FitPropWhistle – Fit and Proper Persons – Whistleblowing – Institution/Subsidiaries NOT to Constrain, Restrict or Discourage Any Person Disclosing Information or Documents to APRA – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1571. 520FitPropWhistle – Fit and Proper Persons – Whistleblowing – Institution NOT Required to Impose Obligations on Persons Making Disclosures – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1572. 520FitPropWhistle – Fit and Proper Persons – Whistleblowing – Fit and Proper Policy to Require Whistleblowing Provisions and Procedures Are Adequately Explained to Directors and Employees – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) +7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

520FitPropInfo ReasStepsInfoAPRA (+) [BrdSkills] (+)

520FitPropWhistle CeaseRespPersonAPRA (+) [BrdSkills] (+)

520FitPropWhistle NoConstraintsAPRA (+) [BrdSkills] (+)

520FitPropWhistle NoDisclosureObligations (+) [BrdSkills] (+) 520FitPropWhistle ProvExplained (+) BrdSkills] (+)

(continued)

Stage 2 26.4

Stage 2 26.4

Stage 2 26.4

Stage 2 26.4

Stage 2 26.4

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 471

Governance variable and description and source

1573. 520FitPropWhistle – Fit and Proper Persons – Whistleblowing – Fit and Proper Policy to Contain Whistleblowing Provisions for Information that a Responsible Person is Not Fit and Proper to Person Conducting Assessments or APRA – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1574. 520FitPropWhistle – Fit and Proper Persons – Whistleblowing – Fit and Proper Policy to Contain Provisions for Information to be Provided to APRA that an Institution Has Not Complied with CPS 520 – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1575. 520FitPropWhistle – Fit and Proper Persons – Whistleblowing – Fit and Proper Policy to Require ALL Reasonable Steps to be Taken to Ensure Person Making Disclosures NOT subject to or Threatened with Detriment – Enhancement in Risk Management, Monitoring and Decision-quality (APRA CPS 520) 1576. 2019ASICBRC – Board Risk Committee – Failure of Board to Actively Engage in Decisions and Proposals at BRC Level – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC)

No

Table 10.2 (continued)

Stage 2 26.4

Stage 2 43.4

+7/87.50

−7/87.50

520FitPropWhistle ReasStepsNoDetriment (+) [BrdSkills] (+)

2019ASICBRC FailBrdEngageBRCLevel (−) [BrdSkills] (+) in the negative direction

Stage 2 26.4

+7/87.50

520FitPropWhistle ProvNOTComplyAPRA (+) [BrdSkills] (+)

Stage 2 26.4

+7/87.50

Section Ref. (Relational Effect Path in bold)

520FitPropWhistle ProvInfoPersonAPRA (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

472 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1577. 2019ASICBRC – Board Risk Committee – Failure of Clear Escalation Processes for Urgent Material Risks Arising Between BRC Meetings – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC) 1578. 2019ASICBRC – Board Risk Committee – Failure of BRC Members to Provide Informed Oversight and Duty to Make Enquiries of Management – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC) 1579. 2019ASICBRC – Board Risk Committee – Failure of BRC to Meet Often Enough to Oversee Material Risks in a Timely Manner – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC) 1580. 2019ASICBRC – Board Risk Committee – Failure to Dedicate Sufficient Time to Discharge BRC Mandate – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC) 1581. 2019ASICBRC – Board Risk Committee – Full Board is Formally Made BRC Members and Effective BRC Chair – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASIC) 1582. 2019ASICBRC – Board Risk Committee – Full Board Routinely Attends BRC Meetings – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC)

2019ASICBRC FailEscalationUrgentMatRisks (−) [BrdSkills] (+) in the negative direction 2019ASICBRC FailInformedOsightEnquire (−) [BrdSkills] (+) in the negative direction 2019ASICBRC FailMeetFreqMatRisksTimely (−) [BrdSkills] (+) in the negative direction 2019ASICBRC FailSufficTimeDischarge (−) [BrdSkills] (+) in the negative direction 2019ASICBRC FullBrdFormalMshipBRCChair (+) [BrdSkills] (+) 2019ASICBRC FullBrdRoutineAttendBRCMeet (−) [BrdSkills] (+) in the negative direction Stage 2 43.4

Stage 2 43.4

Stage 2 43.4

Stage 2 43.4

Stage 2 43.4

−7/87.50

−7/87.50

−7/87.50

+7/87.50

−7/87.50

(continued)

Stage 2 43.4

−7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 473

Governance variable and description and source

1583. 2019ASICInfo – Board Oversight of Risk Management – Failure to Explore Alternative Solutions to Enhance Information Flows – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility (2019ASIC) 1584. 2019ASICInfo – Board Oversight of Risk Management – Failure by Board Committees to Update Full Board on Non-financial Risks – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility (2019ASIC) 1585. 2019ASICInfo – Board Oversight of Risk Management – Failure to Formalise Cross-Committee Information Flow – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility (2019ASIC) 1586. 2019ASICInfo – Board Oversight of Risk Management – Material Information Buried in Lengthy Board Packs or Reports – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility (2019ASIC)

No

Table 10.2 (continued)

2019ASICInfo FailMatInfoLengthyReports (−) [TransTimeMon] (+) in the negative direction

2019ASICInfo FailAlternSolnInfoFlow (−) [TransTimeMon] (+) in the negative direction 2019ASICInfo FailBrdCteeToUpdateBrdNFR (−) [TransTimeMon] (+) in the negative direction 2019ASICInfo FailFormalCrossCteeInfoFlow (−) [TransTimeMon] (+) in the negative direction

Stage 2 39.18

Stage 2 39.18

Stage 2 39.18

Stage 2 39.18

−8/100.00

−8/100.00

−8/100.00

Section Ref. (Relational Effect Path in bold)

−8/100.00

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

474 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1587. 2019ASICInfo – Board Oversight of Risk Management – Material Information Lost in Undocumented Closed Sessions – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility (2019ASIC) 1588. 2019ASICInfo – Board Oversight of Risk Management – Failure of Minutes to Include Key Discussion Points and Reasons for Decisions – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility (2019ASIC) 1589. 2019ASICInfo – Board Oversight of Risk Management – Failure to Have Clear Hierarchy for NFR that Priorities their Importance – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility (2019ASIC) 1590. 2019ASICInfo – Board Oversight of Risk Management – Informal Meetings Can Cause Asymmetric Information Between Board Members – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility (2019ASIC) 1591. 2019ASIC Risk Appetite Statement – Risk Appetite to be Reinforced through Strong Accountability and Consequences – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASIC) 1592. 2019ASIC Risk Appetite Statement – RAS to “Clearly Express the Board’s Appetite for the Level of Risk it is Willing for the Company to Accept” – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASIC) Stage 2 39.18

Stage 2 40.5.3

−8/100.00

+7/87.50

(continued)

Stage 2 40.5.3

Stage 2 39.18

−8/100.00

+7/87.50

Stage 2 39.18

−8/100.00

2019ASICInfo FailMinutesKeyDiscuss&Reasons (−) [TransTimeMon] (+) in the negative direction 2019ASICInfo FailNFRHierarchyPriority (−) [TransTimeMon] (+) in the negative direction 2019ASICInfo InformalMeetAsymmetricInfo (−) [TransTimeMon] (+) in the negative direction 2019ASICRAS Account&Conseq (+) [BrdSkills] (+) 2019ASICRAS ClearExpressRiskApp (+) [BrdSkills] (+)

Stage 2 39.18

−8/100.00

2019ASICInfo FailMatInfoUndocSessions (−) [TransTimeMon] (+) in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 475

Governance variable and description and source

1596. 2019ASIC Risk Appetite Statement – Full Board Engagement Needed to Set Risk Appetite – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASIC) 1597. 2019ASIC Risk Appetite Statement – RAS Metrics Are Lagged Measuring Breaches that have Already Occurred – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC)

1593. 2019ASIC Risk Appetite Statement – Stated Compliance Risk Appetite does not Reflect Actual Appetite – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC) 1594. 2019ASIC Risk Appetite Statement – RAS Metrics – Failure to Report to Board Against Metrics and Stated Appetite in the RAS at Board Level and BRC Level – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC) 1595. 2019ASIC Risk Appetite Statement – RAS Metrics – Metrics for Financial Risks are More Specific and Granular than for NFR – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC)

No

Table 10.2 (continued)

2019ASICRAS LaggedMetricsOnly (−) [BrdSkills] (+) in the negative direction

2019ASICRAS FinMetricsMoreSpecificGranular (−) [BrdSkills] (+) in the negative direction 2019ASICRAS FullBrdEngage (+) [BrdSkills] (+)

2019ASICRAS ComplyRiskNotReflectApp (−) [BrdSkills] (+) in the negative direction 2019ASICRAS FailReportAgainstMetrics (−) [BrdSkills] (+) in the negative direction

Stage 2 40.5.3

−7/87.50

Stage 2 40.5.3

−7/87.50

Stage 2 40.5.3

Stage 2 40.5.3

−7/87.50

+7/87.50

Stage 2 40.5.3

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

476 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1598. 2019ASIC Risk Appetite Statement – Markers Indicate to Board that Bank Approaching Appetite – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASIC) 1599. 2019ASIC Risk Appetite Statement – RAS Metrics Measure Discrete Issues Rather than Broader Compliance Behaviour – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC) 1600. 2019ASIC Risk Appetite Statement – RAS Metrics Focused on Nature of Breach (Deliberate, Intentional or Negligent) Rather Than How Breach Occurred – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC) 1601. 2019ASIC Risk Appetite Statement – Metrics Do Not Give Representative View of Level of Risk – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC) 1602. 2019ASIC Risk Appetite Statement – Non-financial Risk Appetite Less Mature than Financial Risks – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC) 1603. 2019ASIC Risk Appetite Statement – Non-financial Risk Reporting Does Not Align with Metrics – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC) Stage 2 40.5.3

Stage 2 40.5.3

Stage 2 40.5.3

Stage 2 40.5.3

Stage 2 40.5.3

−7/87.50

−7/87.50

−7/87.50

−7/87.50

−7/87.50

2019ASICRAS MetricsDiscreteOnly (−) [BrdSkills] (+) in the negative direction 2019ASICRAS MetricsHowBreachOccurred (−) [BrdSkills] (+) in the negative direction 2019ASICRAS MetricsNotRepresentRisk (−) [BrdSkills] (+) in the negative direction 2019ASICRAS NFRAppLessMatureFinRisks (−) [BrdSkills] (+) in the negative direction 2019ASICRAS NFRReportNotAlignMetrics (−) [BrdSkills] (+) in the negative direction

(continued)

Stage 2 40.5.3

+7/87.50

2019ASICRAS MarkersIndicateApproachApp (+) [BrdSkills] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 477

Governance variable and description and source

1604. 2019ASIC Risk Appetite Statement – Stated Non-financial Risk Appetite (Generally) does not Reflect Actual Appetite – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC) 1605. 2019ASIC Risk Appetite Statement – Bank Operating Outside Risk Appetite for Non-financial Risks – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2019ASIC) 1606. 2019ASIC Risk Appetite Statement – Requirements/Elements for an Effective RAS – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASIC) 1607. 2019ASIC Risk Appetite Statement – Risk Appetite to Match Actual Tolerance Levels – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASIC) 1608. 2019ASX – Board – Board to Approve Entity’s Statement of Values – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX)

No

Table 10.2 (continued)

2019ASICRAS NFRiskNotReflectApp (−) [BrdSkills] (+) in the negative direction 2019ASICRAS OperateOutsideAppforNFR (−) [BrdSkills] (+) in the negative direction 2019ASICRAS RequireForEffectiveRAS (+) [BrdSkills] (+) 2019ASICRAS RiskAppMatchActualToler (+) [BrdSkills] (+) 2019ASXApproveValues* (+) (interim variable*) [BrdSkills] (+)

Stage 2 40.5.3

Stage 2 40.5.3

Stage 2 40.5.3

Stage 2 40.5.3

Stage 2 29.2

−7/87.50

+7/87.50

+7/87.50

+7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

478 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1613. 2019ASX Audit Committee – Powers of Audit Committee (2019ASX)

1612. 2019ASX Audit Committee – Accounting and Financial Expertise and Knowledge of Industry of Audit Committee (2019ASX)

1611. 2019ASX Audit Committee – Disclosure Requirements for Audit Committee (2019ASX)

1610. 2019ASX Audit Committee – Audit Committee to Obtain Declarations from CEO and CFO (2019ASX)

1609. 2019ASX Audit Committee – Presence, Operation and Frequency (2019ASX)

2019ASXAudCom (+) [AudCom] (+) with additional Responsibility Factor No 8 2019ASXAudCom DeclareCEO&CFO (+) [AudCom] (+) with additional Responsibility Factor No 8 2019ASXAudCom Disclose (+) [AudCom] (+) with additional Responsibility Factor No 8 2019ASXAudCom FinAccIndustExpert (+) [AudCom] (+) with additional Responsibility Factor No 8 2019ASXAudCom Powers (+) AudCom] (+) with additional Responsibility Factor No 8 +7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 36.1

Stage 2 36.1

Stage 2 36.1

Stage 2 36.1

Stage 2 36.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 479

Governance variable and description and source

1616. 2019ASXBRC – Board Risk Committee – Presence, Operation and Frequency of Board Risk Committee – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX) 1617. 2019ASXBRC – Board Risk Committee – Disclosure Requirements for Board Risk Committee – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX) 1618. 2019ASXBRC – Board Risk Committee – Powers of Board Risk Committee – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX)

1615. 2019ASX Audit Committee – Entity to Disclose Process for Verifying any Corporate Report Released to the Market that is NOT Audited or Reviewed by External Auditor (2019ASX).

1614. 2019ASX Audit Committee – Roles and Responsibilities for Audit Committee (2019ASX)

No

Table 10.2 (continued)

+7/87.50

+7/87.50

2019ASXBRC Powers (+) [BrdSkills] (+)

+7/87.50

+7/87.50

+7/87.50

2019ASXBRC Disclose (+) [BrdSkills] (+)

2019ASXAudCom Roles&Resps (+) [AudCom] (+) with additional Responsibility Factor No 8 2019ASXAudCom VerifyIntegCorpReport (+) [AudCom] (+) with additional Responsibility Factor No 8 2019ASXBRC (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 43

Stage 2 43

Stage 2 43

Stage 2 36.1

Stage 2 36.1

Section Ref. (Relational Effect Path in bold)

480 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1619. 2019ASXBRC – Board Risk Committee – Review of Risk Management Framework at Least Annually – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX) 1620. 2019ASXBRC – Board Risk Committee – Roles and Responsibilities for Board Risk Committee – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX) 1621. 2019ASXBrd – Board – Entity to Undertake Appropriate Checks Before Appointing Director – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX) 1622. 2019ASXBrd – Board – Charter to Contain Roles and Responsibilities of Deputy Chair – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX) 1623. 2019ASXBrd – Board – Charter to Contain Policy for Directors to Obtain Independent Advice at Expense of Entity – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX) 1624. 2019ASXBrd – Board – Charter of Matters Reserved to Board and Delegated to Management – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX) +7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

2019ASXBRC ReviewRMF (+) [BrdSkills] (+) 2019ASXBRC Roles&Resps (+) [BrdSkills] (+) 2019ASXBrd AppointChecks (+) [BrdSkills] (+) 2019ASXBrd ChartDeputyChair (+) [BrdSkills] (+) 2019ASXBrd ChartIndepAdvice (+) [BrdSkills] (+) 2019ASXBrd ChartReserve&Delegate (+) [BrdSkills] (+)

(continued)

Stage 2 22.2

Stage 2 22.2

Stage 2 22.2

Stage 2 22.2

Stage 2 43

Stage 2 43

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 481

Governance variable and description and source

1629. 2019ASXBrd – Board – Board or Committee to be Informed of Material Breaches of Anti-bribery and Corruption Policy – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX)

1625. 2019ASXBrd – Board – Charter of Board Roles and Responsibilities – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX) 1626. 2019ASXBrd – Board – Charter to Contain Roles and Responsibilities of Senior Independent Director – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX) 1627. 2019ASXBrd – Board – Have and Disclose Periodic Review for Board, Committees and Individual Directors – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX) 1628. 2019ASXBrd – Board – Board or Committee to be Informed of Material Breaches of Code of Conduct – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX)

No

Table 10.2 (continued)

Stage 2 29.2

+7/87.50

+7/87.50

Stage 2 35.3

+7/87.50

2019ASXBrd CmIndivReview (+) [BrdReview] (+) which is a ‘strongform’ of [BrdIndMon] (+) 2019ASXBrd CmMaterialBreachCode* (+) (interim variable*) [BrdSkills] (+) 2019ASXBrd CmMatBreachBribeCorruptPolicy* (+) (interim variable*) [BrdSkills] (+)

Stage 2 29.2

Stage 2 22.2

+7/87.50

2019ASXBrd ChartSID (+) [BrdSkills] (+)

Stage 2 22.2

+7/87.50

Section Ref. (Relational Effect Path in bold)

2019ASXBrd ChartRoles&Resps (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

482 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1630. 2019ASXBrd – Board – Board or Committee to be Informed of Material Incidents Under the Whistleblower Policy – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX) 1631. 2019ASXBrd – Board – Written Agreements with Directors and Senior Executives with Terms of Appointment – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX) 1632. 2019ASXBrd – Board – Listed Entity to Have Program for Inducting New Directors – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (2019ASX) 1633. 2019ASXBrd – Board – Entity to Provide Security Holders with All Information to Elect or Re-elect Directors – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX) 1634. 2019ASXBrd – Board – Program for Periodic Review of Need for Existing Directors to Undertake Professional Development – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (2019ASX) +7/87.50

+7/87.50

2019ASXBrd ElectInfo (+) [BrdSkills] (+) 2019ASXBrd ReviewProfDev (+) [BrdSkills] (+)

(continued)

Stage 2 26

Stage 2 22.2

Stage 2 26

Stage 2 22.2

+7/87.50

+7/87.50

Stage 2 29.2

+7/87.50

2019ASXBrd DirInduction (+) [BrdSkills] (+)

2019ASXBrd CmMatIncidentsWhistlePolicy* (+) (interim variable*) [BrdSkills] (+) 2019ASXBrd ContractTermsDir&Exec (+) [BrdSkills] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 483

Governance variable and description and source

1635. 2019ASXBrd – Board – Secretary Directly Accountable to Board Through Chairperson – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX) 1636. 2019ASXBrd – Board – Have and Disclose Board Skills Matrix the Board Has or Looking to Achieve – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (2019ASX) 1637. 2019ASXCC – Compensation/Remuneration Committee – Presence, Operation and Frequency of Compensation/Remuneration Committee – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) 1638. 2019ASXCC – Compensation/Remuneration Committee – Balancing of Interests of Compensation/Remuneration Committee – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX)

No

Table 10.2 (continued)

Stage 2 26

Stage 2 12.6

Stage 2 12.6

+7/87.50

2019ASXBrd SkillsMatrix (+) [BrdSkills] (+)

2019ASXCC +7/87.50 (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 2019ASXCC +7/87.50 BalancingInterests (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

Stage 2 22.2

+7/87.50

Section Ref. (Relational Effect Path in bold)

2019ASXBrd SecAccountToChair (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

484 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1639. 2019ASXCC – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Executive Remuneration – Composition – Appropriate Balance of Fixed Remuneration and Performance-based Remuneration – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) 1640. 2019ASXCC – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Executive Remuneration – Equity-based Remuneration – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) 1641. 2019ASXCC – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Executive Remuneration – Fixed Remuneration – To be Reasonable and Fair Reflecting Core Performance Requirements and Expectations – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) 1642. 2019ASXCC – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Executive Remuneration – Performance-based Remuneration – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) 1643. 2019ASXCC – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Executive Remuneration – Termination Payments – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) 1644. 2019ASXCC – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Executive Remuneration and Non-executive Director Remuneration – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) Stage 2 12.6

Stage 2 12.6

Stage 2 12.6

Stage 2 12.6

Stage 2 12.6

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

2019ASXCC Box8.2ExecEquity-basedRem (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 2019ASXCC Box8.2ExecFixedRem (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 2019ASXCC Box8.2ExecPerform-basedRem (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 2019ASXCC Box8.2ExecTermPay (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 2019ASXCC Box8.2Guidelines (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

(continued)

Stage 2 12.6

2019ASXCC +7/87.50 Box8.2ExecCompose (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 485

Governance variable and description and source

1645. 2019ASXCC – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Non-executive Director Remuneration – Equity-based Remuneration – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) 1646. 2019ASXCC – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Non-executive Director Remuneration – Fixed Remuneration – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) 1647. 2019ASXCC – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Non-executive Director Remuneration – No Performance-based Remuneration – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) 1648. 2019ASXCC – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Non-executive Director Remuneration – No Termination Payments – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) 1649. 2019ASXCC – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Non-executive Director Remuneration – Composition – Enhancement of Level of RiskTaking in Alignment with Shareholders (2019ASX)

No

Table 10.2 (continued)

2019ASXCC +7/87.50 Box8.2NEDNoTermPay (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 2019ASXCC +7/87.50 Box8.2NEDRemCompose (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

2019ASXCC +7/87.50 Box8.2NEDEquity-basedRem (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 2019ASXCC +7/87.50 Box8.2NEDFixedRem (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 2019ASXCC +7/87.50 Box8.2NEDNoPerform-basedRem (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 12.6

Stage 2 12.6

Stage 2 12.6

Stage 2 12.6

Stage 2 12.6

Section Ref. (Relational Effect Path in bold)

486 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

2019ASXCC Disclose (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 2019ASXCC DisclosuresExecs (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 2019ASXCC DisclosuresNEDs (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 1653. 2019ASXCC – Compensation/Remuneration Committee – Entity to 2019ASXCC Disclose Policies and Practices Regarding Remuneration – Policies&Practices Enhancement of Level of Risk-Taking in Alignment with (+) Shareholders [EqOptRiskAlignHighEnd] (+) which is (2019ASX) identical to [EqOptIncent] (+) 1654. 2019ASXCC – Compensation/Remuneration Committee – Policy of 2019ASXCC Whether Participants in Equity-based Remuneration Scheme Can PolicyLimitHedgeEcoRisk Limit or Hedge Economic Risk of Participation – Risk-Taking in (−) Excess of Risk Appetite – Likelihood of Bank Failure [EqOptRiskFailHighEnd] (−) (2019ASX) identical to [EqOptEntrch] (−) 1655. 2019ASXCC – Compensation/Remuneration Committee – Powers 2019ASXCC of Compensation/Remuneration Committee – Enhancement of Level Powers of Risk-Taking in Alignment with Shareholders (+) (2019ASX) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

1650. 2019ASXCC – Compensation/Remuneration Committee – Disclosure Requirements for Compensation/Remuneration Committee – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) 1651. 2019ASXCC – Compensation/Remuneration Committee – Disclosures for Executive Directors and Other Senior Executives – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) 1652. 2019ASXCC – Compensation/Remuneration Committee – Disclosures for Non-executive Directors – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) Stage 2 12.6

Stage 2 12.6

Stage 2 12.6

Stage 2 12.6

Stage 2 12.6

+7/87.50

+7/87.50

+7/87.50

−7/87.50

+7/87.50

(continued)

Stage 2 12.6

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 487

Governance variable and description and source

1656. 2019ASXCC – Compensation/Remuneration Committee – Roles and Responsibilities of Compensation/Remuneration Committee – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) 1657. 2019ASXCC – Compensation/Remuneration Committee – “Security Holder Approval for the Issue of Securities to Directors or Their Associates under any Equity-based Incentive Scheme” – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2019ASX) 1658. 2019ASX Continuous Disclosure – Board – Board to Receive Copies of all Market Announcements Promptly After They Are Made – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility (2019ASX) 1659. 2019ASX Continuous Disclosure – Board – New and Substantial Investor or Analyst Presentation Materials on ASX Market Announcements Platform Before the Presentation – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility (2019ASX)

No

Table 10.2 (continued)

+8/100.00

+8/100.00

2019ASXCD BrdCopiesMarketAnnounce (+) [TransTimeMon] (+)

2019ASXCD BrdCopiesPresentationMaterials (+) [TransTimeMon] (+)

2019ASXCC +7/87.50 Roles&Resps (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+) 2019ASXCC +7/87.50 SecHolderApproval (+) [EqOptRiskAlignHighEnd] (+) which is identical to [EqOptIncent] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 37.7

Stage 2 37.7.1

Stage 2 12.6

Stage 2 12.6

Section Ref. (Relational Effect Path in bold)

488 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1660. 2019ASX Continuous Disclosure – Board – Where Practicable Entity to Provide Security Holders with Dial-in or Link to Participate in Presentation – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility (2019ASX) 1661. 2019ASX Continuous Disclosure – Board – Entity to Provide Security Holders with Recording or Transcript of Presentation – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility (2019ASX) 1662. 2019ASX Continuous Disclosure – Board – Suggested Contents for Policy for Complying with Continuous Disclosure Obligations under Listing Rule 3.1in Box 5.1 – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility (2019ASX) 1663. 2019ASX Continuous Disclosure – Board – Written Policy for Complying with Continuous Disclosure Obligations under Listing Rule 3.1 – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility (2019ASX) 1664. 2019ASX – Board – Suggested Contents for Code from Box 3.2 – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX) +8/100.00

+8/100.00

+8/100.00

+8/100.00

+7/87.50

2019ASXCD BrdPresentationInvestorLink (+) [TransTimeMon] (+)

2019ASXCD BrdPresentationRecord (+) [TransTimeMon] (+)

2019ASXCD ContentsContDiscloseBox5.1 (+) [TransTimeMon] (+)

2019ASXCD WritePolicyContDiscloseObs (+) [TransTimeMon] (+)

2019ASXContents Box3.2Code* (+) (interim variable*) [BrdSkills] (+)

(continued)

Stage 2 29.2

Stage 2 37.7

Stage 2 37.7

Stage 2 37.7

Stage 2 37.7

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 489

1669.

1668.

1667.

1666.

+7/87.50

+8/100.00

+7/87.50

+7/87.50

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

2019ASXContents Box3.3WhistlePolicy* (+) (interim variable*) [BrdSkills] (+) 2019ASX – Board – Suggested Contents for Anti-bribery and 2019ASXContents Corruption Policy from Box 3.4 – Enhancement in Internal Box3.4BribeCorruptPolicy* Monitoring Effect – Enhancement in Quality of Decision-making (+) (2019ASX) (interim variable*) [BrdSkills] (+) 2019ASX – Board – Listed Entity to Have and Disclose Anti-bribery 2019ASXDisclose and Corruption Policy – Enhancement in Internal Monitoring BribeCorruptPolicy* Effect – Enhancement in Quality of Decision-making (+) (2019ASX) (interim variable*) [BrdSkills] (+) 2019ASX Risk Management and Compliance – Second Line Risk 2019ASXDisclose Management Function – Disclosure of Material Exposure to Climate ClimateChangeRisks Change – Enhancement in Information Flow – Enhancement in (+) Quality of Risk Management and Internal Monitoring and Decision- [TransTimeMon] (+) making – Enhancement in Quality of Accountability/Responsibility (2019ASX) 2019ASX – Board – Listed Entity to Have and Disclose code of 2019ASXDisclose conduct for Directors, Senior Executives and Employees – CodesConduct* Enhancement in Internal Monitoring Effect – Enhancement in (+) Quality of Decision-making (interim variable*) (2019ASX) [BrdSkills] (+)

Governance variable and description and source

1665. 2019ASX – Board – Suggested Contents for Whistleblower Policy from Box 3.3 – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX)

No

Table 10.2 (continued)

Stage 2 29.2

Stage 2 49.2

Stage 2 29.2

Stage 2 29.2

Stage 2 29.2

Section Ref. (Relational Effect Path in bold)

490 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1674. 2019ASX – Board – Listed Entity to Have and Disclose Whistleblower Policy – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX)

1670. 2019ASX Risk Management and Compliance – Second Line Risk Management Function – Disclosure of Material Exposure to Environmental Risks – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility (2019ASX) 1671. 2019ASX – Board – Disclosure of Performance Evaluation for Each Reporting Period – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX) 1672. 2019ASX Risk Management and Compliance – Second Line Risk Management Function – Disclosure of Material Exposure to Social Risks – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decisionmaking – Enhancement in Quality of Accountability/Responsibility (2019ASX) 1673. 2019ASX – Board – Listed Entity to Articulate and Disclose its Values – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX) +7/87.50

+7/87.50

(continued)

Stage 2 29.2

Stage 2 29.2

Stage 2 49.2

+8/100.00

2019ASXDisclose Values* (+) (interim variable*) [BrdSkills] (+) 2019ASXDisclose WhistlePolicy* (+) (interim variable*) [BrdSkills] (+)

Stage 2 35.3

+7/87.50

2019ASXDisclose PerformEval (+) [BrdReview] (+) which is a ‘strongform’ of [BrdIndMon] (+) 2019ASXDisclose SocialRisks (+) [TransTimeMon] (+)

Stage 2 49.2

+8/100.00

2019ASXDisclose EnvironmentRisks (+) [TransTimeMon] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 491

Governance variable and description and source

1675. 2019ASXDiversity – Board – Gender Diversity Benchmarks with Peers – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX) 1676. 2019ASXDiversity – Board – Gender Diversity Pay Audits and Emerging Themes or Actions – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX) 1677. 2019ASXDiversity – Board – Entity to Have and Disclose Diversity Policy for Board, Senior Executives and Workforce Generally – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX) 1678. 2019ASXDiversity – Board – KPIs for Senior Executives on Gender Participation Linked to Remuneration including Balanced Scorecard – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX)

No

Table 10.2 (continued)

2019ASXDiversity Scorecard* (+) (interim variable*) [BrdSkills] (+)

2019ASXDiversity Bench* (+) (interim variable*) [BrdSkills] (+) 2019ASXDiversity PayAudits* (+) (interim variable*) [BrdSkills] (+) 2019ASXDiversity Policy* (+) (interim variable*) [BrdSkills] (+)

Stage 2 25.1

+7/87.50

Stage 2 25.1

Stage 2 25.1

+7/87.50

+7/87.50

Stage 2 25.1

Section Ref. (Relational Effect Path in bold)

+7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

492 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1684.

1683.

1682.

1681.

1680.

2019ASXDiversity Succession* (+) (interim variable*) [BrdSkills] (+) 2019ASXDiversity – Board – Achieving Specific Numerical Targets 2019ASXDiversity for Gender – Enhancement in Roles and Responsibilities, Quality of Targets* Bank Effectiveness, Risk Management, Internal Monitoring and (+) Decision-making (interim variable*) (2019ASX) [BrdSkills] (+) 2019ASX – Board – Employees to Receive Appropriate Training on 2019ASXEmploy Their Obligations Under the Code – Enhancement in Internal TrainCode* Monitoring Effect – Enhancement in Quality of Decision-making (+) (2019ASX) (interim variable*) [BrdSkills] (+) 2019ASXNED – Board to be Composed of a Majority of 2019ASXNED Independent Directors – Enhancement of Monitoring Effect BrdMajorityIndep (2019ASX) (+) [BrdIndMon] (+) 2019ASXNED – Board Chair to be a NED and Not the Same Person 2019ASXNED as CEO – Enhancement of Monitoring Effect ChairNotCEO (2019ASX) (+) [BrdIndMon] (+) 2019ASXNED – Disclosure and Factors for Independent Directors – 2019ASXNED Enhancement of Monitoring Effect IndepDirDisclose&Factors (2019ASX) (+) [BrdIndMon] (+)

1679. 2019ASXDiversity – Board – Gender Diversity on Succession Planning – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX)

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

+7/87.50

(continued)

Stage 2 26

Stage 2 26

Stage 2 26

Stage 2 29.2

Stage 2 25.1

Stage 2 25.1

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 493

Governance variable and description and source

1688. 2019ASX – Board – Periodic Reviews by External Facilitators – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX)

1685. 2019ASXNomGov – Nomination and Governance Committee – Composition of Nomination and Governance Committee – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (2019ASX) 1686. 2019ASXNomGov – Nomination and Governance Committee – Roles and Responsibilities of Nomination and Governance Committee – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility (2019ASX) 1687. 2019ASX – Board – Performance Review of Chair by Deputy Chair or Senior Independent Director – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX)

No

Table 10.2 (continued)

+7/87.50

+7/87.50

2019ASXNomGov Roles&Resps (+) [NomGovCom] (+/−) in the positive direction

2019ASXReview Chair (+) [BrdReview] (+) variable which is a ‘strong-form’ of the [BrdIndMon] (+) variable 2019ASXReview ExtFacilitate (+) [BrdReview] (+) variable which is a ‘strong-form’ of the [BrdIndMon] (+) variable

+7/87.50

+7/87.50

[2019ASXNomGov Compose (+) [NomGovCom] (+/−) in the positive direction

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 35.3

Stage 2 35.3

Stage 2 36.6

Stage 2 36.6

Section Ref. (Relational Effect Path in bold)

494 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1689. 2019ASX Rights for Security Holders – Board – Entity to Provide Investors with Information about Itself and Governance on Website – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility (2019ASX) 1690. 2019ASX Rights for Security Holders – Board – Entity to Provide Investors with Corporate Governance Landing Page on Website – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility (2019ASX) 1691. 2019ASX Rights for Security Holders – Board – Contents of Corporate Governance Landing Page on Website – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility (2019ASX) 1692. 2019ASX Rights for Security Holders – Board – Entity to Disclose How It Facilitates and Encourages Participation at Meetings of Security Holders – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility (2019ASX) 1693. 2019ASX Rights for Security Holders – Board – Entity to Give “Security Holders the Option to Receive Communications from, and Send Communications to, the Entity and its Security Registry Electronically” – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility (2019ASX) +8/100.00

+8/100.00

+8/100.00

+8/100.00

+8/100.00

2019ASXRights BrdInfoGovWebsite (+) [TransTimeMon] (+)

2019ASXRights CorpGovLandPage (+) [TransTimeMon] (+)

2019ASXRights CorpGovLandPageContents (+) [TransTimeMon] (+) 2019ASXRights DiscloseParticMeetSecHolders (+) [TransTimeMon] (+)

2019ASXRights ElectronicCommsEntity&Registry (+) [TransTimeMon] (+)

(continued)

Stage 2 37.7

Stage 2 37.7

Stage 2 37.7

Stage 2 37.7

Stage 2 37.7

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 495

Governance variable and description and source

1697. 2019ASX – Board – Have and Disclose Periodic Review for Senior Executives at Least Once Per Reporting Period – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX)

1694. 2019ASX Rights for Security Holders – Board – Entity to Have Investor Relations Program for Two-way Communication with Investors – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility (2019ASX) 1695. 2019ASX Rights for Security Holders – Board – Entity to Ensure All Substantive Resolutions at Meeting of Security Holders Decided by Poll Rather than Show of Hands – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility (2019ASX) 1696. 2019ASX – Board – Disclosure of Performance Evaluation for Senior Executives for Each Reporting Period – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making (2019ASX)

No

Table 10.2 (continued)

+8/100.00

+7/87.50

2019ASXRights SubstantResolutionPoll (+) [TransTimeMon] (+)

2019ASXSnrExec DisclosePerformEval (+) [BrdReview] (+) variable which is a ‘strong-form’ of the [BrdIndMon] (+) variable 2019ASXSnrExec Review (+) [BrdReview] (+) variable which is a ‘strong-form’ of the [BrdIndMon] (+) variable

+7/87.50

+8/100.00

2019ASXRights InvestorRelsProgram (+) [TransTimeMon] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

Stage 2 35.3

Stage 2 35.3

Stage 2 37.7

Stage 2 37.7

Section Ref. (Relational Effect Path in bold)

496 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1701. 2020WBCCultNFR –- Westpac Culture for Non-financial Risk – “Some Leaders React to Incidents with a Focus on Who is to Blame Rather than What to Learn” – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decisionmaking (2020Westpac) 1702. 2020WBCCultNFR –- Westpac Culture for Non-financial Risk – “Tendency to Cultivate Complexity” – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac) 1703. 2020WBCCultNFR –- Westpac Culture for Non-financial Risk – Maturity Self-Assessment Process – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac)

1700. 2019ASX – Board – Values to Protect Reputation and Standing with Key Stakeholders – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX)

1699. 2019ASX – Board – Directors and Senior Executives to Speak and Act to Reinforce the Code – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX)

1698. 2019ASX – Board – Senior Executive Team to Implement Values Across Entity – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making (2019ASX)

2019ASXSnrExec TeamImplementValues* (+) (interim variable*) [BrdSkills] (+) 2019ASXTone AtTopCode* (+) (interim variable*) [BrdSkills] (+) 2019ASXValues KeyStakeholders* (+) (interim variable*) [BrdSkills] (+) 2020WBCCultNFR BlameNotLearn (−) [BrdSkills] (+) in the negative direction 2020WBCCultNFR CultivateComplexity (−) [BrdSkills] (+) in the negative direction 2020WBCCultNFR MaturitySelfAssessProcess (+) [BrdSkills] (+) Stage 2 31.19

Stage 2 31.19

Stage 2 31.19

−7/87.50

−7/87.50

+7/87.50

(continued)

Stage 2 29.2

Stage 2 29.2

Stage 2 29.2

+7/87.50

+7/87.50

+7/87.50

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 497

Governance variable and description and source

1704. 2020WBCCultNFR –- Westpac Culture for Non-financial Risk – Non-financial Risk is a Priority but Requires More Focus – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac) 1705. 2020WBCCultNFR –- Westpac Culture for Non-financial Risk – “Define and Strengthen Psychological Safety and to Monitor and Mitigate Tendency to Blame Individuals” – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1706. 2020WBCCultNFR –- Westpac Culture for Non-financial Risk – “Group Executive Leadership and Clear Co-ordination of Risk and HR Expertise in Setting and Measuring Risk Behaviours”Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1707. 2020WBCCultNFR –- Westpac Culture for Non-financial Risk – Development of Role Model Behaviours for “Sound Risk Management and a Proactive and Systematic Risk Culture” – Enhancement In Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac)

No

Table 10.2 (continued)

+7/87.50

2020WBCCultNFR RiskCultRoleModelBehaviours (+) [BrdSkills] (+)

Stage 2 31.19

Stage 2 31.19

Stage 2 31.19

+7/87.50

+7/87.50

Stage 2 31.19

Section Ref. (Relational Effect Path in bold)

−7/87.50

2020WBCCultNFR RiskCultGroupExecRisk&HR (+) [BrdSkills] (+)

2020WBCCultNFR PriorityFocus (−) [BrdSkills] (+) in the negative direction 2020WBCCultNFR PsycholSafety (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

498 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1708. 2020WBCCultNFR –- Westpac Culture for Non-financial Risk – Risk Culture Dashboard – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1709. 2020WBCCultNFR –- Westpac Culture for Non-financial Risk – Development of Risk Culture Framework with Ongoing Reporting to RISKCO and BRC – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1710. 2020WBCCultNFR –- Westpac Culture for Non-financial Risk – Senior Management Role in Leading Risk Management and Setting Tone is Key and Requires Enhancement – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac) 1711. 2020WBCLine1 – Banks – Business Units – Operation of Line 1 – More Consistent Risk Infrastructure – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1712. 2020WBCLine1 – Banks – Business Units – Operation of Line 1 – Core Skills and Capability of Every Line 1 Employee – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1713. 2020WBCLine1 – Banks – Business Units – Operation of Line 1 – “Enterprise-Wide Metrics…to Monitor and Provide Insight into the Progress of Building Risk Capability and Ownership” – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) Stage 2 31.19

−7/87.50

+7/87.50

+7/87.50

+7/87.50

2020WBCCultNFR SnrManLead (−) [BrdSkills] (+) in the negative direction 2020WBCLine1 ConsistentRiskInfrastruct (+) [BrdSkills] (+) 2020WBCLine1 EmployeeRiskCoreSkills&Capability (+) [BrdSkills] (+) 2020WBCLine1 EnterpriseWideMetrics (+) [BrdSkills] (+)

(continued)

Stage 2 42.1

Stage 2 42.1

Stage 2 42.1

Stage 2 31.19

+7/87.50

2020WBCCultNFR RiskCultureFramework (+) [BrdSkills] (+)

Stage 2 31.19

+7/87.50

2020WBCCultNFR RiskCultureDashboard (+) [BrdSkills] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 499

Governance variable and description and source

1714. 2020WBCLine1 – Banks – Business Units – Operation of Line 1 – Insufficient Empowerment for Employees to Fulfil Roles and Responsibilities – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac) 1715. 2020WBCLine1 – Banks – Business Units – Operation of Line 1 – “Insufficient Expertise, Resourcing and Systems to Manage Some Risks and to Consistently Meet Obligations” – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac) 1716. 2020WBCLine1 – Banks – Business Units – Operation of Line 1 – Failure to Factor Risk Considerations in Decision-making – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac) 1717. 2020WBCLine1 – Banks – Business Units – Operation of Line 1 – “Continued Shortfalls in Project Execution Impede Sound Risk Outcomes in Certain Projects” – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac)

No

Table 10.2 (continued)

2020WBCLine1 FailFactorRiskConsids (−) [BrdSkills] (+) in the negative direction 2020WBCLine1 FailProjectExecution (−) [BrdSkills] (+) in the negative direction

2020WBCLine1 FailEmployeeEmpower (−) [BrdSkills] (+) in the negative direction 2020WBCLine1 FailExpert&Resource&Systems (−) [BrdSkills] (+) in the negative direction

Stage 2 42.1

Stage 2 42.1

Stage 2 42.1

Stage 2 42.1

−7/87.50

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

500 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1718. 2020WBCLine1 – Banks – Business Units – Operation of Line 1 – Continued “Proliferation of Committees Driven by a Lack of Clear Accountability” – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac) 1719. 2020WBCLine1 – Banks – Business Units – Operation of Line 1 – Inconsistent Ownership and Accountability for Risk in Line 1 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac) 1720. 2020WBCLine1 – 2020WBCLine1 Banks – Business Units – Operation of Line 1 – Rationalisation of “Divisional Governance Forums and Sharpen Individual Accountability” – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1721. 2020WBCNFR – Board and Executive Team – Oversight of Non-Financial Risk – BRC Agendas and Papers Too Long Reducing Meeting Efficiency and Ability to Identify Risks – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (2020Westpac) 1722. 2020WBCNFR – Board and Executive Team – Oversight of Non-Financial Risk – Enhancement of Oversight by Board and Executive of CORE Program – Enhancement in Quality of Risk Management and Internal Monitoring – Enhancement in Quality of Decision-making – Enhancement in Delineation and Disclosure of Powers, Duties and Lines of Responsibility (2020Westpac) Stage 2 42.1

Stage 2 42.1

Stage 2 30.8.1

−7/87.50

+7/87.50

−7/87.50

+7/87.50

2020WBCNFR BRCAgenda&PaperLength (−) [BrdSkills] (+) in the negative direction

2020WBCNFR EnhanceOsight (+) [BrdSkills] (+)

(continued)

Stage 2 30.8.1

Stage 2 42.1

−7/87.50

2020WBCLine1 FailProliferationCtees (−) [BrdSkills] (+) in the negative direction 2020WBCLine1 InconsistOship&AccountRisk (−) [BrdSkills] (+) in the negative direction 2020WBCLine1 RatioinaliseGovForums (+) [BrdSkills] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 501

Governance variable and description and source

1723. 2020WBCNFR – Board and Executive Team – Oversight of Non-Financial Risk – Establishment of Board Legal, Regulatory and Compliance Committee – Enhancement in Quality of Risk Management and Internal Monitoring – Enhancement in Quality of Decision-making – Enhancement in Delineation and Disclosure of Powers, Duties and Lines of Responsibility (2020Westpac) 1724. 2020WBCNFR – Board and Executive Team – Oversight of Non-Financial Risk – Non-Financial Risk RASs and Metrics Remain Too High Without Robust Data Reducing Insight – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (2020Westpac) 1725. 2020WBCNFR – Board and Executive Team – Oversight of Non-Financial Risk – RISKCO Agendas and Papers Too Long Reducing Meeting Efficiency and Ability to Identify Risks – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (2020Westpac) 1726. 2020WBCNFR – Board and Executive Team – Oversight of Non-Financial Risk – “Message Management” – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (2020Westpac)

No

Table 10.2 (continued)

Stage 2 30.8.1

Stage 2 30.8.1

Stage 2 30.8.1

Stage 2 30.8.1

+7/87.50

−7/87.50

−7/87.50

−7/87.50

2020WBCNFR RAS&Metrics (−) [BrdSkills] (+) in the negative direction 2020WBCNFR RISKCOAgenda&PaperLength (−) [BrdSkills] (+) in the negative direction

2020WBCNFR RISKCOMessageManagement (−) [BrdSkills] (+) in the negative direction

Section Ref. (Relational Effect Path in bold)

2020WBCNFR EstablishBLRCC (+) [BrdSkills] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

502 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1727. 2020WBCNFR – Board and Executive Team – Oversight of Non-Financial Risk – Urgent Priority Required on Non-Financial Risks and Issues – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility (2020Westpac) 1728. 2020WBCPillar1 – Board and Executive Team – Board Governance of Non-Financial Risk for Risk Appetite, Risk Culture and Risk Management – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1729. 2020WBCPillar1 – Board and Executive Team – Enterprise Prioritisation – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1730. 2020WBCPillar1 – Board and Executive Team –Executive Leadership Culture for Role-Modelling Risk Culture and Risk Management Behaviours – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1731. 2020WBCPillar1 – Board and Executive Team – Consequence Management and Remuneration Adjustment Frameworks – Enhancement of Level of Risk-Taking in Alignment with Shareholders (2020Westpac) 1732. 2020WBCPillar1 – Board and Executive Team – Risk Culture Behaviours and Measurement – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) +7/87.50

+7/87.50

2020WBCPillar1 RiskCultBehave&Measure (+) [BrdSkills] (+)

Stage 2 50.4.1

+7/87.50

2020WBCPillar1 Rem&ConseqManagement (+) [EqOptIncent] (+)

Stage 2 50.4.1

+7/87.50

2020WBCPillar1 EnterprisePriority (+) [BrdSkills] (+) 2020WBCPillar1 ExecLeadRiskCult&RiskManage (+) [BrdSkills] (+)

(continued)

Stage 2 50.4.1

Stage 2 50.4.1

Stage 2 50.4.1

+7/87.50

2020WBCPillar1 BrdGovNFRRiskApp&Cult (+) [BrdSkills] (+)

Stage 2 30.8.1

−7/87.50

2020WBCNFR Risk&IssuePriority (−) [BrdSkills] (+) in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 503

Governance variable and description and source

1733. 2020WBCPillar2 – Board and Executive Team – Conduct Risk Identification, Reporting and Responding to Material Conduct Risks – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decisionmaking – Enhancement in Quality of Accountability/Responsibility (2020Westpac) 1734. 2020WBCPillar2 – Board and Executive Team – Line 2 Risk Roles and Capability – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1735. 2020WBCPillar2 – Board and Executive Team – Risk Framework Documents – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1736. 2020WBCPillar3 – Board and Executive Team – Accountability and Decision-Making in Practice – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1737. 2020WBCPillar3 – Board and Executive Team – Change Management and Delivery – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac)

No

Table 10.2 (continued)

Stage 2 50.4.3

Stage 2 50.4.3

+7/87.50

+7/87.50

Stage 2 50.4.2

+7/87.50

2020WBCPillar3 ChangeMan&Delivery (+) [BrdSkills] (+)

Stage 2 50.4.2

+7/87.50

2020WBCPillar2 Line2RiskRoles&Capability (+) [BrdSkills] (+) 2020WBCPillar2 RiskFrameDocs (+) [BrdSkills] (+) 2020WBCPillar3 Account&DecisionMakingPractice (+) [BrdSkills] (+)

Stage 2 50.4.2

+8/100.00

Section Ref. (Relational Effect Path in bold)

2020WBCPillar2 ConductRiskIDBehave&Report (+) [TransTimeMon] (+)

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

504 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1738. 2020WBCPillar3 – Board and Executive Team – Risk Control Environment Controls, Responsibilities, Support, Documentation and Testing – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1739. 2020WBCPillar3 – Board and Executive Team – Customer Complaints Culture for Feedback and Complaints – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1740. 2020WBCPillar3 – Board and Executive Team – Issues Management Through “Systematic Approach to Root Cause Analysis and Effective Issue Resolution” – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1741. 2020WBCPillar3 – Board and Executive Team – Managing Risk in Line 1 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (2020Westpac) 1742. 2020WBCSecLine – Banks – Westpac 2nd Line Risk Management Function – Blurred Roles and Responsibilities between Line 1 and Line 2 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac) 1743. 2020WBCSecLine – Banks – Westpac 2nd Line Risk Management Function – Capability and Resource Gaps in Line 2 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac) Stage 2 50.4.3

Stage 2 45.1

Stage 2 45.1

+7/87.50

+7/87.50

−7/87.50

−7/87.50

2020WBCPillar3 IssuesManRootCause (+) [BrdSkills] (+)

2020WBCPillar3 Line1ManageRisk (+) [BrdSkills] (+) 2020WBCSecLine BlurredRoles&Resps (−) [BrdSkills] (+) in the negative direction 2020WBCSecLine Capability&ResourceGaps (−) [BrdSkills] (+) in the negative direction

(continued)

Stage 2 50.4.3

Stage 2 50.4.3

+7/87.50

2020WBCPillar3 CustComplaintsCulture (+) [BrdSkills] (+)

Stage 2 50.4.3

+7/87.50

2020WBCPillar3 ControlEnvironment (+) [BrdSkills] (+)

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 505

Governance variable and description and source

1744. 2020WBCSecLine – Banks – Westpac 2nd Line Risk Management Function – Failings in Clarity and Granularity of Non-financial Risk Appetite – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac) 1745. 2020WBCSecLine – Banks – Westpac 2nd Line Risk Management Function – Failings to Identify Root Causes of Issues – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac) 1746. 2020WBCSecLine – Banks – Westpac 2nd Line Risk Management Function – Failings to Understand Some Risk Areas and Associated Obligations – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac) 1747. 2020WBCSecLine – Banks – Westpac 2nd Line Risk Management Function – More Guidance Needed for Accountability in Practice for Employees at All Levels – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac)

No

Table 10.2 (continued)

2020WBCSecLine FailClarity&GranularityNFRAppetite (−) [BrdSkills] (+) in the negative direction 2020WBCSecLine FailIdentifyRootCauses (−) [BrdSkills] (+) in the negative direction 2020WBCSecLine FailUnderstandRisk&Obs (−) [BrdSkills] (+) in the negative direction 2020WBCSecLine GuideAccountAllEmployees (−) [BrdSkills] (+) in the negative direction

Stage 2 45.1

Stage 2 45.1

Stage 2 45.1

Stage 2 45.1

−7/87.50

−7/87.50

−7/87.50

Section Ref. (Relational Effect Path in bold)

−7/87.50

Target/Hypothesised Coverage/Relational Abbreviation (Alphabetical) and Key/Core Proximity Variable from Stage 1 from which the Rating Stage 2 Variable is Derived or Modelled rprox

506 10  Existing Stage 1 and New Stage 2 Bank-Specific Relational Corporate Governance…

1748. 2020WBCSecLine – Banks – Westpac 2nd Line Risk Management Function – “Multiple Systems and Data Definitions” Reduce Ability to Manage Issues – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of -7/87.50 rprox (2020Westpac) 1749. 2020WBCSecLine – Banks – Westpac 2nd Line Risk Management Function – Insufficient Remediation of Regulator Issues in Timely and Effective Manner – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making (2020Westpac) Stage 2 45.1

Stage 2 45.1

−7/87.50

−7/87.50

2020WBCSecLine MultipleSystems&DataDefns (−) [BrdSkills] (+) in the negative direction 2020WBCSecLine RegulatorIssues (−) [BrdSkills] (+) in the negative direction

10.2  The Key Code – The Bank Combined Coverage and Relational Proximity… 507

Part IV

Governance of Banks in the GFC and Beyond Key Field No. 5 (Part 4): Issues in Executive Compensation and Accountability – Incentives, Bonuses, Equity and Option Compensation and the BEAR

Chapter 11

Approach and Structure of Part 4 Has a Risk-Taking Focus

Abstract  Chapter 11 introduces Part 4 of the Key Code and Advanced Handbook relating to issues in executive compensation and accountability including incentives, bonuses, equity and option compensation and the BEAR. We begin with an introduction to variable performance-based pay and risk-taking including remuneration committee considerations and a discussion of shareholder value-­maximisation, bank risk-taking and bank failures. Section 11.1 contains an introduction to incentives, option-based and equity-based pay and risk-taking by banks including, ‘core’ components of remuneration, aims for examining studies on variable compensation and bank risk-taking, economic justification for equity compensation – ‘buyout’ not ‘reward’ – and the ‘wall street bonus system’ which may be countered by equity compensation. The chapter then reviews compensation governance variables from Stage 1 followed by an examination of variable performance-based pay and deposit insurance which increase moral hazard and risk-taking. We find variable option compensation in combination with limited liability increases risk-taking as does variable pay combined with short-term profit results and reporting. There is then a summary of studies and new governance variables for variable performance-based compensation and bank risk-taking including variable compensation, deposit insurance and government bailout. There follows a new governance variable for compensation in combination with limited liability which increases risk-taking as does the new governance variable for pay in combination with short-­ term profit results and reporting. In these new bank-specific governance variables for compensation, we find that risk-taking in excess of risk appetite increases the likelihood of bank failure.

Keywords  Remuneration committee · Variable performance-based pay · Incentives and risk-taking · Options and equity · Stage 1 compensation governance variables · Deposit insurance · Limited liability · Short-term profit results and reporting · Government bailout

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_11

511

512

11  Approach and Structure of Part 4 Has a Risk-Taking Focus

Directors’ remuneration has widely been used as a tool to align the interests of shareholders and executive directors and so reduce agency costs. In recent years, variable remuneration, normally linked to performance and responsibilities, has become much more prevalent. However, a mismatch between performance and executive directors’ remuneration has also come to light. Poor remuneration policies and/or incentive structures may lead to unjustified transfers of value from companies and their shareholders and other stakeholders to executives. Moreover, a focus on short-term performance criteria may have a negative influence on long-term sustainability of the company.1

Today, the phenomenon of equity compensation for directors and executives is common but remains complex. Indeed, many aspects of equity compensation were examined in Chapter 10 of Stage 1.2 In that chapter, the Stage 1 relational approach and Model identified a number of governance variables relating to director independence, compensation levels and equity and option holdings which affected the compensation question. Looking forward now, the aim of this Part 4 of Stage 2 for Australian major banks is to revisit the issue of director, CEO and executive compensation from Chapter 10 of Stage 1 – including bonuses, equity-based and option-based performance incentives – but this time in relation to risk taking by banks. Such risk taking may be at the activity/business unit level of the organisation, by lower-level managers, middle-managers, CEO/executives and directors (both executive and independent/non-executive). Thus, the overall aim of this Stage 2 Part 4 will be to construct a number of new compensation-related governance variables whose underpinning theme or tension is the level of bank risk-taking. These compensation-related variables will be drawn from government and market participant reports at the time of the Global Financial Crisis. The compensation-related variables will then be confirmed, updated or supplemented with the recent examination of compensation-related variables from a number of governmental, Supervisory/Regulatory, major bank and industry initiatives and the APRA Final Report3 and prudential standards up to the time of the recent Australian Banking Royal Commission Inquiry into banking misconduct.

 European Commission, Green Paper, The EU Corporate Governance Framework, COM(2011) 164 final, Brussels, 5 April 2011, accessed 1 May 2017 at ec.europa.eu/internal_market/company/ docs/modern/com2011-164_en.pdf, (‘EC Second Green Paper 2011’), Section 1.4, Directors’ Remuneration, p 9. 2  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’), chapter 10, pp 289–322. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 3  Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (APRA Final Report), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-Report_30042018.pdf, section 8, Remuneration, pp 65–79. 1

11  Approach and Structure of Part 4 Has a Risk-Taking Focus

513

Introduction to Variable Performance-Based Pay and Risk-Taking The Stage 2 relational approach will begin in Sect. 11.1 by introducing an economic justification for equity compensation as a counter to the ‘Wall Street bonus system’. Next is to describe the movement to performance-based and incentive-based pay as a response to limits placed on the tax deductibility of fixed pay. Then, the discussion will illustrate how such variable pay  – in combination with deposit insurance  – affects risk-taking by executives, in particular in relation to options. With these ingredients, the ‘moral hazard’ for banks is explained. Continuing with variable pay and risk-taking, the chapter examines how option compensation in combination with limited liability increases risk-taking as does variable pay combined with short-term profit results and reporting. In Sects. 11.6– 11.9, the Stage 2 relational approach summarises the findings of a number of government and market-participant reform report recommendations from the GFC. These are presented to inform the construction of the variable pay compensation variables. Remuneration Committee Considerations The Walker Review 2009 recommended that the bank’s Compensation/Remuneration Committee should oversee ‘firm-wide remuneration policy’.4 Chapter 12 commences with a review of remuneration incentives and risk and the role of the Compensation/Remuneration Committee including remuneration of ‘high end’ employees and disclosure of remuneration in pay ‘bands’. The Stage 2 relational approach also highlights for Compensation/Remuneration Committees a number of recommendations. First, that incentive payments and bonuses should be calculated by economic profit and not merely revenue. The second recommendation in relation to risk and incentive payments involves the conditions/restrictions attaching to incentive pay such as ‘deferral’, ‘vesting’, ‘short-term bonuses’ and ‘clawback’ with the aim that remuneration should not promote excessive risks among ‘material risk-takers’. A number of other risk-related considerations for the Compensation/Remuneration Committee close out Chap. 12. Shareholder Value-Maximisation, Bank Risk-Taking and Bank Failures Chapter 16 revisits Chap. 8 of this Stage 2 to examine shareholder value-­ maximisation in banks and financial firms and, in particular, how traditional governance variables maximise the share price. Continuing with incentives, governance variables and shareholder wealth-maximisation, the discussion examines how these factors affected risk-taking and losses by banks in the GFC. The section then examines shareholder value-maximisation and ownership structure in combination with incentives to predict bank failure during the GFC. Commentators find that shareholdings of lower-level management predict bank failure and that owner-control predicts bank failure due to increased risk-taking.  David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), Para 7.7, p 108. 4

514

11  Approach and Structure of Part 4 Has a Risk-Taking Focus

The discussion then considers that the risk preference of bank management and shareholders may diverge. In addition, commentators suggest that substantial equity ownership by bank executives may not be aligned with shareholders where holding positions are short-term. Chapter 16 concludes with commentator views that ‘inside debt’ compensation reduces risk-taking.

11.1 Introduction to Incentives, Option-Based and Equity-­Based Pay and Risk-Taking by Banks ‘Core’ Components of Remuneration Modern remuneration systems for banks typically divide remuneration into three ‘core’ components – a fixed component or salary, short-term variable remuneration (STVR) and long-term variable remuneration (LTVR) as explained by APRA for CBA: • a fixed component, which is the salary paid to all permanent employees; • short-term variable remuneration (STVR), which is individual performance-based remuneration that can be awarded to specific staff to reflect their contribution to a number of objectives, including financial, strategic and people management objectives; and • long-term variable remuneration (LTVR), for which the Executive Committee is eligible, reflecting the influence this group in particular has on long-term outcomes.5

APRA explains that, at CBA, each component is broadly one-third of total remuneration for Executive Committee members which is “broadly in line with domestic and international peers”.6 Thus, some reference will be made to this and similar structures in this Part 4. In the case of short-tern variable remuneration (STVR), equity remuneration seeks to align the interests of executives with shareholders and some deferral rules apply: For Executive Committee STVR, a deferral period of two years applies…Half of the STVR is deferred as equity and awarded (‘vesting’) annually in two equal instalments. Deferral provides CBA with an opportunity to cancel variable remuneration should decisions made in the current year impact adversely on the Group in future years. Payment in the form of equity aims to encourage behaviour in the interests of shareholders.7

The third component, long-term variable remuneration (LTVR), can be considerably more than the fixed component – up to 150 per cent – and again seeks to align the interests of executives with those of shareholders but over the long-term providing for both a vesting period and hurdle period in each case of four years:

 APRA Final Report, above n 3, p 66.  Ibid. 7  Ibid (footnote omitted). 5 6

11.1  Introduction to Incentives, Option-Based and Equity-Based Pay and Risk-Taking…

515

For Executive Committee members, LTVR is up to a maximum of 150 per cent of fixed remuneration (from 2017/18). The LTVR vesting in a given year is based on performance over the previous four years. The current year’s LTVR will only be awarded if the performance hurdles over the next four-year period are achieved. Similar to STVR, this is designed to incentivise senior leaders to act in the interests of shareholders, while allowing CBA to withhold remuneration if an issue is identified today that is the result of poor prior-­ year decisions.8

Reference will be made to these components throughout this Part 4 as examples of remuneration practices for confirmation, updating or supplementing the compensation-­based variables to be proposed for GFC-period reports up to the recent Australian Banking Royal Commission Inquiry into banking misconduct. Again by way of introduction, APRA referred with approval to the Australian Bankers’ Association 2017 Retail Banking Remuneration Review – the Sedgwick Review9 – for some principles in relation to incentives and bonuses: • the removal of all bonuses linked directly to sales volumes and sales targets; • eligibility for bonuses to be assessed against a range of factors (i.e. a ‘balanced scorecard’) including customer outcomes; • the adoption of genuinely customer-centric performance measures which look to customer outcomes, not simply loyalty or satisfaction surveys; • behavioural and ethical ‘gateways’ to determine access to bonuses; and • a rebalancing of the size of variable pay relative to fixed pay.10

Aims for Examining Studies on Variable Compensation and Bank Risk-Taking The relational approach is based on identifying the relative importance of governance variables in reducing (increasing) agency costs and enhancing (reducing) the long-term efficiency and survival/sustainability of the for-profit firm, in this case a bank or financial firm. Thus, as a continuing theme in Part 4, the relational approach will identify considerations around determining: • the total compensation ‘mix’; • the conditions for the payment of equity/option-based variable remuneration; and • the factors and adjustments for deterring ‘excessive’ risk-taking. This commences with an examination of the economic justification for equity compensation. Economic Justification for Equity Compensation – ‘Buyout’ Not ‘Reward’ Although now well-established, for a ‘law and economics’ approach such as the relational approach, an economic justification for equity payments to directors should first be established. Booth reviews the area of executive compensation, in

 Ibid, pp 66–67.  Stephen Sedgwick AO, Retail Banking Remuneration Review Report, 19 April 2017, accessed 28 February 2019, available at https://www.betterbanking.net.au/wp-content/uploads/2018/01/ FINAL_Rem-Review-Report.pdf (‘Sedgwick Review’). 10  APRA Final Report, above n 3, pp 65–66. 8 9

516

11  Approach and Structure of Part 4 Has a Risk-Taking Focus

particular the use of severance payments or ‘golden parachutes’.11 Eventually, these payments were extended to the common practice of equity compensation for CEOs and executives to align with shareholder interests which the author rationalises as a ‘buyout’ rather than a ‘reward’: Since the early 1990s, most CEO pay comes in the form of stock options and restricted stock, because equity compensation is the best way to induce the CEO to maximize ­stockholder wealth whether the way to do that is to grow the company or shrink the company. But equity compensation also means that the CEO has a significant ownership stake in the business. It is the height of irony that executive pay has become the primary complaint of stockholder activists when for years the complaint was the separation of ownership from control. But the point here is that generous severance pay should not be seen as a reward so much as a buyout.12

Thus, consistent with the relational approach, the original economic justification for equity compensation in the Bank and GFC Studies Key Field No 5 is – in an echo of the Alignment Factor No 3 – the alignment of management and shareholder interests. As noted in Stage 1,13 Hill and Yablon explain that the ‘alignment’ principle encapsulated in Alignment Factor No 3 serves as one of several theoretical approaches upon which compensation and incentives should be designed.14 Thus, Alignment Factor No 3 is an ‘umbrella’ or ‘guiding principle’ over Compensation Factor No 4 (and all the other governance factors except Compliance Factor No 2) as demonstrated in Fig. 2.5 of Stage 1.15 The ‘Wall Street Bonus System’ May be Countered by Equity Compensation Booth does, however, recognize abuse of this principle16 and also concedes problems with the “Wall Street bonus system” which he argues is countered by equity compensation. In short, for Booth, bonuses are paid-out to executives and employees up-front based on revenue despite overall losses by the bank while equity compensation is based on company performance: [T]he Wall Street bonus system needs rethinking. For example, the recent announcement that 700 employees of Merrill Lynch split a billion dollar bonus pot seems wrong to many. But the rationale is that many employees made money for Merrill even though the company as a whole lost billions. Equity compensation could eliminate such problems with the bonus system. With shares or options, the reward depends on projected performance of the company as estimated by the market. But the problem with equity is that its value depends on the fortunes of the firm as a whole – precisely the problem that the bonus system addresses.

 Richard A Booth, “Things Happen” (2009) Villanova Law Review, forthcoming, (September 2, 2009), accessed 11 May 2017 at SSRN: http://ssrn.com/abstract=1466941, 17. 12  Ibid. 13  See discussion in section 2.6.3 of Stage 1, above n 2, pp 44–45. 14  Jennifer J Hill and Charles M Yablon, ‘Corporate Governance and Executive Remuneration: Rediscovering Managerial Positional Conflict’, Vanderbilt Law and Economics Research Paper No 03–02 (2002) 25 University of New South Wales Law Journal 294, accessed 5 February 2015 at SSRN: http://ssrn.com/abstract=375240, 13. 15  See discussion and Figure 2.5 in section 2.6.3 of Stage 1, above n 2, pp 44–45. 16  Booth, above n 11, 17. 11

11.2  Review – Compensation Governance Variables from Stage 1

517

(It is for this very reason that equity compensation makes sense for the CEO and other high level officers who are responsible for the firm as a whole.)17

Thus, for Booth, shares and/or options to executives make for a more accurate alignment between the CEO/executives and ‘high end’ employees and the objective of the firm’s sustainability as a whole which further echoes the overarching aim of the relational approach.

11.2 Review – Compensation Governance Variables from Stage 1 Chapters 618 and 719 of Stage 1 identified director independence as a ‘core’ or ‘central’ governance variable which is considered vital to the board’s function of the monitoring of the CEO and management. The enhancement of (or reduction in) the monitoring of the CEO and management was demonstrated to be an important end or intervening effect of the variables examined in Chapter 10 of Stage 1. Thus, the principal governance variables identified in Table 2.1 of Stage 1 relating to director independence, the level of director/CEO compensation and equity and option holdings are: • [AudIndMon] (+) – Audit Committee – Independence – Monitoring Effect, coverage/rating + 7/87.50 rprox20; • [DirCEO$] (+/−) – Director/CEO Compensation Levels, coverage/rating +/−7/87.50 rprox21; • [AudShortOpts] (−) – Audit Committee  – Short Term Options Granted to Outside Directors  – Reduction in Monitoring Effect, coverage/rating − 7/87.50 rprox22; • [BrdIndMon] (+) – Board Independent Director: Executive Director Proportion – Monitoring Effect, coverage/rating + 7/87.50 rprox23; • [EqOptIncent] (+) – Equity/Option Plans and Holdings of Directors/ Executives – Incentive/‘Alignment’ Effect (excludes short-term options), coverage/rating + 7/87.50 rprox24;

 Ibid.  See discussion in section 6.8.1 of Stage 1, above n 2, pp 183–185. 19  See discussion in section 7.3.2.1 of Stage 1, above n 2, pp 207–221. 20  See discussion in section 8.4.3 of Stage 1, above n 2, pp 242–244. 21  See discussion in section 10.2.4 of Stage 1, above n 2, pp 305–309. 22  See discussion in section 10.2.5.1 of Stage 1, above n 2, pp 311–312. 23  See discussion in section 7.3.2.1.1–7.3.2.1.2 of Stage 1, above n 2, pp 208–212. 24  See discussion in section 10.2.4 of Stage 1, above n 2, pp 305–309. 17 18

518

11  Approach and Structure of Part 4 Has a Risk-Taking Focus

• [EqOptEntrch] (−)  – Equity/Option Plans and Holdings of Directors/ Executives – ‘Entrenchment’ Effect (excludes short-term options), coverage/rating − 7/87.50 rprox25; and • [ShortTOpts] (−) – Short-Term Option Holdings/Plans of Directors and Executives, coverage/rating − 7/87.50 rprox.26

11.3 Variable Performance-Based Pay and Deposit Insurance Increase Moral Hazard and Risk-Taking For the purposes of this Stage 2 Key Code and Advanced Handbook, Bruner relies on the work of Tung to describe the movement to equity-based pay on account of tax deductibility limits for fixed pay: In the United States, Congress as a response to perceived executive compensation excesses in public companies amended the Internal Revenue Code in 1993 to provide that only the first $1 million of pay would be deductible. The limit did not apply, however, to performance-­ based pay the result being not a reduction in overall compensation, but a substantial increase in the equity-based component of compensation. The finance literature tends to suggest that increased alignment of bank-based pay should increase with limited liability, and in the presence of deposit insurance, equity gets the entire upside while avoiding much of the downside.27

Bruner here emphasizes the ‘upside’ and the ‘downside’ by reference to one of the distinguishing features of banks introduced in Chap. 7  – deposit insurance.28 This is further examined by Bebchuk and Spamann who describe the ‘moral hazard’ problem in banks: There is a fundamental, and now well understood, moral hazard problem in banks. Those who provide equity capital have an excessive incentive to take risk. They will capture the full upside, while some of the downside will be borne by the government as insurer of deposits if the bank goes bankrupt.29

 Ibid.  See discussion in section 10.2.5.1 of Stage 1, above n 2, pp 311–312. 27  Christopher M Bruner, “Corporate Governance Reform in a Time of Crisis” (2011) 36(2) Journal of Corporation Law 309; Washington & Lee Legal Studies Paper No. 2010–9, (30 May 2010), accessed 6 April 2017 at SSRN: http://ssrn.com/abstract=1617890, 316–317 (footnotes omitted). The author cites Frederick Tung, Pay for Banker Performance: Structuring Executive Compensation for Risk Regulation 6–8 (Emory Public Law Research Paper No. 10–93, Emory Law and Economics Research Paper No. 10–60, 2010), available at SSRN: http://ssrn.com/abstract=1546229, 13–15. 28  See discussion in Sect. 7.3 of Chap. 7 above. 29  Lucian A Bebchuk and Holger Spamann, “Regulating Bankers’ Pay” (2010) 98(2) Georgetown Law Journal 247–287, 2010; Harvard Law and Economics Discussion Paper No. 641, (1 October 12,009), accessed 11 April 2017 at SSRN: https://ssrn.com/abstract=1410072, 9 (footnote omitted). 25 26

11.4  Variable Option Compensation in Combination with Limited Liability Increases…

519

Bebchuk and Spamann illustrate this with an example30 and follow by explaining two factors that exacerbate the moral hazard problem – bank financing is not merely through common shares but is partly through debt instruments and bank holding companies are financed by another layer of debt with limits on the amount of debt issued at this level.31 To reflect this distinguishing feature in the relational approach, a new governance variable, [BankDepInsure] (−),32 representing an increase in risk-taking on account of deposit insurance for banks, is examined in Sect. 11.7 below. Accompanying this variable from the discussion in Sect. 7.3 of Chap. 7 above is a further governance variable, [BankGovBail] (−),33 representing an increase in risk-­ taking on account of government bailout for banks which is also examined in Sect. 11.7 below.

11.4 Variable Option Compensation in Combination with Limited Liability Increases Risk-Taking Importantly for Bebchuk and Spamann, option compensation – separate from the shares themselves – increases the risk-taking of executives because they will only be exercised if the ‘strike price’ (the price for which a share can be purchased) is below the then current share price. This captures the ‘upside’ gain in the share price. But if the option is not exercised – because the strike price is above the then current share price – then the share is not acquired avoiding that downside which is suffered by the other shareholders: The reason why the executive’s calculus will not be the same as that of the common shareholders of the bank holding company is that he or she will fully capture stock price gains but will not fully bear stock price declines, as common shareholders would. A stock option gives the holder the right to acquire a share at some future date for a prespecified price, the “strike price.” This right will be valuable if the then-current stock price is above the strike price; it will be worthless otherwise. Consequently, the holder of an option only cares about share price fluctuations above the strike price. It makes no difference to the option holder if the share price ends up being equal to the strike price or far below.34

Thus, for the authors, options increase the incentive to take risks through a combination of the value of the share, a debt equal to the strike price and the protection of limited liability which places a limit on the ‘downside’ loss:

 Ibid, 9–10.  Ibid, 11–13. 32  Banks – Deposit Insurance – Effect on Risk-taking – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure. See discussion in Sect. 11.7 of this Chap. 11 below. 33  Banks – Government Bailout – Effect on Risk-taking – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure. See discussion ibid. 34  Bebchuk and Spamann, above n 29, 18. 30 31

520

11  Approach and Structure of Part 4 Has a Risk-Taking Focus

Essentially, the problem can be viewed as follows. When the executive has an option on a share of the bank, the executive’s position is equivalent to the combination of (1) a share, (2) a debt in an amount equal to the strike price of the option, and (3) limited liability (in other words, the creditor can only go after the value of the share, not the executive’s other assets). This is an additional layer of leverage added on top of the deposits and loans, and importantly, each layer of leverage strengthens the incentive to take risks.35

For Bruner, “research has tended to indicate that equity-based pay and greater emphasis on shareholders’ interests more generally resulted in greater risk-taking by financial firms leading up to the crisis”.36 These references are examined in Sects. 16.1–16.7 of Chap. 16 below. To reflect the effect of the distinguishing feature of limited liability in the relational approach, a new governance variable, [BankLtdLiab] (−),37 representing an increase in risk-taking on account of limited liability for bank shareholders, is examined in Sect. 11.8 below.

11.5 Variable Pay Combined with Short-Term Profit Results and Reporting Increased Risk-Taking The EC Green Paper 2010 approached the question of remuneration in the GFC from two angles – the variable component of director pay and that compensation policies were based on short-term profits results and reporting: • since the end of the 1980s, the substantial increase in the variable component of listed company directors' salaries raises questions about the methods and content of performance evaluations for company directors…; [and] • remuneration policies in the financial sector, based on short-term profits without taking into account the corresponding risks, contributed to the financial crisis…The aim was to align remuneration policies in the financial services with healthy risk management and financial institutions' long-term viability.38

 Ibid, 20.  Bruner, above n 27, 317. The author cites, among others, Luc Laeven and Ross Levine, “Bank Governance, Regulation and Risk Taking” (2009) 93 J. Fin. Econ. 259, (June 2008), accessed 11 April 2017 at SSRN: https://ssrn.com/abstract=1142967; Renee Adams, “Governance and the Financial Crisis” (Eur. Corp. Governance Inst., Finance Working Paper No. 284/2009, 2009), available at http://ssrn.com/abstract=1398583, 13; Andrea Beltratti & Rene M. Stulz, “Why Did Some Banks Perform Better during the Credit Crisis? A Cross-Country Study of the Impact of Governance and Regulation” 3 (Eur. Corp. Governance Inst. Working Paper Series in Fin., Working Paper No. 254, 2009), available at http://ssrn.com/abstract=1433502 and Rudiger Fahlenbrach & Rene Stulz, “Bank CEO Incentives and the Credit Crisis” 1 (Fisher Coll. of Bus. Working Paper Series, Working Paper No. 2009–03-013, 2010), available at http://ssrn.com/abstract=1439859 37  Banks – Limited Liability – Effect on Risk-Taking – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure. See discussion in Sect. 11.8 of this Chap. 11 below. 38  European Commission, Green Paper, Corporate Governance in Financial Institutions and Remuneration Policies, COM(2010) 284 final, Brussels, 2 June 2010, accessed 23 March 2017 at 35 36

11.5  Variable Pay Combined with Short-Term Profit Results and Reporting Increased…

521

The short-term nature of reporting of results – for some companies quarterly – drew some response from market participants. The IIF noted that the incentives “at times reflected the emphasis on short-term profitability in the market’s response to financial reporting.”39 The IIF also drew attention to bonus payments “tied to current production, without sufficient regard for the risk and revenue profiles of products that often span several years”.40 Sahlman examines the incentive system at UBS, using UBS’ own report to shareholders, to illustrate the problem with its incentive system: In the area of incentives, to illustrate, UBS discovered a few major flaws: • Employees had strong incentives to engage in so-called carry trades in which they used UBS capital to invest in high-yielding mortgage-backed securities. UBS charged a very low cost of capital and did not vary that charge based on the riskiness of the assets being purchased. • The fee structure at UBS provided special incentives to buy riskier securities. For example, traders received a fee 3 to 4 times as high when they bought risky CDOs (Collateralized Debt Obligations) than when they bought safer ones. The accounting treatment allowed traders to book profits the moment the trade was executed with no clawback based on subsequent outcomes. • UBS provided “insufficient incentives to protect the UBS franchise long-term.” They gave lots of current cash compensation to individuals engaged in transactions that exposed the company to huge risks. They awarded bonuses that “were measured against gross revenue after personnel costs, with no formal account of the quality or sustainability of those earnings.”41

For the author, these incentive problems were exacerbated by a failure to have a sufficient risk management system and internal controls, in particular in relation to measuring the wrong metrics/variables and with too-short a time horizon (short-­ term instead of the proper long-term): Broadly speaking, these incentives-related issues are classics: providing “strong” and “stronger” incentives to engage in risky behavior; having insufficient incentives to protect the company; and, measuring the wrong things with the wrong time horizon. These mistakes might not have been so costly had UBS had in place strong risk measurement and control systems and/or wise senior managers with responsibility and authority. In other parts of UBS’s “mea culpa,” management details failings in these areas as well.42

http://www.ecgi.org/commission/documents/green_paper_com2010_284_en.pdf (‘EC Green Paper 2010’), section 4, pp 9–10. 39  Institute of International Finance, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, Financial Services Industry Response to the Market Turmoil of 2007–2008, Washington, DC, July 2008, accessed 24 March 2017 at http://www.apec.org.au/docs/11_CON_GFC/IIF_Final_Report_of_the_Committee_on_Market_ Best_Practices.pdf (‘IIF Final Report 2008’), Principle II., Compensation Policies, p 49. 40  Ibid. 41  William Sahlman, “Management and the Financial Crisis (We Have Met the Enemy and He is Us …)”, Harvard Business School Entrepreneurial Management Working Paper No. 10–033, (28 October 2009), accessed 4 April 2017 at SSRN: http://ssrn.com/abstract=1496526, 4–5. The author cites UBS AG, Shareholder Report on UBS’s Write-Downs, April 18, 2008. 42  Ibid, 5.

522

11  Approach and Structure of Part 4 Has a Risk-Taking Focus

Risk management which exacerbated problems with variable performance-based pay is examined in Part 6 of this Stage 2. Here, to reflect the effect of short-term profit results and reporting in the relational approach, a new governance variable, [BankShortProfit] (−),43 representing an increase in risk-taking on account of short-term profit results and reporting, is examined in Sect. 11.9 below.

11.6 Summary of Studies and New Governance Variables for Variable Performance-Based Compensation and Bank Risk-Taking As noted above, this Chap. 11 will now examine governance variables for: • variable compensation, deposit insurance and government bailout (Sect. 11.7); • variable compensation and limited liability (Sect. 11.8); and • variable pay and short-term profit results and reporting (Sect. 11.9).

11.7 Variable Compensation, Deposit Insurance and Government Bailout The distinguishing feature of deposit insurance for banks was examined in Sect. 7.3 of Chap. 7 of this Stage 2 Key Code and Advanced Handbook. Variable performance-­ based compensation, whether in the form of bonuses, shares or options in combination with deposit insurance was shown in Sect. 11.3 above to increase the moral hazard and risk-taking by bank managers. The discussion in Sects. 7.3 and 11.3 demonstrates that variable performance-­ based pay increases moral hazard and risk-taking in the presence of deposit insurance and/or government bailout. Thus, two new governance variables are required: • [BankDepInsure] (−) – Banks – Deposit Insurance – Effects of Risk-Taking – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/ rating − 7/87.50 rprox; and • [BankGovBail] (−) – Banks – Government Bailout – Effects of Risk-Taking – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/ rating − 7/87.50 rprox.

 Banks  – Short-term Profit Results and Reporting  – Effect on Risk-Taking  – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure. See discussion in Sect. 11.9 of this Chap. 11 below. 43

11.7  Variable Compensation, Deposit Insurance and Government Bailout

523

[BankDepInsure] (−)  – Banks  – Deposit Insurance  – Effects of Risk-Taking  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure  – Coverage/rating − 7/87.50 rprox – relational effect path The behaviour of the [BankDepInsure] (−) variable is hypothesized to be identical to the [BrdIndMon] (+)44 variable and the [BrdSkills] (+)45 variable except in the negative (−) direction. In this case, on account of a hypothesised reduction in risk management and therefore internal monitoring, the effect of this governance variable is predicted to be significant on the spine of the relational effect path  – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, an increase in risk-taking can be seen as a reduction in the quality of decision-making reflected in a negative effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Thus, like the [BrdSkills] (+) variable and the [BrdIndMon] (+) variable but in the negative (−) direction, the [BankDepInsure] (−) affects all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 146). Similarly to the [BrdSkills] (+) and [BrdIndMon] (+) variables, compliance with corporate governance and legal requirements on the bank  – an obligation which remains constant by force of law  – is not affected by the risk-­ taking decisions of bank directors, the CEO, executives, ‘high end’ employees or lower-level managers. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of −7/87.50 rprox in the single Bank Combined Coverage and Relational Proximity Table (Table 10.2) above. [BankGovBail]  – (−) Banks  – Government Bailout  – Effects of Risk-Taking  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure  – Coverage/rating − 7/87.50 rprox – relational effect path The [BankGovBail] (−) variable was examined in Sect. 7.3 of Chap. 7 of this Stage 2 and, like the preceding [BankDepInsure] (−) variable, hypothesizes an increase in risk-taking which reduces risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) and/or the quality of decision-­ making (Decision-making Factor No 7). Thus, the relational effect path of the [BankGovBail] (−) variable also has a negative direction marker and is hypothesized to be identical to that of [BankDepInsure] (−), again with Compliance Factor No 2 remaining unaffected. This equates to a coverage/rating of −7/87.50 rprox in the single Bank Combined Coverage and Relational Proximity Table (Table 10.2) above.

 See discussion in section 7.3.2.1.1–7.3.2.1.2 of Stage 1, above n 2, pp 211–212.  See discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp 198–199. 46  See discussion in section 2.6.2 of Stage 1, above n 2, pp 41–43. 44 45

524

11  Approach and Structure of Part 4 Has a Risk-Taking Focus

11.8 Variable Compensation and Limited Liability In Sect. 11.4 above, variable performance-based compensation, whether in the form of bonuses, shares or options in combination with limited liability for bank shareholders increases the moral hazard and risk taking by bank managers. [BankLtdLiab] (−) – Banks – Limited Liability – Effects of Risk-Taking – Risk-­ Taking in Excess of Risk Appetite – Likelihood of Bank Failure – Coverage/ rating − 7/87.50 rprox – relational effect path Like both the preceding [BankDepInsure] (−) and [BankGovBail] (−) variables, the [BankLtdLiab] (−) variable hypothesizes an increase in risk-taking which reduces risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) and/or the quality of decision-making (Decision-­ making Factor No 7). Thus, the relational effect path of the [BankLtdLiab] (−) variable also has a negative direction marker and is hypothesized to be identical to that of [BankDepInsure] (−), again with Compliance Factor 2 remaining unaffected. This equates to a coverage/rating of −7/87.50 rprox in the Bank Combined Coverage and the Relational Proximity Table (Table 10.2) above for the [BankLtdLiab] (−) variable.

11.9 Variable Pay and Short-Term Profit Results and Reporting [BankShortProfit] (−)  – Banks  – Short-Term Profit Results and Reporting  – Effects of Risk-Taking – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure – Coverage/rating − 7/87.50 rprox – relational effect path Like both the preceding [BankDepInsure] (−) and [BankGovBail] (−) variables, the [BankShortProfit] (−) variable hypothesizes an increase in risk-taking which reduces risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) and/or the quality of decision-making (Decision-­ making Factor No 7). Thus, the relational effect path of the [BankShortProfit] (−) variable also has a negative direction marker and is hypothesized to be identical to that of [BankDepInsure] (−), again with Compliance Factor 2 remaining unaffected. This equates to a coverage/rating of −7/87.50 rprox for the [BankShortProfit] (−) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2) above.

Chapter 12

Government and Market Reform Report Recommendations for Compensation or Remiuneration

Abstract  Chapter 12 of the Key Code and Advanced Handbook examines government and market reform report recommendations for compensation or remuneration beginning with the recommendations of the Walker Review 2009 including the Compensation/Remuneration Committee and remuneration policy, executives and ‘high end’ employees, an overview of the Walker Review 2009 recommendations and ‘say-on-pay’ shareholder votes. We then examine the OECD Key Findings of 2009, the absence of pay for performance and Moody’s challenges for executive compensation as a forerunner to reviewing the existing compensation variables from Stage 1. These include a summary of the studies and relational effect paths for the [DirCEO$] (+/−), [EqOptIncent] (+), [EqOptEntrch] (−) and [CompCom] (+/−) variables. There follows an examination of the Compensation/Remuneration Committee and high end employees to identify the risk ‘alignment’ effect and risk ‘failure’ effect of equity and options as well as the Compensation/Remuneration Committee variables for risk alignment with shareholders and risk-taking in excess of risk appetite. Here, there is emphasis on the significant [EqOptRiskAlignHighEnd] (+) and [EqOptRiskFailHighEnd] (−) variables. Section 12.6 adds new governance variables for Compensation/Remuneration Committee composition, functions and policies in the ASX Principles and Recommendations, APRA’s Revised Draft CPS 511, the Walker Review 2009, APRA Final Report and the NAB Self-Assessment 2018. There follows the NAB Self-Assessment 2018 responsibilities for the Compensation/Remuneration Committee and governance variables for Compensation/Remuneration Committee functions and policies in the OECD Key Findings 2009 and the OECD 2010 Conclusions and Practices. We examine the IIF Risk-based incentive principles, long-term profitability adjusted for cost of capital, risk-taking and risk appetite, adjustments for the ‘risk time horizon’, adjustments for organization as a whole and firm-wide profit, severance pay and transparency and disclosure. Section 12.16 reviews the IIF examples of risk-adjusted compensation and incentives and Sect. 12.17 reviews the disclosure

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_12

525

526

12  Government and Market Reform Report Recommendations for Compensation…

of bands and elements of compensation for executives and high end employees and anonymous disclosure of pay ‘bands’ for ‘high end’ employees. The Chapter then moves to examine relevant restrictions, delay, lock-up, deferral and clawback of incentive payments with the associated relational effect paths. Relevant principles include that remuneration should not promote excessive risks and principles relating to ‘material risk takers’, deferral, ‘malus/forfeiture’ ­provisions and ‘clawback’ including the APRA Final Report findings for risk adjustments and variable remuneration. There follows variables for failure to adjust pay bonuses for risks incurred for low level employees, required minimum shareholdings of executive board members, executives and high end employees including vesting arrangements and ‘skin in the game’ shareholdings and ‘retention’ vesting arrangements. We then examine formal codes of conduct for remuneration consultants including use of the code by the Compensation/Remuneration Committee to engage advisers. We conclude with significant variables for incentive payments and bonuses to be calculated by economic profit and not revenue, remuneration design adjustments for the firm’s risk appetite, cost of capital and liquidity risk, adjusting pay benchmarks for risk and remuneration consequences for breaches of company risk appetite limits, internal procedures and legal requirements. Keywords  Walker Review 2009 · Compensation/remuneration committee · Executives · High end employees · Existing alignment effect · Existing entrenchment effect · Risk alignment effect of equity and options · Risk failure effect of equity and options · Restrictions · Delay · Lock-up and deferral of incentive payments · Malus/forfeiture of incentive payments · Clawback of incentive payments

A number of reform reports consequent on the GFC were introduced in Chap. 1 of this Stage 2. In this section, the Stage 2 relational approach examines recommendations in relation to variable performance-based pay and risk-taking. There follows in Sects. 12.5–12.25 the construction of the relational effect paths of a number of governance variables suggested by these reports. These compensation-based variables are then confirmed, updated or supplemented using the APRA Final Report.1 Further updating, there are also a number of Supervisor/Regulator, bank and industry initiatives up to the time of the recent Australian Banking Royal Commission Inquiry into banking misconduct and beyond linking remuneration systems to bank risk.

 Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (APRA Final Report), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-Report_30042018.pdf, section 8, Remuneration, pp 65–79. 1

12.1  Walker Review 2009 Recommendations

527

12.1 Walker Review 2009 Recommendations The Compensation/Remuneration Committee and Remuneration Policy The Walker Review 2009 recommended that the Compensation/Remuneration Committee should oversee “firm-wide remuneration policy”.2 Recommendation 28 has a wide sphere of operation: The remuneration committee should have a sufficient understanding of the company’s approach to pay and employment conditions to ensure that it is adopting a coherent approach to remuneration in respect of all employees. The terms of reference of the remuneration committee should accordingly include responsibility for setting the over-arching principles and parameters of remuneration policy on a firm-wide basis.3

The BCBS Guidelines 2015 provide that the Compensation/Remuneration Committee oversees “the remuneration system’s design and operation and in ensuring that remuneration is appropriate and consistent with the bank’s culture, long-­ term business and risk appetite, remuneration system’s design and operation and in ensuring that remuneration is appropriate and consistent with the bank’s culture, long-term business and risk appetite…” including working with the Board Risk Committee in examining incentives to “take into consideration risk, capital, liquidity and the likelihood and timing of earnings”.4 Executives and ‘High End’ Employees The Walker Review 2009 considered the position of ‘high end’ employees – many of whom may be paid more than board members5 – which it defined as “individuals who as executive board members or other employees perform a significant influence function for the entity or whose activities have, or could have, a material impact on the risk profile of the entity”.6 For the Walker Review, the duty of care of non-­ executive directors on the Remuneration Committee extended beyond the board to such high end employees: It seems desirable, however, given their overall duty of care, that NEDs through the remuneration committee should have clear responsibility going beyond board level. It is accordingly proposed that the reach of the remuneration committee should be extended not only broadly to cover all aspects of remuneration policy on a firm-wide basis, as recommended

 David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), Para 7.7, p 108 3  Ibid, Recommendation 28, p 108. 4   The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’), Para 76, pp 17–18. 5  Walker Review 2009, above n 2, Para 7.8, p 108. 6  Ibid, Para 7.10, p 109. 2

528

12  Government and Market Reform Report Recommendations for Compensation…

above, but more specifically also to cover the remuneration policy and packages in respect of all “high end” employees.7

Overview of Walker Review 2009 Recommendations The Walker Review 20098 made a number of recommendations in relation to the governance of remuneration, including: • Confirming the Remuneration Committee is responsible for the over-arching principles and parameters of the remuneration policy in the firm and “should have a sufficient understanding of the company’s approach to pay and employment conditions to ensure that it is adopting a coherent approach to remuneration in respect of all employees”;9 • The Remuneration Committee is responsible for “remuneration policy and outcomes in respect of all “high end” employees”;10 • The Remuneration Committee to confirm satisfaction with and explain performance objectives and risk adjustments for high end employees;11 • Disclosure of bands of aggregate remuneration of high end employees in relevant ranges including “within each band, the main elements of salary, cash bonus, deferred shares, performance-related long-term awards and pension contribution”;12 • Similarly, disclosure by subsidiaries of foreign banks of the aggregate bands of remuneration and principal elements;13 • Deferral of incentive payments for high end employees including variable remuneration, long-term incentives, short-term awards and clawback arrangements;14 • Required minimum shareholdings of executive board members and high end employees including vesting arrangements;15 • Remuneration Committee to obtain advice from Board Risk Committee on risk adjustments to performance objectives;16 • (‘One strike’) non-binding resolution on the Remuneration Committee Report by shareholders which attracts less than 75% to cause Chairperson of Remuneration Committee to be subject to re-election the following year;17

 Ibid, Para 7.9, p 109 and Recommendation 29, p 110.  Ibid, Executive summary and recommendations, pp 20–22. 9  Ibid, Recommendation 28, p 20. 10  Ibid, Recommendation 29, p 20. 11  Ibid, Recommendation 30, p 21. 12  Ibid, Recommendation 31, p 21. 13  Ibid, Recommendation 32, p 21. 14  Ibid, Recommendation 33, p 21. 15  Ibid, Recommendation 34, p 22. 16  Ibid, Recommendation 35, p 22. 17  Ibid, Recommendation 36, p 22. 7 8

12.1  Walker Review 2009 Recommendations

529

• Disclosure of right or opportunity of executive board member or high end employee to receive “enhanced benefits” on the happening of any event i­ ncluding change of control which is not already disclosed in the Remuneration Report;18 and • Formal code of conduct for remuneration consultants including use of the code by Remuneration Committee to engage advisers.19 Say-on-Pay Shareholder Votes The OECD Key Findings 2009 also emphasized disclosure as necessary to support shareholder “say-on-pay” voting.20 Citing Davis, the OECD favoured say-on-pay regimes as helping directors to resist ‘strong’ CEO demands for remuneration and as causing remuneration committees to focus more carefully on their approach to remuneration: One study quotes a participant as saying that “the advisory vote balances the scales. From our work in the UK we have observed that it provides the directors with the leverage (one might say motivation, tools or even backbone) they need to stand up to a strong CEO on pay” (as quoted in Davis, 2007, page 12). Moreover, say on pay advisory votes have “caused remuneration committees and boards to consider even more carefully their approach to executive remuneration... The nature of disclosures made in the remuneration report is now subject to even greater scrutiny to ensure full transparency. The risk of an adverse vote has caused a refocusing of attitudes – no RemCo or board chairman would want to have their name linked to what would be seen to be a failure in this respect” (Davis, 2007, pg 23).21

A discussion of the Walker Review 2009’s recommended ‘one-strike’ shareholder resolution is not further considered in the light of Australia’s ‘two-strike’ say-on-pay shareholder voting examined in section 10.2.3.1 of Stage 1.22

 Ibid, Recommendation 37, p 22.  Ibid, Recommendation 38/39, p 22. 20  OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis: Key Findings and Main Messages, June 2009, approved for publication 29 May 2009, accessed 12 April 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/43056196. pdf, (‘OECD Key Findings 2009’), p 22. 21  Ibid, p  24 citing S.  Davis, 2007, “Does “say on pay” work? Lessons on Making CEO Compensation Accountable”, The Millstein Center for Corporate Governance and Performance Policy Briefing Paper, 1. 22  See discussion in section 10.2.3.1 in Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’), chapter 10, pp 299–304. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 18 19

530

12  Government and Market Reform Report Recommendations for Compensation…

12.2 OECD Key Findings 2009 and Absence of Pay for Performance For the OECD Key Findings 2009, the governance of remuneration suffered a number of failings: • remuneration negotiations were not at arm’s length with managers influencing performance-based remuneration without independent board judgement; • weak connections between remuneration and performance; • sole use of the share price to measure performance; • lack of transparency – there should be disclosure of the total cost of performance-­ based remuneration, the main characteristics, performance criteria and adjustment for risk; • remuneration needed to be tied to long-term performance which was actually realised; • there should be no shifts to excessive fixed-remuneration components; • non-executive independent directors should oversee the remuneration process; and • there should be annual approval by shareholders of remuneration policies.23 Again for the OECD, there was little evidence of pay for performance: Most common has been the tendency to link bonuses and pay to targets that really have little to do with executive performance such as the level of a company’s share price, and not the relative position of the company. Back-dating of option prices also occurred several years ago in the US.  More generally, options that are “under water” (options where the strike price is above the current market price) have often been re-priced to preserve the value of the compensation. Generally speaking, compensation is thus upwardly flexible (i.e. upside risk) but there is little downside risk.24

Later in the OECD Key Findings 2009, the OECD further elaborated in relation to failures of governance of remuneration above: • Oversight of remuneration by boards needed to go beyond the CEO and board members; • Remuneration negotiations were not at arm’s length with managers having too great an influence on performance-based pay and boards not exercising independent judgement; • Links between pay and performance were “weak or difficult to establish” with firms relying solely on the share price “rather than the relative performance of the individual firm”; • Remuneration schemes were “overly complicated or obscure in ways that camouflage conditions” in particular for pension schemes which were “asymmetric with limited downside risk thereby encouraging excessive risk taking”;

23 24

 OECD Key Findings 2009, above n 20, Governance of the remuneration process, pp 7-8.  Ibid, p 16.

12.2  OECD Key Findings 2009 and Absence of Pay for Performance

531

• Remuneration schemes needed to encourage long-term performance and pay out after the performance was realised including “share rather than cash payments with lock-up provisions, claw backs, deferred compensation etc. It is important to assess the programme ex-post.”; • Remuneration consultants should be hired by non-executive directors rather than conflicted executive directors; and • Annual shareholder approval of remuneration policies at the AGM.25 These main themes were repeated by the OECD 2010 Conclusions and Practices.26 Here, the OECD emphasized that the board needed to specify the company’s long-term interests and how this would be achieved by the remuneration system: More recent standards and good practice specifying the long term interests of the company (i.e. making strategic decisions) and then outlining specific mechanisms to achieve it such as delayed vesting of shares and bonus claw-backs through escrow accounts.27

Boards should also concentrate on a small number of ‘performance metrics’ which drove long-term performance with payouts only once the performance was realized: The thrust of recent specialised standards (see Key Findings and Main Messages) is that the board should determine a small number of relevant performance metrics based on the strategic goals they have determined. There should be symmetry between the upside and downside performance-based compensation, although in practice there are clear practical limits to this. The plans should be simplified focusing on measurable metrics that drive performance over a long period of time. Pay for performance should only be paid or accrue to an individual if the company exceeds or meets measurable performance targets and not simply due to the passage of time.28

For Van Den Berghe, too, it is important to have clearly defined criteria which promotes firm-wide long-term value: A first point of reflection is to clearly define the type of performance measures or criteria that form the basis for the variable remuneration. Should they be financial or also include non-financial elements? Should the financial criteria focus on shareholder value and be market-based or (also) include accounting and budgetary criteria? There is an overwhelming agreement that whatever criteria used, one should make sure that company-wide long-­ term value creation is sufficiently taken into consideration. Interesting best practices point to the use of a balanced score card approach to design variable remuneration systems.29

 Ibid, p 30.  OECD Directorate for Financial and Enterprise Affairs, OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis, Conclusions and emerging good practices to enhance implementation of the Principles, 24 February 2010, accessed 11 May 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/44679170.pdf, (‘OECD 2010 Conclusions and Practices’), pp 8-9. 27  Ibid, Para 22, p 9. 28  Ibid, Para 23, p 9. 29  Lutgart A A Van Den Berghe, “To What Extent is the Financial Crisis a Governance Crisis? From Diagnosis to Possible Remedies”, (27 May 2009), accessed 4 April 2017 at SSRN: http://ssrn.com/ abstract=1410455, 11. 25 26

12  Government and Market Reform Report Recommendations for Compensation…

532

The ‘balanced scorecard’ approach at CBA is further considered in Sect. 12.6 below as part of the review of the APRA Final Report.30

12.3 Moody’s Challenges for Executive Compensation Writing for Moody’s Global Corporate Governance in 2008, Plath set out Moody’s challenges for executive compensation for investors: Longer-term, Moody’s believes the most pressing challenges for boards in the area of executive compensation will be: • • • • •

moderating potential pay outcomes; structuring pay to better promote a long-term focus; ensuring the appropriateness of performance targets and metrics; improving exit (termination) pay practices; and ensuring appropriate executive retirement and deferred compensation plans.31

For issuers receiving government assistance, there was related advice: Key governance considerations for affected issuers will include: • implications of executive pay restrictions on recruitment and retention of key personnel; • challenges for compensation committees to ensure that pay incentives do not promote excessive risk-taking (i.e., in excess of the firm’s risk appetite), including ways to tie pay more closely to risk management practices; and • pressure to quickly ramp up or overhaul the risk management structure; at the board level this may include forming a risk committee and adding new directors with specialized knowledge. These issues and others may be more acute in cases where government influence is greater because it has purchased ordinary (voting) shares and/or has taken board/supervisory board representation.32

The Board Risk Committee is examined in Chap. 43 below on risk management. In Sects. 12.5–12.16, the relational approach constructs the relational effect paths of the principal governance variables for executive compensation suggested by the government and market participant reports summarized above. Once those compensation-related variables are constructed, the analysis will move to the APRA Final Report33 to craft, confirm, update or supplement compensation-­based variables related to the link between the remuneration system and bank risk.

 APRA Final Report, above n 1, p 69. See discussion in Sect. 12.6 below.  Christian Plath, Corporate Governance in the Credit Crisis: Key Considerations for Investors, Moody’s Global Corporate Governance, November 2008, (20 November 2008), accessed 10 April 2017 at SSRN: https://ssrn.com/abstract=1309707, (‘Moody’s Challenges 2008’), 4. 32  Ibid. 33  APRA Final Report, above n 1, section 8, Remuneration, pp 65–79. 30 31

12.4  Existing Compensation Variables from Stage 1

533

12.4 Existing Compensation Variables from Stage 1 This section contains a restatement of section 10.2.4 of Stage 1 to refresh for the reader the construction of the principal governance variables relating to director, CEO and executive compensation in preparation for the addition of new compensation and risk adjustment variables of this Chap. 12. Summary of Studies and Relational Effect Paths for [DirCEO$] (+/−),34 [EqOptIncent] (+)35 and [EqOptEntrch] (−)36 The overall impression of the studies examined in Stage 1 is that only very guarded conclusions were drawn there. First, a number of studies found no relationship between director and CEO/executive pay levels (represented by the [DirCEO$] (+/−) variable) and firm value and/or operating performance. If a causative relation exists between the CEO/executive pay levels variable and firm value, then, according to the 2007 study by Cremers, Bebchuk and Peyer37 described in section 10.2.3 of Stage 1, it may well be negative. A significant number of studies examined found a positive relationship between director and CEO/executive pay levels and firm value and/or operating performance. However, this positive relationship may be heavily qualified by at least three pre-conditions. First, putting a number of studies together, the relationship between director and CEO/executive pay levels and firm value and/or operating performance may well rely on the existence of independent directors and some sort of incentive-based payment, whether by way of performance-based payments, equity or options. In addition, one of the studies also requires the simultaneous operation of ‘block-holder monitoring’, a condition which may well be difficult to expect in a widely-dispersed shareholding company as explained in Chapter 8 of Stage 1.38 Nonetheless, this may be achievable where a sufficiently ‘active’ institutional or other large shareholder exists. Not surprisingly, perhaps all that could be plausibly said at that time was that the dividing line between the ‘incentive alignment’ and ‘entrenchment’ effects identified by Fuerst and Kang39 will be a matter of degree always depending on the

 Director/CEO Compensation Levels.  Equity/Option Plans and Holdings of Directors/Executives  – Incentive/‘Alignment’ Effect (excludes short-term options). 36  Equity/Option Plans and Holdings of Directors/Executives – ‘Entrenchment’ Effect (excludes short-term options). 37  Martijn Cremers, Lucian Arye Bebchuk, and Urs C Peyer, ‘CEO Centrality’, Harvard Law and Economics Discussion Paper No 601 (December 2007, Revised May 2008), accessed 5 March 2015 at SSRN: http://ssrn.com/abstract=1030107, 1. 38  See discussion in sections 8.5–8.5.2 of Stage 1, above n 22, pp 246–251. 39  The terms ‘incentive alignment’ effect and ‘entrenchment’ effect are taken from O Fuerst and S Kang, ‘Corporate Governance, Expected Operating Performance, and Pricing’, accessed 5 March 2015 at SSRN: http://ssrn.com/abstract=141357, 6–7. See discussion in section 10.2.1 of Stage 1, above n 22, pp 295–296. 34 35

534

12  Government and Market Reform Report Recommendations for Compensation…

i­ ndividual characteristics of the relevant firm, its ownership structure and the behaviour of its manager-owners themselves. In such cases, the question of the strength of the national shareholder protection/governance regime becomes relevant, in this case operating in the reverse direction than previously discussed40 and compensating for perceived gaps in the firm-specific governance measures. In these circumstances of divided studies, the relational approach assessed the ‘incentive alignment’ effect and, conversely, the ‘entrenchment’ effect of director equity and option holdings (excluding short-term options) separately. Existing [EqOptIncent] (+) Variable  – Equity/Option Plans and Holdings of Directors/Executives  – ‘Alignment’ Effect (excludes short term options)  – Coverage/rating + 7/87.50 rprox – relational effect path It followed then that the relational effect path of governance factors41 for [EqOptIncent] (+)42 was positive (+) with the starting point of Alignment Factor No 3 (Alignment of Management and Shareholder Interests43). Therefore, the relational effect path was the same as that of the Shareholder-Primacy Model ‘Umbrella’ (or ‘guiding principle’) in Figure 2.5 of Stage 144 with the exception of the exclusion of the overriding requirements of Compliance Factor No 2 (Corporate Governance and Legal Compliance45) (Fig. 12.1 below). Here, Alignment Factor No 3 is the ‘umbrella’ or ‘guiding principle’ over all other governance factors except Compliance Factor No 2 which is excluded as discussed above. Therefore, there is a direct one-directional link between Alignment Factor No 3 and Risk Management, Monitoring & Audit Factor No 5 (Risk Management and Internal and External/Audit Monitoring Quality). Thus, for GF 3: Alignment of Management and Shareholder Interests

GF 1

GF 4

GF 5

GF 6

GF 7

GF 8

Fig. 12.1  Reproduction of Figure  10.1 of Stage 1  – [EqOptIncent] (+) variable relational effect path  See discussion in section 7.3.1.3.1 of Stage 1, above n 22, pp 203–205.  See the construction of the eight governance factors in sections 2.6.1–2.6.8 of Stage 1, above n 22, pp 36–59. 42  Equity/Option Plans and Holdings of Directors/Executives  – Incentive/‘Alignment’ Effect (excludes short-term options). 43  See discussion in section 2.6.3 of Stage 1, above n 22, pp 41–46. 44  Ibid. 45  See discussion in section 2.6.2 of Stage 1, above n 22, pp 41–43. 40 41

12.4  Existing Compensation Variables from Stage 1

535

example, governance variables which lead to improvements in the alignment of shareholder and management interests are hypothesised to consequently enhance the quality of risk management and monitoring on behalf of shareholders. Alignment Factor No 3 and Risk Management, Monitoring & Audit Factor No 5 have an alternative link in which each of these governance factors has a connecting and reflexive relationship through Decision-making Factor No 7 (Quality of Board, CEO and Management Decision-Making). This is depicted in Figure 2.6 of Stage 1’s Shareholder-Primacy Interrelationship Scheme.46 But the one-directional link from Alignment Factor No 3 to Risk Management, Monitoring & Audit Factor No 5 is the more direct. As in the case of the [BrdSkills] (+)47 and [BrdIndMon] (+)48 variables, the zone of effect for [EqOptIncent] (+) excludes the overriding nature of Compliance Factor No 2. Again, by example – and similarly to those variables – the provisions of corporate law statutes and governance codes which govern share and option incentive schemes for the CEO/executives and directors cannot be altered by the equity or option decisions or actions of the company or board. Indeed, Compliance Factor No 2 performs in part a ‘gap-filling’ function for gaps in firm-level governance variables.49 Thus, [EqOptIncent] (+) has an identical relational effect path to that of the Shareholder-Primacy Model ‘Umbrella’ (or ‘guiding principle’) in Figure  2.5 of Stage 1 but with the exception, and therefore exclusion, of the overriding requirements of Compliance Factor No 2 (Corporate Governance and Legal Compliance). [EqOptIncent] (+) is therefore ascribed a coverage/rating of +7/87.50 rprox in the Coverage Table (Table  3.1) and the Relational Proximity Table (Table  3.2) of Stage 1. Existing [EqOptEntrch] (−) Variable  – Equity/Option Plans and Holdings of Directors/Executives – ‘Entrenchment’ Effect (excludes short term options) – Coverage/rating − 7/87.50 rprox – relational effect path Conversely, at the level of director and CEO/executive equity ownership where the ‘entrenchment’ effect is operative (that is, in conjunction with but dominating the ‘alignment’ effect), the relational effect path of the [EqOptEntrch] (−)50 variable is negative following the same relational effect path as its positive counterpart. Thus, there is still a direct one-directional link between Alignment Factor No 3 (Alignment of Management and Shareholder Interests) and Risk Management, Monitoring & Audit Factor No 5 (Risk Management, Internal and External/Audit  See Figure 2.6 and discussion in sections 2.7–2.7.2 of Stage 1, above n 22, pp 62–65.  Board  – Director Skills ‘Mix’. See discussion in section 7.3.1.2.1 of Stage 1, above n 22, pp 198–201. 48  Board Independent Director: Executive Director Proportion – Monitoring Effect. See discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, above n 22, pp 208–212. 49  See discussion in section 7.3.1.3.1 of Stage 1, above n 22, pp 203–205. 50  Equity/Option Plans and Holdings of Directors/Executives – ‘Entrenchment’ Effect (excludes short-term options). 46 47

536

12  Government and Market Reform Report Recommendations for Compensation…

Monitoring Quality). But, for example, and conversely to the [EqOptIncent] (+) variable, this governance variable is hypothesised to lead to reductions in the alignment of shareholder and management interests and to consequently reduce the quality of risk management and monitoring on behalf of shareholders. This gives rise to a coverage/rating of −7/87.50 rprox for the [EqOptEntrch] (−) variable in the Coverage Table (Table 3.1) and the Relational Proximity Table (Table 3.2) of Stage 1. Existing [DirCEO$] (+/−) Variable  – Director/CEO Compensation Levels  – Coverage/rating +/−7/87.50 rprox – relational effect path Finally, the relational approach examined conflicting studies for the operation of the level of director and CEO compensation ([DirCEO$] (+/−)) and firm value and operating performance. The operation of this governance variable will depend on the ‘incentive alignment’ and ‘entrenchment’ effects identified by Fuerst and Kang.51 Thus, the behaviour of the [DirCEO$] (+/−) variable may be positive or negative depending on the behaviour and strength of the [EqOptIncent] (+) and [EqOptEntrch] (−) variables in this Sect. 12.4 (and which dominates over the other) acting in opposition to each other at any time. This gives rise to a ‘dual direction’ marker for the [DirCEO$] (+/−) variable with an identical relational effect path to both [EqOptIncent] (+) and [EqOptEntrch] (−) in this Sect. 12.4. This gives rise to a coverage/rating of +/−7/87.50 rprox for the [DirCEO$] (+/−) variable in the Coverage Table (Table 3.1) and the Relational Proximity Table (Table 3.2) of Stage 1. Existing [CompCom] (+/−) Variable  – Compensation Committee  – Presence, Operation and Frequency  – Coverage/rating +/−7/87.50 rprox  – relational effect path For the OECD Key Findings 2009, the governance of remuneration suffered a number of failings. Important among these was that non-executive independent directors should oversee the remuneration process.52 There already exists in the relational approach a governance variable representing the presence, operation and frequency of the Compensation Committee (referred to above by the Walker Review 2009 as the Remuneration Committee). This is the [CompCom] (+/−) variable discussed in sections 5.2.2.253 and 10.2.4.1(relational effect path)54 of Stage 1. In Stage 1, it was hypothesized that the levels and structure of the [DirCEO$] (+/−), [EqOptIncent] (+) and [EqOptEntrch] (−) governance variables are themselves dependent on the operation and structure of the [CompCom] (+/−) variable.

 Fuerst and Kang, above n 39, 6–7. See discussion in section 10.2.1 of Stage 1, above n 22, pp 295–296. 52  OECD Key Findings 2009, above n 20, Governance of the remuneration process, pp 7–8. 53  See discussion in section 5.2.2.2 of Stage 1, above n 22, pp 112–114. 54  See discussion in section 10.2.4.1 of Stage 1, above n 22, pp 309. 51

12.5  Compensation Committee and High End Employees – Risk ‘Alignment’ Effect…

537

This was because the composition and levels of director, CEO and executive compensation flows (at least internally) from decision-making within the Compensation/ Remuneration Committee. The [CompCom] (+/−) variable was given a dual direction marker (+/−) as the composition and levels of director, CEO and executive compensation  – and therefore the balancing point between Fuerst and Kang’s55 ‘alignment’ and ‘entrenchment’ effects of that compensation – will be affected positively or negatively by the operation of this variable. For the reasons set out in section 10.2.4.1 of Stage 1, there is thus a ‘dual direction’ marker for the [CompCom] (+/−) variable with an identical relational effect path to [EqOptIncent] (+), [EqOptEntrch] (−) and [DirCEO$] (+/−). This gives rise to a coverage/rating of +/−7/87.50 rprox for the [CompCom] (+/−) variable in the Coverage Table (Table 3.1) and Relational Proximity Table (Table 3.2) of Stage 1.

12.5 Compensation Committee and High End Employees – Risk ‘Alignment’ Effect and Risk ‘Failure’ Effect of Equity and Options – Relational Effect Paths In Sects. 12.1–12.3 of this Chap. 12 above, a number of government and market participant reform report recommendations consequent on the GFC were examined. In Sects. 12.5–12.25 below, the relational approach constructs the relational effect paths of a number of governance variables suggested by these reports. For the Walker Review 2009, the Compensation/Remuneration Committee is responsible for “remuneration policy and outcomes in respect of all ‘high end’ employees”56 and for confirming satisfaction with and explaining performance objectives and risk adjustments for high end employees.57 The Compensation/ Remuneration Committee is to obtain advice from the Board Risk Committee (BRC) on risk adjustments to performance objectives.58 For the OECD Key Findings 2009, remuneration negotiations were not at arm’s length with managers influencing performance-based remuneration without independent board judgement, there were weak connections between remuneration and performance and sole use of the share price to measure performance.59 Again for the OECD Key Findings 2009, there should be no shifts to excessive fixed-­remuneration components.60 For Moody’s Challenges, Compensation/Remuneration Committee policy should moderate potential pay outcomes, structuring pay to better promote a  Fuerst and Kang, above n 39, 6–7. See discussion in section 10.2.1 of Stage 1, above n 22, pp 295–296. 56  Walker Review 2009, above n 2, Recommendation 29, p 20. 57  Ibid, Recommendation 30, p 21. 58  Ibid, Recommendation 35, p 22. 59  OECD Key Findings 2009, above n 20, Governance of the remuneration process, pp 7–8. 60  Ibid. 55

538

12  Government and Market Reform Report Recommendations for Compensation…

long-­term focus and ensure the appropriateness of performance targets and metrics.61 Further, for Moody’s, there should be executive pay restrictions on recruitment and retention of key personnel and the Compensation/Remuneration Committee should ensure that pay incentives do not promote excessive risk-taking (i.e., in excess of the firm’s risk appetite), including ways to tie pay more closely to risk management practices.62 Compensation/Remuneration Committee Variables for Risk Alignment with Shareholders and Risk-Taking in Excess of Risk Appetite [EqOptRiskAlignHighEnd] (+) Variable – Equity and Options for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests – Coverage/rating + 7/87.50 rprox – relational effect path and [EqOptRiskFailHighEnd] (−) Variable – Equity and Options for Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure – Coverage/rating − 7/87.50 rprox – relational effect path Thus, to reflect these recommendations, it is necessary that the Compensation/ Remuneration Committee be endowed with the responsibility for each of the following functions for executives and all ‘high end’ employees: • • • • • • •

compensation/remuneration policy; compensation/remuneration objectives; incentives that do not promote risk-taking in excess of the bank’s risk appetite; risk adjustments; metrics and targets; a long-term focus; and pay restrictions on recruitment and retention.

It will be recalled that the discussion of the [EqOptIncent] (+) and [EqOptEntrch] (−) variables in Sect. 12.4 above represent a ‘dividing line’ in aligning the interests of insiders and outsiders. After this point, management ownership of equity and/or options may harm outsider interests as explained by Fuerst and Kang above and in section 10.2.1 of Stage 1. Similarly, with the focus of this Stage 2 on risk-taking, the relational approach constructs here two new governance variables which also have a dividing line: • the [EqOptRiskAlignHighEnd] (+) variable based on the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating + 7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable based on the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox.

 Moody’s Challenges 2008, above n 31, 4.  Ibid.

61 62

12.6  Governance Variables for Compensation/Remuneration Committee Composition…

539

This time, the dividing line is between, on the one hand, a level of equity and options giving rise to risk-taking in alignment with shareholder interests and, on the other, a level of equity and options giving rise to risk taking which increases the likelihood of bank failure. And, as the recommendations of Moody’s indicate, the dividing line is set at the bank’s risk appetite level. It follows that the [EqOptRiskAlignHighEnd] (+) variable and the [EqOptRiskFailHighEnd] (−) variable apply for all executives and high end employees and are hypothesised to act like the Shareholder-Primacy Model ‘Umbrella’ (or ‘guiding principle’) in Figure 2.5 of Stage 163 with the exception of the exclusion of the overriding requirements of Compliance Factor No 2 (Corporate Governance and Legal Compliance64) as demonstrated in Sect. 12.4 above. The positive (+) direction marker for the [EqOptRiskAlignHighEnd] (+) variable represents an enhancement in the risk ‘alignment’ effect with outside shareholders – a level of equity and options giving rise to a level of risk-taking in line with outside shareholder interests. A negative (−) direction marker for [EqOptRiskFailHighEnd] (−) represents an increase in the likelihood of the bank ‘failure’ effect – a level of equity and options giving rise to a level of risk-taking in excess of the bank’s risk appetite which increases the likelihood of bank failure. This equates to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) of this Stage 2 for the [EqOptRiskAlignHighEnd] (+) variable and a coverage/rating of −7/87.50 rprox for the [EqOptRiskFailHighEnd] (−) variable.

12.6 Governance Variables for Compensation/Remuneration Committee Composition, Functions and Policies in the ASX Principles and Recommendations, APRA’s Revised Draft CPS 511, the Walker Review 2009, APRA Final Report and the NAB Self-Assessment 2018 ASX Corporate Governance Council’s Fourth Edition of the Corporate Governance Principles and Recommendations of February 2019 The ASX requirements for the Compensation/Remuneration Committee are set out in the ASX Corporate Governance Council’s Fourth Edition of the Corporate Governance Principles and Recommendations of February 2019.65

 See discussion in section 2.6.3 of Stage 1, above n 22, pp 41–46.  See discussion in section 2.6.2 of Stage 1, above n 22, pp 41–43. 65  Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition, February 2019, accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-principles-and-recommendationsfourth-­edn.pdf (‘2019ASX’). 63 64

540

12  Government and Market Reform Report Recommendations for Compensation…

For these aspects of the Compensation/Remuneration Committee’s functions, there are a number new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of +7/87.50 rprox (except as noted): • [2019ASXCC] (+) – 2019ASXCC – Compensation/Remuneration Committee – Presence, Operation and Frequency of Compensation/Remuneration Committee66  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2019ASX) including: –– has at least 3 members;67 –– a majority of members are independent directors;68 and –– CC is chaired by an independent director;69 • [2019ASXCCDisclose] (+)  – 2019ASXCC  – Compensation/Remuneration Committee  – Disclosure Requirements for Compensation/Remuneration Committee  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2019ASX) including: –– –– –– ––

charter;70 the members of the Committee;71 number of times CC met in each reporting period;72 and individual attendances of members at CC meetings in each reporting period;73

• [2019ASXCCBalancingInterests] (+)  – 2019ASXCC  – Compensation/ Remuneration Committee  – Balancing of Interests of Compensation/ Remuneration Committee74 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2019ASX) including: –– its desire to attract and retain high quality directors and to attract, retain and motivate senior executives; –– the need to ensure that the incentives for executive directors and other senior executives encourage them to pursue the growth and success of the entity without rewarding conduct that is contrary to the entity’s values or risk appetite;

 Ibid, Rec 8.1, p 29.  Ibid, Rec 8.1(a)(1), p 29. 68  Ibid. 69  Ibid, Rec 8.1(a)(2), p 29. 70  Ibid, Rec 8.1(a)(3), p 29. 71  Ibid, Rec 8.1(a)(4),p 29. 72  Ibid, Rec 8.1(1)(5), p 29. 73  Ibid. 74  Ibid, Commentary to Rec 8.1, p 29. 66 67

12.6  Governance Variables for Compensation/Remuneration Committee Composition…

541

–– the need to ensure that the incentives for non-executive directors do not conflict with their obligation to bring an independent judgement to matters before the board; –– the implications for its reputation and standing in the community if it is seen to pay excessive remuneration to directors and senior executives; and –– its commercial interest in controlling expenses.75 • [2019ASXCCRoles&Resps] (+) – 2019ASXCC – Compensation/Remuneration Committee  – Roles and Responsibilities of Compensation/Remuneration Committee76  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (2019ASX) including making recommendations to the board on: –– the entity’s remuneration framework for directors, including the process by which any pool of directors’ fees approved by security holders is allocated to directors; –– the remuneration packages to be awarded to senior executives; –– equity-based remuneration plans for senior executives and other employees; –– superannuation arrangements for directors, senior executives and other employees; and –– whether there is any gender or other inappropriate bias in remuneration for directors, senior executives or other employees.77 • [2019ASXCCPowers] (+)  – 2019ASXCC  – Compensation/Remuneration Committee  – Powers of Compensation/Remuneration Committee78  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2019ASX) including: –– the right to obtain information; –– interview management; and –– seek advice from external consultants or specialists where the committee considers that necessary or appropriate.79 • [2019ASXCCPolicies&Practices] (+)  – 2019ASXCC  – Compensation/ Remuneration Committee – Entity to Disclose Policies and Practices Regarding Remuneration80  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2019ASX) including for: –– non-executive directors (NEDs); –– executive directors; and –– other senior executives.  Ibid.  Ibid, Commentary to Rec 8.1, p 29. 77  Ibid. 78  Ibid. 79  Ibid. 80  Ibid, Rec 8.2, p 30. 75 76

542

12  Government and Market Reform Report Recommendations for Compensation…

• [2019ASXCCBox8.2Guidelines] (+)  – 2019ASXCC  – Compensation/ Remuneration Committee  – Suggested Guidelines in Box 8.2 for Executive Remuneration and Non-executive Director Remuneration81  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2019ASX) including the following sub-variables: –– [2019ASXCCBox8.2ExecCompose] (+)  – 2019ASXCC  – Compensation/ Remuneration Committee – Suggested Guidelines in Box 8.2 for Executive Remuneration – Composition – Appropriate Balance of Fixed Remuneration and Performance-based Remuneration82  – Enhancement of Level of Risk-­ Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (2019ASX); –– [2019ASXCCBox8.2ExecFixedRem] (+) – 2019ASXCC – Compensation/ Remuneration Committee – Suggested Guidelines in Box 8.2 for Executive Remuneration – Fixed Remuneration – To be Reasonable and Fair Reflecting Core Performance Requirements and Expectations83 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (2019ASX); –– [2019ASXCCBox8.2ExecPerform-basedRem] (+)  – 2019ASXCC  – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Executive Remuneration  – Performance-based Remuneration84  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2019ASX) including: • “should be linked to clearly specified performance targets. These targets should be aligned to the entity’s short, medium and longer term performance objectives and should be consistent with its circumstances, purpose, strategic goals, values and risk appetite”;85 and • “discretion should be retained, where appropriate, to prevent performance-­ based remuneration rewarding conduct that is contrary to the entity’s values or risk appetite”;86 –– [2019ASXCCBox8.2ExecEquity-basedRem] (+)  – 2019ASXCC  – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Executive Remuneration – Equity-based Remuneration87 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2019ASX) including:

 Ibid, Commentary to Rec 8.2, pp 30–31.  Ibid, Box 8.2, p 31. 83  Ibid. 84  Ibid. 85  Ibid. 86  Ibid. 87  Ibid. 81 82

12.6  Governance Variables for Compensation/Remuneration Committee Composition…

543

• “well-designed equity-based remuneration, including options or performance rights, can be an effective form of remuneration, especially when linked to hurdles that are aligned to the entity’s short, medium and longer-­ term performance objectives”;88 and • “Care needs to be taken in the design of equity-based remuneration schemes, however, to ensure that they do not lead to “short-termism” on the part of senior executives or the taking of undue risks”;89 –– [2019ASXCCBox8.2ExecTermPay] (+)  – 2019ASXCC  – Compensation/ Remuneration Committee – Suggested Guidelines in Box 8.2 for Executive Remuneration  – Termination Payments90  – Enhancement of Level of Risk-­ Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (2019ASX) including: • “termination payments, if any, for senior executives should be agreed in advance and the agreement should clearly address what will happen in the case of early termination”;91 and • “there should be no payment for removal for misconduct”; –– [2019ASXCCBox8.2NEDRemCompose] (+)  – 2019ASXCC  – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Non-­executive Director Remuneration – Composition92 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2019ASX) including: • “non-executive directors should be remunerated by way of cash fees, superannuation contributions and non-cash benefits in lieu of fees (such as salary sacrifice into superannuation or equity)”;93 –– [2019ASXCCBox8.2NEDFixedRem] (+) – 2019ASXCC – Compensation/ Remuneration Committee  – Suggested Guidelines in Box 8.2 for Non-­ executive Director Remuneration – Fixed Remuneration94 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2019ASX) including: • “levels of fixed remuneration for non-executive directors should reflect the time commitment and responsibilities of the role”;95

 Ibid.  Ibid 90  Ibid. 91  Ibid. 92  Ibid. 93  Ibid. 94  Ibid. 95  Ibid. 88 89

544

12  Government and Market Reform Report Recommendations for Compensation…

–– [2019ASXCCBox8.2NEDNoPerform-basedRem] (+)  – 2019ASXCC  – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Non-executive Director Remuneration  – No Performance-based Remuneration96 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2019ASX) including: • “non-executive directors should not receive performance-based remuneration as it may lead to bias in their decision-making and compromise their objectivity”;97 –– [2019ASXCCBox8.2NEDEquity-basedRem] (+)  – 2019ASXCC  – Compensation/Remuneration Committee – Suggested Guidelines in Box 8.2 for Non-executive Director Remuneration – Equity-based Remuneration98 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2019ASX) including: • “it is generally acceptable for non-executive directors to receive securities as part of their remuneration to align their interests with the interests of other security holders”;99 • “however, non-executive directors generally should not receive options with performance hurdles attached or performance rights as part of their remuneration as it may lead to bias in their decision-making and compromise their objectivity”;100 –– [2019ASXCCBox8.2NEDNoTermPay] (+) – 2019ASXCC – Compensation/ Remuneration Committee – Suggested Guidelines in Box 8.2 for N ­ on-­executive Director Remuneration  – No Termination Payments101  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2019ASX) including: • “non-executive directors should not be provided with retirement benefits other than superannuation”;102 • [2019ASXCCDisclosuresExcecs] (+)  – 2019ASXCC  – Compensation/ Remuneration Committee  – Disclosures for Executive Directors and Other Senior Executives103 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (2019ASX) including for performance-­based remuneration:

 Ibid.  Ibid. 98  Ibid. 99  Ibid. 100  Ibid. 101  Ibid. 102  Ibid. 103  Ibid, Commentary to Rec 8.2, p 30. 96 97

12.6  Governance Variables for Compensation/Remuneration Committee Composition…

–– –– –– –– ––

545

deferral; reduction; cancellation; clawback; in relation to: • serious misconduct; or • material misstatement in the entity’s financial statements;104

• [2019ASXCCDisclosuresNEDs] (+)  – 2019ASXCC  – Compensation/ Remuneration Committee  – Disclosures for Non-executive Directors105  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2019ASX) including for: –– minimum shareholding (“skin in the game”); • [2019ASXCCSecHolderApproval] (+)  – 2019ASXCC  – Compensation/ Remuneration Committee – “Security Holder Approval for the Issue of Securities to Directors or Their Associates under any Equity-based Incentive Scheme”106 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2019ASX) excluding: –– “a listed entity is not required under the Corporations Act or the listing rules to obtain security holder approval for an equity-based incentive scheme involving the issue of securities to senior executives or other employees who are not directors. Notwithstanding this, a listed entity may find it useful to submit to security holders any proposed equity-based incentive scheme which will involve the issue of securities to senior executives or other employees prior to implementing it. This will provide the board with a timely assurance that the scheme is reasonable and acceptable to security holders.”107 In the negative (−) direction based on the [EqOptRiskFailHighEnd] (−) variable in turn based on the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox: • [2019ASXCCPolicyLimitHedgeEcoRisk] (−) – 2019ASXCC – Compensation/ Remuneration Committee  – Policy of Whether Participants in Equity-based Remuneration Scheme Can Limit or Hedge Economic Risk of Participation108 – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/ rating − 7/87.50 rprox (2019ASX) including: –– through use of derivatives or otherwise; and

 Ibid.  Ibid. 106  Ibid. 107  Ibid. 108  Ibid, Rec 8.3(a), p 30. 104 105

546

12  Government and Market Reform Report Recommendations for Compensation…

–– disclosure of policy.109 APRA’s Revised Draft Prudential Standard CPS 511 Remuneration110 for the Board Compensation/Remuneration Committee APRA’s requirements for the Board Compensation/Remuneration Committee are set out in the Revised Draft Prudential Standard CPS 511 Remuneration. In the application of its Revised Draft, APRA now distinguishes between two classes of APRA-regulated entities: • paragraphs 1 to 60 apply to any “significant financial institution”; and • paragraphs 1 to 18 and 61 to 74 apply to any “non-SFI”.111 For commencement, the Revised Draft applies: • for an ADI that is a significant financial institution (whether or not the ADI is a member of any group) or a group headed by an ADI or authorised NOHC that is a significant financial institution, on 1 January 2023.112  Ibid, Rec 8.3(b), p 30.   Australian Prudential Regulation Authority, Revised Draft Prudential Standard CPS 511 Remuneration, November 2020, accessed 19 November 2020, available at: https://www.apra.gov. au/sites/default/files/%5Bdate%3Acustom%3AY%5D-%5Bdate%3Acustom%3Am%5D/Revised Draft Prudential Standard CPS 511 Remuneration - Clean - November 2020.pdf (“CPS 511”). For earlier versions of CPS 511, see Australian Prudential Regulation Authority, Draft Prudential Standard CPS 511 Remuneration, July 2019, accessed 30 September 2019, available at: https://www.apra.gov.au/sites/default/files/draft_prudential_standard_cps_511_remuneration_ v2.pdf. See also: 109 110

• Consultation on Remuneration Requirements for all APRA-regulated entities, accessed 22 September 2019, available at https://www.apra.gov.au/consultation-remunerationrequirements-­all-apra-regulated-entities; and • Discussion paper: Strengthening prudential requirements for remuneration July 2019, accessed 22 September 2019, available at https://www.apra.gov.au/sites/default/files/discussion_ paper_strengthening_prudential_requirements_for_remuneration_july_2019_v1.pdf. Recent pronouncements from APRA in January 2020 state that this draft will be finalised in the first half of 2020 with an expected effective date of July 2021. See: • Australian Prudential Regulation Authority, Information Paper, APRA’s Policy Priorities, January 2020, accessed 17 February 2020, available at https://www.apra.gov.au/apras-policy-­ priorities, section 2.1.2 Remuneration and Attachment B: Timelines; and • Australian Prudential Regulation Authority, Information Paper, APRA’s Supervision Priorities, January 2020, accessed 17 February 2020, available at https://www.apra.gov.au/apras-­ supervision-­priorities, section 2.3.3 Remuneration. In addition to finalisation of APRA’s Draft Prudential Standard 511 Remuneration, APRA has announced that it intends to consult on revised versions of Prudential Standard CPS 510 Governance, Prudential Standard CPS 220 Risk Management and Prudential Standard 520 Fit and Proper in the second half of 2020 with expected effective dates of 2022. See the above Information Paper, APRA’s Policy Priorities, section 2.1.1 Governance and risk management, section 2.1.3 Accountability and Attachment B: Timelines. 111  Ibid, CPS 511, section 4, pp 3–4. 112  Ibid, section 9(a), p 4.

12.6  Governance Variables for Compensation/Remuneration Committee Composition…

547

In this Stage 2 Key Code and Advanced Handbook for Australian major banks, the governance variables presented from CPS 511 will be limited to those for significant financial institutions and not Non-SFIs. Under s 18(s), a significant financial institution  – means an APRA-regulated entity that is either: (i) of a certain size as may be specified by APRA from time to time; or (ii) determined as such by APRA having regard to matters such as complexity in its operations or remuneration practices, or its membership of a group.113 For these aspects of the Compensation/Remuneration Committee’s functions, there are a number new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of +7/87.50 rprox (except as noted): • [511CCNonExecComposition] (+)  – 511CC  – Compensation/Remuneration Committee  – Composition of Compensation/Remuneration Committee  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA CPS 511) including: –– “must have at least three members and all members must be non-executive directors of the entity”;114 –– “for an entity that is not an RSE licensee, a majority of members of the Committee must be independent and the chairperson of the Committee must be an independent director of the entity”;115 and –– “for an RSE licensee, the chairperson of the Board may sit on the Board Remuneration Committee, but may not chair the Committee except where the chairperson of the Board is the only independent director on the Board”;116 • [511CCWrittenCharterRoles&Resps] (+)  – 511CC  – Compensation/ Remuneration Committee  – Written Charter for Compensation/Remuneration Committee  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA CPS 511) including: –– roles; –– responsibilities; and –– terms of operation.117 • [511CCConsultBRC&CRORisk&RemDocs] (+)  – 511CC  – Compensation/ Remuneration Committee  – CC must consult BRC and CRO to Reflect Risk  Ibid, section 18(s)(i) and (ii), p 8.  Ibid, section 24, p 10. 115  Ibid, section 25, p 10. 116  Ibid, section 26, p 10. 117  Ibid, section 27, p 10. 113 114

548

12  Government and Market Reform Report Recommendations for Compensation…

Outcomes in Remuneration Outcomes for Persons in “Specified Roles” and Following a Documented Process  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (APRA CPS 511)118 including: –– “specified role – means a person who is a senior manager, executive director, material risk-taker (including highly-paid material risk-takers) and risk and financial control personnel”;119 • [511CCComprehenReportingOutsAlign19RemFrame] (+)  – 511CC  – Compensation/Remuneration Committee  – Compensation/Remuneration Committee Must Obtain Comprehensive Reporting to Determine Whether Remuneration Outcomes Align with Arrangements in section 19 (Remuneration Framework)  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA CPS 511);120 • [511CCFree&UnfetteredAccess] (+) – 511CC – Compensation/Remuneration Committee  – Compensation/Remuneration Committee to Have Free and Unfettered Access to Board Committees and Risk and Financial Control Personnel and Other Relevant Parties (Internal and External) – Enhancement of Level of Risk-­Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA CPS 511), including:121 –– engaging third-party experts ensuring that the engagement and advice received is Independent;122 Walker Review 2009 Functions and Responsibilities For the Walker Review 2009, the Compensation/Remuneration Committee is responsible for a number of policies and functions. For these aspects of the Compensation/Remuneration Committee’s functions, there are a number new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of +7/87.50 rprox (except as noted): • the over-arching principles and parameters of the remuneration policy in the firm and “should have a sufficient understanding of the company’s approach to pay

 Ibid, section 28, p 10.  Ibid, section 18(t), p 8. 120  Ibid, section 29, p 10. For the CPS511 Remuneration Framework, see Sect. 21.1 of Chap. 21 of this Stage 2. 121  Ibid, section 30, pp 10–11. 122  Ibid. 118 119

12.6  Governance Variables for Compensation/Remuneration Committee Composition…

549

and employment conditions to ensure that it is adopting a coherent approach to remuneration in respect of all employees”:123 –– [CCRemPolicyAllEmploy] (+) – Compensation/Remuneration Committee – Responsibility for Remuneration Policy for All Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009); • “remuneration policy and outcomes in respect of all “high end” employees”:124 –– [CCRemPolicyOutHighEnd] (+)  – Banks  – Compensation/Remuneration Committee – Responsibility for Remuneration Policy and Outcomes for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (Walker Review 2009); • confirm satisfaction with and explain performance objectives and risk adjustments for high end employees:125 –– [CCPerfObjectBenchHighEnd] (+) – Banks – Compensation/Remuneration Committee – Responsibility for Performance Objectives and Benchmarks for All Executives and High End Employees – Enhancement of Level of Risk-­ Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (Walker Review 2009); –– [CCRiskAdjustHighEnd] (+)  – Banks  – Compensation/Remuneration Committee  – Responsibility for Risk Adjustments (Generally) for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (Walker Review 2009); • disclosure of bands of aggregate remuneration of high end employees in relevant ranges including “within each band, the main elements of salary, cash bonus, deferred shares, performance-related long-term awards and pension contribution”:126 –– see [CCDiscloseBandElement] (+) variable in Sect. 12.17 below (with a coverage/rating of +8/100.00 rprox); • deferral of incentive payments for high end employees including variable remuneration, long-term incentives, short-term awards and clawback arrangements:127 –– [CCRemSTVRHighEnd] (+) – Compensation/Remuneration Committee – Short-Term Variable Remuneration for All Executives and High End  Walker Review 2009, above n 2, Recommendation 28, p 20.  Ibid, Recommendation 29, p 20. 125  Ibid, Recommendation 30, p 21. 126  Ibid, Recommendation 31, p 21. 127  Ibid, Recommendation 33, p 21. 123 124

550

12  Government and Market Reform Report Recommendations for Compensation…

Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (Walker Review 2009 and APRA128); –– [CCRemLTVRHighEnd] (+) – Compensation/Remuneration Committee – Long-Term Focus for All Executives and High End Employees – Long-Term Variable Remuneration for All Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009 and APRA129); –– see variables in Sect. 12.18 below: • • • • •

[CCRemRestrictPropn] (+) [CCRemDefer] (+); [CCRemDelay] (+); [CCRemLock-Up] (+); and [CCRemClawBack] (+)

• required minimum shareholdings of executive board members and high end employees including vesting arrangements:130 –– see variables in Sect. 12.5 above and 12.20 below: • [EqOptRiskAlignHighEnd] (+) variable  – Equity and Options for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests – coverage/rating + 7/87.50 rprox;131 and • [EqOptRiskFailHighEnd] (−) variable  – Equity and Options for Executives and High End Employees  – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure – coverage/rating − 7/87.50 rprox;132 • Compensation/Remuneration Committee to obtain advice from Board Risk Committee (BRC) on risk adjustments to performance objectives:133 –– [CCRiskAdjustBRC] (+)  – Banks  – Compensation/Remuneration Committee –– Compensation/Remuneration Committee to Obtain Advice from Board Risk Committee (BRC) advised by the Chief Risk Officer (CRO) on Risk Adjustments to Performance Objectives – Enhancement of Level of Risk-­Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009); –– see also [CCPerfObjectBenchHighEnd] (+) variable and [CCRiskAdjustHighEnd] (+) variable in this Sect. 12.6 above;

 APRA Final Report, above n 1, p 66.  Ibid. 130  Walker Review 2009, above n 2, Recommendation 34, p 22. 131  See discussion in Sect. 12.5 of this Chap. 12 above. 132  Walker Review 2009, above n 2, Recommendation 34, p 22. 133  Ibid, Recommendation 35, p 22. 128 129

12.6  Governance Variables for Compensation/Remuneration Committee Composition…

551

• disclosure of right or opportunity of executive board member or high end employee to receive “enhanced benefits” on the happening of any event including change of control which is not already disclosed in the Remuneration Report;134 –– see the [CCEnhanceDisclose] (+)135 variable in Sect. 17.3 below (with a coverage/rating of +8/100.00 rprox); and • formal code of conduct for remuneration consultants including use of the code by Compensation/Remuneration Committee to engage advisers:136 –– see the [CCRemAdvise] (+/−)137 variable in Sect. 12.21 below. APRA’s Determination and Adjustment of Variable Remuneration Critical for APRA are the processes around how the bank determines and adjusts variable remuneration which, in the case of CBA was: • KPI performance management; • Group values; and • The risk gate opener.138

For these aspects of the Compensation/Remuneration Committee’s functions, there a number new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to: • the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating + 7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox. APRA’s KPI Performance Management The KPI performance management uses a ‘balanced scorecard’ covering “objectives including shareholder value, customer satisfaction, leadership, community, strategic initiatives and business performance.”139 For customer satisfaction, CBA will move to a “Customer Net Promoter Score (NPS)” which, in addition to the proportion of very satisfied customers, includes reducing the number of dissatisfied and neutral customers.140  Ibid, Recommendation 37, p 22.  Compensation Committee – Disclosure of Enhanced Benefits and Conditions of Operation – Enhancement in Risk Management and Internal and External Monitoring - relational effect path. See discussion in Sect. 17.3 of Chap. 17 below. 136  Walker Review 2009, above n 2, Recommendation 38/39, p 22. 137  Compensation/Remuneration Committee – Outside Advisers See discussion in Sect. 12.21 of this Chap. 12 below. 138  APRA Final Report, above n 1, p 68. 139  Ibid, 69. 140  Ibid. 134 135

552

12  Government and Market Reform Report Recommendations for Compensation…

For APRA, the balanced scorecard approach is consistent with domestic and international practice.141 However, for APRA, there was caution about long-term performance measurement as “the conditions that allow LTVR to vest are based on performance measures with no explicit link to long-term financial soundness.”142 This gives rise to the governance variables: • [CCKPIBalScorecard] (+) – Compensation Committee – Application of Key Performance Indicator ‘Balanced Scorecard’ for Adjustments to Remuneration for All Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA); • [CCRemLTVRHighEnd] (+) – Compensation/Remuneration Committee  – Long-Term Focus for All Executives and High End Employees  – Long-Term Variable Remuneration for All Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path in this Sect. 12.6 above); and • [CCRemLTVRActual] (+) – Compensation/Remuneration Committee – Long-­ Term Variable Remuneration for Performance Actually Realised – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path 12.7). APRA’s Group Values CBA’s Group values include “integrity, accountability, collaboration, excellence and service and employees are assessed as ‘inconsistently applied, (reducing employee remuneration), ‘consistently applied’ and ‘exceptionally applied’ which increases employee remuneration:143 • [CCHighEndGroupValues] (+)  – Compensation/Remuneration Committee  – Application of Group Values for Adjustments to Remuneration for All Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA). CBA’s Risk Gate Opener An additional adjustment for risk  – the risk gate opener  – reduces performance-­ based remuneration based on risk (but does not increase it): In 2015, CBA introduced the risk gate opener, which allows performance-based remuneration to be reduced as a result of poor risk outcomes. It applies to all staff eligible for STVR. It works in one direction only; it does not reward sound risk management through increased remuneration. All eligible employees have a standalone risk assessment with three potential outcomes: • staff who are assessed to have fully met requirements will not have their remuneration adjusted (‘fully met’); • staff who are assessed to have partially met requirements may receive reductions in remuneration on a discretionary basis (‘partially met’); and

 Ibid.  Ibid. 143  Ibid. 141 142

12.6  Governance Variables for Compensation/Remuneration Committee Composition…

553

• staff who are assessed to have not met requirements will receive no STVR for that year, mandated by policy (‘not met’).144

APRA approved the use of such a process for flexibility over the size of adjustments which can reduce STVR to zero: CBA’s approach of adjusting remuneration for poor risk outcomes separately, rather than as a component of overall performance, provides significant flexibility over the size of adjustments. Adjustments under this process can be up to the full value of STVR.145

Examples of reductions of STVR on account of a number of weaknesses are recounted by APRA for the CBA CEO and Group Executives: • …The Board Remuneration Committee proposed that STVR outcomes for the CEO and Group Executives be reduced by 10 per cent reflecting collective accountability for long-outstanding risk issues. In addition, the Board proposed further reductions of between 10 per cent and 25 per cent for the CEO and Group Executives for specific issues such as AML-CTF control weaknesses, wealth management business control weaknesses, enterprise services control weaknesses and issues identified by internal audit. These risk adjustments would have reduced STVR for the CEO to around 85 per cent of fixed remuneration; and • following the AUSTRAC announcement, the CBA Board announced that the 2016/17 STVR for the CEO and Group Executives would be reduced to zero, a reflection of ‘the collective accountability of the Executives for the overall reputation of the Group and risk matters’.146

Governance variables for the Risk Gate Opener are set out in Sect. 12.18 below: • [CCHighEndMinAdjRGO10%Redn] (+)  – Compensation/Remuneration Committee  – Minimum Mandated Risk Adjustment of 10% Reduction for ‘Partially Met’ Rating for Risk Gate Opener for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA)(relational effect path 12.18); • [CCFailHighEndRGORiskAdj] (−)  – Compensation/Remuneration Committee – Failure to Apply Risk Gate Opener for ‘Not Met’ Rating for Risk Adjustments to Remuneration for All Executives and High End Employees  – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure (APRA) (relational effect path 12.18); and • [CCHighEndRGOFullMet] (+)  – Compensation/Remuneration Committee  – No Reduction Adjustment for Risk Gate Opener for ‘Fully Met’ Rating to Remuneration of All Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders (APRA)(relational effect path 12.18).

 Ibid.  Ibid, p 70. 146  Ibid, p 71. 144 145

554

12  Government and Market Reform Report Recommendations for Compensation…

NAB Self-Assessment 2018 Responsibilities for the Compensation/ Remuneration Committee For these aspects of the Compensation/Remuneration Committee’s functions identified by the NAB Self-Assessment 2018,147 there are a number of governance variables, each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of +7/87.50 rprox (except as noted): • “oversee NAB’s remuneration, policies and practices”:148 –– [NABCCRemPolicyPract] (+)  – NABCC  – NAB Compensation/ Remuneration Committee  – Responsibility for Remuneration Policy and Practices for All Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (NAB SelfAssessment 2018); • “make recommendations on the remuneration of the CEO and other senior executives”:149 –– [NABCCRemCEOSnrExec] (+)  – NABCC  – NAB Compensation/ Remuneration Committee  – Responsibility for Remuneration of CEO and Senior Executives – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (NAB Self-Assessment 2018); • “manage the design and implementation of incentive plans taking into consideration legislative, regulatory and market developments and the bank’s RMF”:150 –– [NABCCIncentReg&RMF] (+)  – NABCC  – NAB Compensation/ Remuneration Committee  – Responsibility for Incentive Plans Complying with Regulatory Requirements and Risk Management Framework (RMF) – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (NAB Self-Assessment 2018); • “review the performance of relevant executives and make recommendations on incentives and remuneration”:151

 National Australia Bank, NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/ content/dam/nabrwd/documents/reports/corporate/nab-self-assessment-2018.pdf (‘NAB Self-­ Assessment 2018’). 148  Ibid, p 12. 149  Ibid. 150  Ibid. 151  Ibid. 147

12.7  Governance Variables for Compensation/Remuneration Committee Functions…

555

–– [NABCCRevPerformExec&Incent] (+) – NABCC – NAB Compensation/ Remuneration Committee  – Responsibility for Performance Review of Executives and Recommendation on Incentives – Enhancement of Level of Risk-­Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (NAB Self-Assessment 2018).

12.7 Governance Variables for Compensation/Remuneration Committee Functions and Policies in OECD Key Findings 2009 For the OECD Key Findings 2009,152 the governance of remuneration – the responsibility of the Compensation/Remuneration Committee – suffered a number of failings. For these aspects of the Compensation/Remuneration Committee’s functions, there are a number of new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to: • the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating + 7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox. Thus, the failings and recommendations for the OECD Key Findings 2009 included:153 • remuneration negotiations were not at arm’s length with managers influencing performance-based remuneration without independent board judgement: –– [CCRemFailArmsLength] (−) – Compensation/Remuneration Committee – Failure of Arm’s Length Negotiations for Remuneration Without Independent Board Judgement – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox (OECD Key Findings 2009); • weak connections between remuneration and performance with sole use of the share price to measure performance “rather than the relative performance of the individual firm”: –– [CCRemFailPayPerform] (−) – Compensation/Remuneration Committee – Absence and/or Weakness between Remuneration and Performance – Risk-­ Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/ rating − 7/87.50 rprox (OECD Key Findings 2009); 152 153

 OECD Key Findings 2009, above n 20, Governance of the remuneration process, pp 7–8 and 30.  Ibid.

556

12  Government and Market Reform Report Recommendations for Compensation…

–– [CCRemSoleSharePc] (−)  – Compensation/Remuneration Committee  – Sole Use of Share Price to Measure Performance – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox (OECD Key Findings 2009); –– see also the [CCSTIncentRisk] (−)154 variable in Sect. 16.1 of Chap. 16; • lack of transparency – there should be disclosure of the total cost of performance-­ based remuneration, the main characteristics, performance criteria and adjustment for risk; remuneration schemes were “overly complicated or obscure in ways that camouflage conditions” in particular for pension schemes which were “asymmetric with limited downside risk thereby encouraging excessive risk taking”: –– see the [CCDiscloseBandElement] (+) variable in Sect. 12.17 below (which is identical in direction, behaviour and relational effect path to the [TransTimeMon] (+)155 variable in section 9.1.2.1 of Stage 1 with a coverage/rating of +8/100.00 rprox); • remuneration needed to be tied to long-term performance which was actually realised: –– [CCRemLTVRActual] (+) – Banks  – Compensation/Remuneration Committee  – Long-Term Variable Remuneration for Performance Actually Realised  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009, OECD Key Findings 2009 and APRA156); and –– see also the [CCRemLTVRHighEnd] (+)157 variable in Sect. 12.6 above; • there should be no shifts to excessive fixed-remuneration components: –– see the [CCVarFixRatio] (+)158 variable in Sect. 16.6 of Chap. 16 below; • non-executive independent directors should oversee the remuneration process and oversight of remuneration by boards needed to go beyond the CEO and board members: –– [CCRemIndMon] (+)  – Compensation/Remuneration Committee  – Compensation Committee Comprised of Independent Directors – Independent  Compensation/Remuneration Committee  - Incentives Tied to Short-Term Share Price for Executives and High End Employees - Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure. See discussion in Sect. 16.1 of Chap. 16 below. 155  Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 22, pp 262–263. 156  APRA Final Report, above n 1, p 66. 157  Banks  – Compensation/Remuneration Committee  – Long-Term Focus for All “High End” Employees – Long-Term Variable Remuneration for All “High End” Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Walker Review 2009 and APRA). 158  Banks - Compensation Committee – Capping the Ratio of Variable to Fixed Compensation for High End Employees - Enhancement of Level of Risk-Taking in Alignment with Shareholders. See discussion in Sect. 16.6 of Chap. 16 below. 154

12.7  Governance Variables for Compensation/Remuneration Committee Functions…

557

Director Monitoring of Remuneration Process  – Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (OECD Key Findings 2009); –– [CompBeyondCEOBrd] (+)  – Banks  – Oversight of Compensation/ Remuneration Beyond CEO and Board – Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (OECD Key Findings 2009); –– see the [CCRemAdvise] (+/−)159 variable in Sect. 12.21 below; –– see also the [CompCom] (+/−)160 variable in section 10.2.4.1 of Stage 1 and Sect. 12.4 above; • there should be annual approval by shareholders of remuneration policies at the AGM: –– see discussion of ‘Say-On-Pay’ Shareholder Voting in 12.1 above and section 10.2.3.1 of Stage 1; • remuneration schemes needed to encourage long-term performance and pay out after the performance was realised including “share rather than cash payments with lock-up provisions, claw backs, deferred compensation etc. It is important to assess the programme ex-post:” –– see the [CCRemLTVRHighEnd] (+)161 variable in Sect. 12.6 above; –– see the [CCRemLTVRActual] (+)162 variable in this Sect. 12.7 above; –– see also variables in Sect. 12.18 below: • • • • •

[CCRemRestrictPropn] (+); [CCRemDefer] (+); [CCRemDelay] (+); [CCRemLock-Up] (+); and [CCRemClawBack] (+)

• Remuneration consultants should be hired by non-executive directors rather than conflicted executive directors: –– see the [CCRemAdvise] (+/−)163 variable in Sect. 12.21 below.   Compensation/Remuneration Committee  – Outside Advisers. See discussion in Sect. 12.21 below. 160  Compensation Committee  – Presence, Operation and Frequency. See discussion in section 10.2.4.1 of Stage 1, above n 22. 161  Banks  – Compensation/Remuneration Committee  – Long-Term Focus for All “High End” Employees – Long-Term Variable Remuneration for All “High End” Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Walker Review 2009 and APRA). 162  Banks  – Compensation/Remuneration Committee  – Long-Term Variable Remuneration for Performance Actually Realised  – Enhancement of Level of Risk-Taking in Alignment with Shareholders. 163   Compensation/Remuneration Committee  – Outside Advisers. See discussion in Sect. 12.21 below. 159

558

12  Government and Market Reform Report Recommendations for Compensation…

12.8 Governance Variables for Compensation/Remuneration Committee Functions and Policies in the OECD 2010 Conclusions and Practices164 The main themes above were repeated by the OECD 2010 Conclusions and Practices. In addition, there were a number of new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to: • the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating + 7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox. Here, the OECD emphasized that: • the board needed to specify the company’s long-term interests and how this would be achieved by the remuneration system: –– see [CCRemLTVRActual] (+) variable in Sect. 12.7 above; –– see also the [CCRemLTVRHighEnd] (+)165 variable in Sect. 12.6 above; and –– see also variables in Sect. 12.18 below: • • • • •

[CCRemRestrictPropn] (+); [CCRemDefer] (+); [CCRemDelay] (+); [CCRemLock-Up] (+); and [CCRemClawBack] (+)

• boards should also concentrate on a small number of ‘performance metrics’ which drove long-term performance with payouts only once the performance was realized: –– [CCRemLTMetricsActual] (+)  – Compensation/Remuneration Committee   –– Performance Metrics for Long-Term Performance with Payouts Only Once the Performance was Realized – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009);

 OECD 2010 Conclusions and Practices, above n 26, pp 8–9.  Banks  – Compensation/Remuneration Committee  – Long-Term Focus for All “High End” Employees – Long-Term Variable Remuneration for All “High End” Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Walker Review 2009 and APRA). 164 165

12.10  Long-Term Profitability Adjusted for Cost of Capital

559

–– see also [CCRemLTVRActual] (+)166 variable in Sect. 12.7 above; and –– see also the [CCRemLTVRHighEnd] (+)167 variable in Sect. 12.6 above.

12.9 IIF Risk-Based Incentive Principles The IIF’s Principles of Conduct for compensation policies centred around the risk aspect and gave rise to a number of Principles of conduct.168 These Principles were also adopted by the OECD Kirkpatrick Report 2009.169 These are discussed next.

12.10 Long-Term Profitability Adjusted for Cost of Capital First, incentives should be aligned with shareholder interests and long-term profitability taking into account risk: Compensation incentives should be based on performance and should be aligned with shareholder interests and long-term, firm-wide profitability, taking into account overall risk and the cost of capital.170

The variables for risk adjustments for executives and high end employees were introduced in Sect. 12.6 above: • [CCPerfObjectBenchHighEnd] (+)  – Banks  – Compensation/Remuneration Committee – Responsibility for Performance Objectives and Benchmarks for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009); and

 Banks  – Compensation/Remuneration Committee  – Long-Term Variable Remuneration for Performance Actually Realised  – Enhancement of Level of Risk-Taking in Alignment with Shareholders. 167  Banks  – Compensation/Remuneration Committee  – Long-Term Focus for All “High End” Employees – Long-Term Variable Remuneration for All “High End” Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (Walker Review 2009 and APRA). 168  Institute of International Finance, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, Financial Services Industry Response to the Market Turmoil of 2007–2008, Washington, DC, July 2008, accessed 24 March 2017 at http://www.apec.org.au/docs/11_CON_GFC/IIF_Final_Report_of_the_Committee_on_Market_ Best_Practices.pdf (‘IIF Final Report 2008’), Principle II., Compensation Policies, p 49. 169  Grant Kirkpatrick, The Corporate Governance Lessons from the Financial Crisis, Report of the OECD Steering Group on Corporate Governance, 11 February 2009, Financial Market Trends, Vol 2009/1, ISSN 1995–2864, accessed 27 March 2017 at http://search.oecd.org/finance/financial-­ markets/42229620.pdf, (‘OECD Kirkpatrick Report 2009’), 15. 170  IIF Final Report 2008, above n 170, Principle II.i, p 49. 166

560

12  Government and Market Reform Report Recommendations for Compensation…

• [CCRiskAdjustHighEnd] (+)  – Banks  – Compensation/Remuneration Committee – Responsibility for Risk Adjustments (Generally) for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009). The variables for long-term focus and long-term variable remuneration for performance actually realized were introduced above: • [CCRemLTVRHighEnd] (+) – Banks  – Compensation/Remuneration Committee – Long-Term Focus for All Executives and High End Employees – Long-­Term Variable Remuneration for All Executives and High End Employees – ­Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/ rating + 7/87.50 rprox (Walker Review 2009 and APRA171)(Sect. 12.6); • [CCRemLTVRActual] (+) – Banks  – Compensation/Remuneration Committee  – Long-Term Variable Remuneration for Performance Actually Realised – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (Walker Review 2009, OECD Key Findings 2009 and APRA172)(Sect. 12.7); and The variable for risk adjustment for the cost of capital is introduced in Sect. 12.16 below: • [CCHighEndCapCost] (+) – Compensation/Remuneration Committee – Risk Adjustment for Cost of Capital for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (IIF) (relational effect path 12.16).

12.11 Risk-Taking and Risk Appetite Second, compensation should not cause excessive risk-taking beyond the bank’s risk appetite:173 Compensation incentives should not induce risk-taking in excess of the firm’s risk appetite.174

This involves the following variables already introduced in Sect. 12.5 above:

 APRA Final Report, above n 1, p 66.  Ibid. 173  For a discussion of the bank’s risk appetite, see Chap. 40 below. 174  IIF Final Report 2008, above n 170, Principle II.ii, p 49. 171 172

12.12  Adjustments for the ‘risk time horizon’

561

• [EqOptRiskAlignHighEnd] (+) – Equity and Options for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholders – coverage/rating + 7/87.50 rprox;175 and • [EqOptRiskFailHighEnd] (−) – Equity and Options for Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure – coverage/rating − 7/87.50 rprox.176 And the following variable introduced here: • [CCHighEndRiskApp] (+) – Compensation/Remuneration Committee – Risk Adjustment for Risk Appetite of Bank for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (IIF).

12.12 Adjustments for the ‘risk time horizon’ Third, payments of incentives should be adjusted for risk, based on “cost of capital-­ adjusted profit” and match the “risk time horizon” of profit: Payout of compensation incentives should be based on risk-adjusted and cost of capital-­ adjusted profit and phased, where possible, to coincide with the risk time horizon of such profit.177

The variable for risk adjustment for the cost of capital is introduced in Sect. 12.16 below: • [CCHighEndCapCost] (+) – Compensation Committee – Risk Adjustment for Cost of Capital for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox. And a further new variable is constructed here for risk adjustments for the ‘risk time horizon’ of profit. [CCHighEndRiskTime] (+)  – Compensation/Remuneration Committee  – Risk Adjustment for ‘Risk Time Horizon’ of Profit for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders – Coverage/rating + 7/87.50 rprox – relational effect path Endowing the Compensation/Remuneration Committee with the responsibility for risk adjustment for the appropriate risk time horizon of profit for incentive pay of executives and high end employees is hypothesised to act like the variable [EqOptRiskAlignHighEnd] (+) in Sect. 12.5 above. The direction marker for this  See discussion in Sect. 12.5 above.  Ibid. 177  IIF Final Report 2008, above n 170, Principle II.iii, p 49. See also OECD Kirkpatrick Report 2009, above n 165, 15. 175 176

562

12  Government and Market Reform Report Recommendations for Compensation…

variable is positive representing a ‘risk time horizon’ or period of time matched to the time when profit (not merely revenue) is actually realized and matched to a level of equity and options giving rise to a level of risk-taking in alignment with outside shareholder interests.178 This equates to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the [CCHighEndRiskTime] (+) Compensation Committee high end variable.

12.13 Adjustments for Organization as a Whole and Firm-Wide Profit Fourth, incentive payments should reflect the impact of business unit returns on the whole organisation: Incentive compensation should have a component reflecting the impact of business units’ returns on the overall value of related business groups and the organization as a whole.179

The Fifth Principle also required consideration of the firm’s overall results in determining incentives as well as risk management and other objectives of the organisation: Incentive compensation should have a component reflecting the firm’s overall results and achievement of risk management and other general goals.180

[CCHighEndWholeOrg] (+)  – Compensation/Remuneration Committee  – Risk Adjustment for Overall Profit of Whole Organization for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders – Coverage/rating + 7/87.50 rprox – relational effect path For the fourth and fifth Principles, endowing the Compensation Committee with the responsibility for risk adjustment for overall profits on the whole organization (i.e., overall firm-wide profit and not merely activity-based or business-unit-based revenues) for executives and high end’ employees is hypothesised to act like the variable [EqOptRiskAlignHighEnd] (+) in Sect. 12.5 above. The direction marker for this variable is positive representing an overall firm-wide profit actually realized (not merely activity-based or business-unit-based revenue) and matched to a level of equity and options giving rise to a level of risk-taking in alignment with outside shareholder interests.181

 Fuerst and Kang, above n 39, 6–7. See discussion in section 10.2.1 of Stage 1, above n 22, pp 295–296. 179  IIF Final Report 2008, above n 170, Principle II.iv, p 49. 180  Ibid, Principle II.v, p 49. 181  See discussion in Sect. 12.5 of this Chap. 12 above. 178

12.15  Transparency and Disclosure

563

This equates to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2) above for the [CCHighEndWholeOrg] (+) Compensation Committee high end variable.

12.14 Severance Pay The Sixth Principle in relation to severance pay is discussed in Sects. 17.2–17.3 of Chap. 17 below relating to ‘enhanced benefits’.

12.15 Transparency and Disclosure The Seventh Principle required that the approach, principles and objectives of incentives should be transparent to shareholders.182 This relates to two variables already introduced in Sect. 12.6 above of this Chap. 12: • [CCPerfObjectBenchHighEnd] (+)  – Banks  – Compensation/Remuneration Committee – Responsibility for Performance Objectives and Benchmarks for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009)(relational effect path 12.6); • [CCRiskAdjustHighEnd] (+)  – Banks  – Compensation/Remuneration Committee – Responsibility for Risk Adjustments (Generally) for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009 and IIF)(relational effect path 12.6); For the contents of the disclosure obligation including incentives and compensation, see the [CCDiscloseBandElement] (+) variable in Sect. 12.17 below: • [CCDiscloseBandElement] (+)  – Compensation/Remuneration Committee  – Disclosure of Bands and Elements of Compensation for Executives and High End Employees – Enhancement in Risk Management and Internal and External Monitoring – coverage/rating + 8/100.00 rprox (relational effect path 12.17).

182

 IIF Final Report 2008, above n 170, Principle II.vii, p 49.

564

12  Government and Market Reform Report Recommendations for Compensation…

12.16 IIF Examples of Risk-Adjusted Compensation and Incentives In relation to incentives, the IIF refrained from enunciating specific recommendations.183 However, the IIF did give a number of examples it believed could evolve into best practice over time. These included: • Financial targets to assess performance should be risk-adjusted for all risk categories:184 –– [CCRiskAdjustHighEnd] (+)  – Banks  – Compensation/Remuneration Committee  – Responsibility for Risk Adjustments (Generally) for All Executives and High End Employees – Enhancement of Level of Risk-Taking in ­Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (Walker Review 2009 and IIF)(relational effect path 12.6); • Risk-adjusted profits should be adjusted for cost of capital:185 This passage suggests a new governance variable: [CCHighEndCapCost] (+) – Compensation Committee – Risk Adjustment for Cost of Capital for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders (IIF) – Coverage/ rating + 7/87.50 rprox – relational effect path • Endowing the Compensation/Remuneration Committee with the responsibility for risk adjustment for the cost of capital for incentive pay of executives and high end employees is hypothesised to act like the variable [EqOptRisk AlignHighEnd] (+) in Sect. 12.5 above. The direction marker for this variable is positive representing risk-adjusted profits adjusted for the cost of capital actually incurred by the bank and matched to a level of equity and options giving rise to a level of risk-taking in alignment with outside shareholder interests. This equates to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2) above for the [CCHighEndCapCost] (+) Compensation Committee high end variable. • Profits recognised for compensation should be based on an “alpha” value “actually added by the employees to the firm”:186  Ibid, Discussion of Principles of Conduct II.i – II.vii, p 50.  Ibid, 50. 185  Ibid. 186  Ibid. The OECD Kirkpatrick Report 2009, above n 171, 16 further explained this issue: These issues were picked up in the UBS report, which noted that the compensation and incentive structure did not effectively differentiate between the creation of alpha (i.e. return in excess of defined expectation) versus return from a low cost of funding. In the case of UBS, the internal cost of funds did not take account of risk so that the traders involved in sub-prime could obtain finance 183 184

12.16  IIF Examples of Risk-Adjusted Compensation and Incentives

565

This passage suggests a new governance variable: [CCHighEndActAlpha] (+)  – Compensation/Remuneration Committee  – Risk Adjustment for Actual ‘Alpha’ Added to the Firm by Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders (IIF) – Coverage/rating + 7/87.50 rprox – relational effect path –– [CCHighEndActAlpha] (+) is hypothesised to act like the variables: • [CCRemLTVRActual] (+) – Banks  – Compensation/Remuneration Committee – Long-Term Variable Remuneration for Performance Actually Realised  – Enhancement of Level of Risk-Taking in Alignment with ­Shareholders, coverage/rating  +  7/87.50 rprox (relational effect path in Sect. 12.7); • [CCRemLTVRHighEnd] (+) – Banks  – Compensation/Remuneration Committee  – Long-Term Focus for All Executives and High End Employees  – Long-Term Variable Remuneration for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path in Sect. 12.6 above); and • [CCRiskEcoProfit] (+)  – Compensation Committee  – Risk Adjustment for Economic Profits for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path in Sect. 12.22 below). Thus, endowing the Compensation Committee with the responsibility for risk adjustments for actual ‘Alpha’ added to the firm by executives and high end employees is hypothesised to act like the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5. The direction marker for this variable is positive representing actual ‘Alpha’ added to the firm by executives and high end employees matched to a level of equity, options, incentives and bonuses giving rise to a level of risk-taking in alignment with outside shareholder interests.187 This equates to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2) above for the [CCHighEndActAlpha] (+) Compensation Committee high end variable. • Increasing the risk-time horizon for the calculation for financial firm returns for a more accurate measure of risk, for example, “through clawback provisions,

at a low cost. This made sub-prime an attractive asset to carry long. Super senior tranches carried low margins so that the incentive was to expand positions to achieve a given level of bonus…Essentially, bonuses were measured against gross revenue after personal costs, with no formal account taken of the quality or sustainability of those earnings. Senior management, on the other hand, received a greater proportion of deferred equity. 187  See discussion in Sect. 12.5 of this Chap. 12 above.

566

12  Government and Market Reform Report Recommendations for Compensation…

longer-term vesting provisions, or holding funds in escrow so that any tail-end write-offs can be used to determine ultimate payouts”:188 –– [CCHighEndRiskTime] (+) – Compensation Committee – Risk Adjustment for ‘Risk Time Horizon’ of Profit for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path in Sect. 12.12 above); –– [CCRemLTVRHighEnd] (+)  – Banks  – Compensation/Remuneration Committee – Long-Term Focus for All Executives and High End Employees – Long-Term Variable Remuneration for All Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path in Sect. 12.6 above); –– [CCRemLTVRActual] (+)  – Banks  – Compensation/Remuneration Committee  – Long-Term Variable Remuneration for Performance Actually Realised  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (relational effect path in Sect. 12.7); –– see also the variables in this Sect. 12.18 below: • • • • •

[CCRemRestrictPropn] (+); [CCRemDefer] (+); [CCRemDelay] (+); [CCRemLock-Up] (+); and [CCRemClawBack] (+);

• The payment of deferred bonuses in several tranches (e.g., annually) “that align with the profit-generating lifespan of a product or transaction or book of business”: 189 Notionally, a portion of bonuses (whether cash or stock) based on, say, the risk-adjusted profits of the purchase of a structured instrument with a 5-year pay-off could be paid out in five annual tranches as the firm realizes the profit from the changing value (net present value or accrued value) of the structured instrument.190

This gives rise to the governance variables: –– [CCRemLTVRActual] (+) – Banks  – Compensation/Remuneration Committee  – Long-Term Variable Remuneration for Performance Actually Realised – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path in Sect. 12.7); –– [CCRemLTVRHighEnd] (+) – Banks  – Compensation/Remuneration Committee – Long-Term Focus for All Executives and High End Employees – Long-­Term Variable Remuneration for All Executives and High End Employees –  IIF Final Report 2008, above n 170, p 50.  Ibid, p 51. 190  Ibid. 188 189

12.16  IIF Examples of Risk-Adjusted Compensation and Incentives

567

Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/ rating + 7/87.50 rprox (relational effect path in Sect. 12.6); –– [CCRiskEcoProfit] (+)  – Compensation Committee  – Risk Adjustment for Economic Profits for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path in Sect. 12.22 below); and –– see also the variables in Sect. 12.18 below: • • • • •

[CCRemRestrictProp] (+); [CCRemDefer] (+); [CCRemDelay] (+); [CCRemLock-Up] (+); and [CCRemClawBack] (+)

Additionally, the IIF gave a number of ways of managing controls around compensation structures and processes including the following:191 • compensation and incentives should be matched to the firm’s risk appetite to prevent excessive risk taking:192 –– This involves the following variables already introduced in Sect. 12.5 above: • [EqOptRiskAlignHighEnd] (+) – Equity and Options for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests – coverage/rating + 7/87.50 rprox;193 • [EqOptRiskFailHighEnd] (−) – Equity and Options for Executives and High End Employees  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure – coverage/rating − 7/87.50 rprox;194 –– and the following variable in Sect. 12.11 above: • [CCHighEndRiskApp] (+)  – Compensation Committee  – Risk Adjustment for Risk Appetite of Bank for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (IIF); • periodic review compensation;195

of

compensation

policies

and

performance-based

This passage suggests a new governance variable: [CCHighEndReview] (+)  – Compensation/Remuneration Committee  – Periodic Review of Compensation Policies and Performance-Based

 Ibid.  Ibid. 193  See discussion in Sect. 12.5 above. 194  Ibid. 195  IIF Final Report 2008, above n 170, p 51. 191 192

568

12  Government and Market Reform Report Recommendations for Compensation…

Compensation for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – Coverage/rating + 7.87.50 rprox Endowing the Compensation/Remuneration Committee with the responsibility for periodic review of compensation policies and performance-based compensation risk adjustments for executives and high end employees is hypothesised to act like the following variables in Sect. 12.6: –– CCRemPolicyAllEmploy] (+)  – Banks  – Compensation/Remuneration Committee – Responsibility for Remuneration Policy for All Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009); –– [CCRemPolicyOutHighEnd] (+) – Banks – Compensation/Remuneration Committee  – Responsibility for Remuneration Policy and Outcomes for All Executives and High End Employees – Enhancement of Level of RiskTaking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009); –– [CCPerfObjectBenchHighEnd] (+)  – Banks  – Compensation/ Remuneration Committee  – Responsibility for Performance Objectives and Benchmarks for All Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009); and –– [CCRiskAdjustHighEnd] (+)  – Banks  – Compensation/Remuneration Committee  – Responsibility for Risk Adjustments (Generally) for All Executives and High End Employees  – Enhancement of Level of RiskTaking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009). These variables in turn are based on the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 above. The direction marker for this variable is positive representing a review of compensation policies and objectives and performance-based compensation matched to a level of equity, options, incentives and bonuses giving rise to a level of risk-taking in alignment with outside shareholder interests.196 This equates to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2) above for the [CCHighEndReview] (+) Compensation Committee high end variable. • “strong management processes are needed to guard against manipulation and arbitrage of the metrics chosen”: This involves the following variable already introduced in Sect. 12.8: –– [CCRemLTMetricsActual] (+)  – Banks  – Compensation Committee –– Performance Metrics for Long-Term Performance with Payouts Only Once 196

 See discussion in Sect. 12.5 of this Chap. 12 above.

12.16  IIF Examples of Risk-Adjusted Compensation and Incentives

569

the Performance was Realized  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (Walker Review 2009); • monitoring changes in the firm’s risk-return profile “but also reviewing critically whether the organization is responding to incentives in a way that is inconsistent with its stated risk appetite or culture”: –– this involves the following variables already introduced in Sect. 12.5 above: • [EqOptRiskAlignHighEnd] (+) – Equity and Options for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests – coverage/rating + 7/87.50 rprox;197 • [EqOptRiskFailHighEnd] (−) – Equity and Options for Executives and High End Employees  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure – coverage/rating − 7/87.50 rprox;198 –– and the following variable introduced in Sect. 12.11 above: • [ CCHighEndRiskApp] (+)  – Compensation Committee  – Risk Adjustment for Risk Appetite of Bank for Executives and High End Employees  – ­Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • governance variables for the bank’s risk culture are discussed in Chap. 40 below. • comparable incentives for risk-takers across different business units so as to have a firm-wide perspective: –– This involves the following variable already introduced in Sect. 12.13 above: • [CCHighEndWholeOrg] (+)  – Compensation Committee  – Risk Adjustment for Profit of Whole Organization for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; –– This passage also suggests a new governance variable: • [CCCompareIncent] (+) – Compensation/Remuneration Committee – Comparable Incentives for Risk-Takers Across Different Business Units or Activities – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – Coverage/rating  +  7/87.50 rprox – relational effect path • Endowing the Compensation/Remuneration Committee with the responsibility for comparable incentives for risk-takers across different business units or activities is hypothesised to act like the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 above. The direction marker for this variable is 197 198

 See discussion in Sect. 12.5 above.  Walker Review 2009, above n 2, Recommendation 34, p 22.

570

12  Government and Market Reform Report Recommendations for Compensation…

positive representing comparable or equivalent compensation for risk-­ takers which is matched to a level of equity, options, incentives and bonuses giving rise to a level of risk-taking in alignment with outside shareholder interests.199 • This equates to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2) above for the [CCCompareIncent] (+) Compensation Committee variable. • flowing from the sub-prime mortgage at the heart of the GFC, preventing the mis-selling of financial products: Commissions or other incentive compensation at the retail level should be managed to avoid incentives to “mis-sell” products such as subprime mortgages to consumers with-out due regard to suitability and ability to pay.200

–– This passage suggests a new governance variable: • [CCMis-SaleProd] (−)  – Compensation/Remuneration Committee  – Mis-Sale of Financial Products at Retail Level – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure  – Coverage/rating − 7/87.50 rprox • [CCMis-SaleProd] (−) is hypothesised to act like the variable [EqOptRiskFailHighEnd] (−) in Sect. 12.5 above. The direction marker for this variable is negative representing a mis-sale of financial products which – without due regard to suitability and ability to pay  – are of a level of risk beyond the bank’s risk appetite and therefore increase the likelihood of bank losses or failure.201 • This equates to a coverage/rating of −7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2) above for the [CCMis-­ SaleProd] (−) variable.

12.17 Disclosure of Bands and Elements of Compensation for Executives and High End Employees [CCDiscloseBandElement] (+)  – Compensation/Remuneration Committee  – Disclosure of Bands and Elements of Compensation for Executives and High End Employees  – Enhancement in Risk Management and Internal and External Monitoring – Coverage/rating + 8/100.00 rprox – relational effect path The Walker Review 2009 recommended disclosure of bands of aggregate remuneration of high end employees in relevant ranges including “within each band:  See discussion in Sect. 12.5 above.  IIF Final Report 2008, above n 170, p 51. 201  See discussion in Sect. 12.5 above. 199 200

12.17  Disclosure of Bands and Elements of Compensation for Executives and High…

• • • • •

571

the main elements of salary; cash bonus; deferred shares; performance-related long-term awards; and pension contribution”.202

Similar disclosure was recommended for subsidiaries of foreign banks of the aggregate bands of remuneration and principal elements.203 Also required is disclosure of the right or opportunity of executive board members or high end employees to receive “enhanced benefits” on the happening of any event including change of control which is not already disclosed in the Remuneration Report.204 For the OECD Key Findings 2009, the governance of remuneration suffered from a lack of transparency – there should be disclosure of: • • • •

the total cost of performance-based remuneration; the main characteristics; performance criteria; and adjustment for risk.205

For the content of the [CCDiscloseBandElement] (+) variable, the BCBS requires that the bank should disclose annually: • the recruitment approach for the selection of members of the board and for ensuring an appropriate diversity of skills, backgrounds and viewpoints; and • whether the bank has set up board committees and the number of times key standing committees have met.206

The BCBS further requires banks to comply with Section V of the OECD Principles 2004207 including: • material information on the bank’s objectives, organisational and governance structures and policies; • any corporate governance or remuneration code or policy and the process by which it is implemented; • major share ownership and voting rights, and related party transactions; • incentive and compensation policy following the FSB principles related to compensation. In particular, an annual report on compensation should be disclosed to the public. It should include:

 Walker Review 2009, above n 2, Recommendation 31, p 21.  Ibid, Recommendation 32, p 21. 204  Ibid, Recommendation 37, p 22. 205  OECD Key Findings 2009, above n 20, Governance of the remuneration process, pp 7–8. 206  BCBS Guidelines 2015, above n 4, Para 153, p 36. 207  Organisation for Economic Co-Operation and Development (OECD), OECD Principles of Corporate Governance 2004, 2004, OECD Publications Service, Paris ‘(OECD Principles 2004’). See http://www.oecd.org/document/49/0,3343,en_2649_34813_31530865_1_1_1_37439,00.html (accessed 6 March 2015). See now G20/OECD Principles of Corporate Governance of 30 November 2015, accessed 29 July 2015 at http://www.oecd-ilibrary.org/governance/g20-oecd-­ principles-of-corporate-governance-2015_9789264236882-en (‘G20/OECD 2015 Principles’). 202 203

572

12  Government and Market Reform Report Recommendations for Compensation… –– the decision-making process used to determine the bank-wide compensation policy; –– the most important design characteristics of the compensation system, including the criteria used for performance measurement and risk adjustment; and –– aggregate quantitative information on remuneration; and • measures that reflect the longer-term performance of the bank.208

The approach to the [CCDiscloseBandElement] (+) variable is to hypothesise that it is identical in direction, behaviour and relational effect path to the [TransTimeMon] (+)209 variable in section 9.1.2.1 of Stage 1, coverage/rating + 8/100.00 rprox. That variable links, most directly, the transparency and timing of reporting with both enhancement of the risk management and monitoring function (Risk Management, Monitoring & Audit Factor No 5210) and the quality of decision-making (Decision-making Factor No 7211). Given its focus on risk management, monitoring and decision-making, the [TransTimeMon] (+) variable’s relational effect path is positive (+) and the zone of effect of that relational effect path is hypothesised to be similar to that of the [BrdSkills] (+)212 and [BrdIndMon] (+)213 variables but with an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance214). Vital, too, in the [TransTimeMon] (+) variable, coverage/rating  +  8/100.00 rprox, is the operation of Reporting Factor No 1 and Compliance Factor No 2 again described in section 9.1.2.1 of Stage 1. The relational effect path of the [TransTimeMon] (+) variable is hypothesized to begin with Reporting Factor No 1 and Compliance Factor No 2 as the ‘drivers’ of the zone of effect. Compliance Factor No 2 is present because of the substantial guidance in governance codes relating to the access, timeliness, quality and reliability of information. This is replicated in the case of the Walker Review 2009’s requirement to disclose, within each band, the elements of the compensation – salary, cash bonus, deferred shares, performance-related long-term awards and pension contributions – and the BCBS Guidelines 2015 requirements. The Walker Review 2009’s requirement to disclose ‘enhanced benefits’ is separated and disclosed in Sects. 17.2–17.4 below. As noted above, Compliance Factor No 2 is also significant in the [TransTimeMon] (+) variable, coverage/rating  +  8/100.00 rprox, because of its (very) direct influence on Reporting Factor No 1 (Transparency, Timing and

 BCBS Guidelines 2015, above n 4, Para 154, p 36.  Transparency and timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 22, pp 262–263. 210  See discussion in section 2.6.5 of Stage 1, above n 22, pp 47–51. 211  See discussion in section 2.6.7 of Stage 1, above n 22, pp 51–58. 212  Board – Director Skills ‘Mix’ - see Figure 7.2 and discussion in section 7.3.1.2.1 of Stage 1, above n 22, pp 198–201. 213  Board Independent Director: Executive Director Proportion – Monitoring Effect – see discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, above 22, pp 208–212. 214  See discussion in section 2.6.2 of Stage 1, above n 22, pp 41–43. 208 209

12.17  Disclosure of Bands and Elements of Compensation for Executives and High…

GF 1

GF 5

GF 8

573

GF 7

GF 3 GF 2

GF 6

GF 4

Fig. 12.2  [CCDiscloseBandElement] (+) relational effect path

Integrity of Financial and Other Reports). Again noted in section 9.1.2.1 of Stage 1, there is a reflexive relationship between Reporting Factor No 1 and Risk Management, Monitoring & Audit Factor No 5. These two governance factors inform each other. Compliance Factor No 2 and the reflexive relationship between Reporting Factor No 1 and Risk Management, Monitoring & Audit Factor No 5 are hypoothesised to be the ‘sources’ of the positive influence represented in Figure 9.1 of Stage 1 for the [TransTimeMon] (+) variable, coverage/rating + 8/100.00 rprox. In this respect, the Walker Review 2009 requirements for disclosure of bands, constituent elements and ‘enhanced benefits’ replicates Compliance Factor No 2 to provide the content for the financial and other reports contemplated by Reporting Factor No 1 as do the BCBS Guidelines 2015 requirement. This gives rise to a coverage/rating of +8/100.00 rprox for the [CCDiscloseBankElement] (+) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) of this Stage 2. This is depicted in Fig. 12.2 above. Anonymous Disclosure of Pay ‘Bands’ for ‘High End’ Employees The Walker Review 2009 rejected that disclosures should name such employees lest they leave for financial centres not subject to such a rule.215 Instead, the ­Compensation/ Remuneration Committee should have responsibility for the pay of such employees and their attached “driving incentive structures”:216 In relation to “high end” employees, the remuneration committee report should confirm that the committee is satisfied with the way in which performance objectives and risk adjustments are reflected in the compensation structures for this group and explain the principles underlying the performance objectives, risk adjustments and the related compensation structure if these differ from those put in place and disclosed in respect of executive board members.217

 Walker Review 2009, above n 2, Para 7.11, p 110.  Ibid. 217  Ibid, Recommendation 30, p 110. 215 216

574

12  Government and Market Reform Report Recommendations for Compensation…

The Walker Review 2009 noted that disclosure of high end employee remuneration “could exacerbate upward pressure on remuneration through intensifying the competitive process, in line with the view that disclosure of board level remuneration has probably exerted upward ratcheting influence of this kind”.218 Despite this, the Walker Review 2009 recommended anonymous disclosure of ‘bands of remuneration’ and their constituent elements: The specific proposal is that such disclosure should be in the form of bands of remuneration for “high end” employees above a threshold level of £1 million with an indication of numbers in each band and, within each band, of the main elements of salary, bonus, long-term award and pension contribution. For this purpose, it is proposed that “total remuneration” should be defined as salary, pension, earned bonus (including, on a non-discounted basis, any element being deferred) and the value of long-term incentive awards granted in the year (calculated on an expected value basis reflecting applicable performance conditions). The proposed bands of disclosure above £1 million would be up to £2.5 million, between £2.5 million and £5 million and in bands of £5 million thereafter.219

The Recommendation extended to executive board members.220 The OECD Key Findings 2009 also emphasized transparency of remuneration policies but there was no agreement on individual disclosure, albeit that this was mandated in some countries: The Steering Group did not reach a consensus about disclosure of individual compensation although the annotations noted that “disclosure on an individual basis (including termination and retirement provisions) is increasingly regarded as good practice and is now mandated in several countries. In these cases, some jurisdictions call for remuneration of a certain number of the highest paid executives to be disclosed, while in others it is confined to specified positions”.221

12.18 Restrictions, Delay, Lock-Up, Deferral and Clawback of Incentive Payments – Relational Effect Path Remuneration Should Not Promote Excessive Risks For the BCBS, the remuneration system should underpin a sound risk culture: Remuneration programmes should encourage a sound risk culture in which risk-taking behaviour is appropriate and which encourages employees to act in the interest of the company as a whole (also taking into account client interests) rather than for themselves or only their business lines. In particular, incentives embedded within remuneration structures should not incentivise staff to take excessive risk.222

 Ibid, Para 7.13, p 111.  Ibid, Para 7.15, pp 111–112. 220  Ibid, Recommendation 31, p 113. 221  OECD Key Findings 2009, above n 20, p 21. 222  BCBS Guidelines 2015, above n 4, Para 148, p 148. 218 219

12.18  Restrictions, Delay, Lock-Up, Deferral and Clawback of Incentive Payments …

575

‘Material Risk Takers’, Deferral, ‘Malus/Forfeiture’ Provisions and ‘Clawback’ The BCBS addressed ‘material risk takers’ – whose pay calculations span multiple years – which should include provisions upon the happening of, or more knowledge about, the risk: [T]his is often achieved through arrangements that defer a sufficiently large part of the compensation until risk outcomes become better known. This includes “malus/forfeiture” provisions, where compensation can be reduced or reversed based on realised risks or conduct events before compensation vests, and/or “clawback” provisions, under which compensation can be reduced or reversed after compensation vests if new facts emerge showing that the compensation paid was based on erroneous assumptions, such as misreporting, or if it is discovered that the employee has failed to comply with internal policies or legal requirements.223

This was not a novel Principle. Predating the BCBS Guidelines 2015, the Walker Review 2009 made some key findings in relation to incentive payments including such provisions: • Deferral of incentive payments should provide the primary risk adjustment mechanism to align rewards with sustainable performance for executive board members and “high end” employees.. • Incentives should be balanced so that at least one-half of variable remuneration offered in respect of a financial year is in the form of a long-term incentive scheme with vesting subject to a performance condition with half of the award vesting after not less than three years and of the remainder after five years. • Short-term bonus awards should be paid over a three-year period with not more than one-third in the first year. • Clawback should be used as the means to reclaim amounts in circumstances of misstatement and misconduct.224

For APRA, important was that “variable remuneration can be adjusted downwards in response to incidents involving poor conduct, inadequate risk management or failure to adhere to [the Bank’s] values”.225 For Sharfman, Toll and Szydlowski writing in 2009, clawbacks allow the bonus to be returned to the company on the happening of specific events, the authors suggesting poor performance to be one of these: Board approval of compensation policies that encourages the pursuit of fake alpha can be discouraged by the use of “clawbacks,” provisions in bonus plans that would require the recipient to return all or part of the bonus if certain subsequent negative events occur, such as poor financial performance. This approach was broadly endorsed in the recently enacted Emergency Economic Stabilization Act of 2008, the $700 billion bailout of financial institutions who overinvested in excessively risky mortgage assets.226  Ibid, Para 150, pp 34–35.  Walker Review 2009, above n 2, Recommendation 33, Para 7.34, p  117 (format altered and bullet-points added). 225  APRA Final Report, above n 1, p 66. 226  Bernard S Sharfman, Steven J Toll and Alan Szydlowski, “Wall Street’s Corporate Governance Crisis” (2009) 17(1) Corporate Governance Advisor 5–8, Jan/Feb 2009, (2 March 2009) accessed 10 April 2017 at SSRN: https://ssrn.com/abstract=1299879, 6. 223 224

576

12  Government and Market Reform Report Recommendations for Compensation…

For the authors, such clawbacks could appear in formal policies, the compensation scheme or in employment agreements227 with a number of issues needing to be determined – the specific events that trigger the provision and the number of years back the clawback will apply: For example, boards have to decide to whom the provisions apply and then to which specific incentive awards. Of even more importance, under what circumstances would the clawback provisions be triggered and how many years back should the provisions apply. Despite the need for these difficult determinations, we expect to see an increased use of clawbacks as a means to control excessive risk in compensation policies.228

For Van Den Berghe, too, the design of variable remuneration must take into account risk management: A second condition is to design a variable remuneration policy that supports sound risk management. If there is only an upside to the performance-related pay system, managers and employees will be stimulated to go for the upside, even if this comes at the detriment of a much higher risk and the long term success of the company. Moral hazard is a well-known concept in insurance economics and is a relevant reflection when it comes to discussing the downside-effects of remuneration incentives.229

The author thus favours mechanisms similar to the Walker Review 2009 to adjust for risk management: The UK proposal for the financial sector gives detailed recommendations to develop remuneration policies that are risk-focused (for the bonus as well as for the long-term incentive plan). The aim is to ensure that firms have remuneration policies which are consistent with effective risk management, and which do not expose them to excessive risk-taking by staff (so explicitly going beyond the executive level). Poor remuneration policies can lead to implicit or explicit expectations of performance from the employee, which are misaligned with the firm’s risk appetite and contrary to sound risk management. Concrete proposals include the focus on profits, adjusted for current and future risk and taking into account the cost of capital employed and the liquidity required. Other suggestions are introducing a bonus-malus philosophy and claw-back clauses.230

APRA referred to the CBA remuneration framework which provides for the withholding of the short and long-term incentive component of remuneration but not clawback: CBA’s remuneration framework provides for the withholding of variable remuneration that has been earned but not paid (known as ‘malus’), but there are no formal mechanisms to retrieve payments that have been earned and actually paid (known as ‘clawback’). Although clawback has been introduced in overseas banking jurisdictions, CBA noted in interviews that it believes putting a clawback policy into practice would be problematic. Every six months, the Board Remuneration Committee, with input from the BRC, considers whether to apply malus to the unvested short or long-term remuneration for Executive Committee members based on risk considerations. This process is supported by commen-

 Ibid.  Ibid. 229  Van Den Berghe, above n 29, 12 (footnote omitted). 230  Ibid. 227 228

12.18  Restrictions, Delay, Lock-Up, Deferral and Clawback of Incentive Payments …

577

tary from the Group CRO in order for the Board Remuneration Committee to make an informed decision.231

Putting aside the time periods for long-term and short-term variable remuneration, endowing the Compensation/Remuneration Committee with the responsibility for restricting, delaying, locking-up, deferring or clawing-back incentive payments for executives and ‘high end’ employees is hypothesised to act like the Shareholder-­ Primacy Model ‘Umbrella’ (or ‘guiding principle’) in Figure 2.5 of Stage 1 with the exception of the exclusion of the overriding requirements of Compliance Factor No 2 (Corporate Governance and Legal Compliance as demonstrated in Sect. 12.4 above and identical to the [EqOptRiskAlignHighEnd] (+) variable.232 This gives rise to the following variables which do not differentiate for short-­ term or long-term variable remuneration of high end employees: • [CCRemRestrictPropn] (+)  – Compensation/Remuneration Committee  – Restricting the Proportion of Short-Term or Long-Term Incentive Payments for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009); • [CCRemDefer] (+)  – Compensation/Remuneration Committee  – Deferral of Short-Term or Long-Term Incentive Payments for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholders, coverage/ rating + 7/87.50 rprox (Walker Review 2009); • [CCRemDelay] (+)  – Compensation/Remuneration Committee  – Delaying Short-Term or Long-Term Incentive Payments for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholders, coverage/ rating + 7/87.50 rprox (Walker Review 2009); • [CCRemLock-Up] (+) – Compensation/Remuneration Committee – Lock-Up of Short-Term or Long-Term Incentive Payments for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholders, coverage/ rating + 7/87.50 rprox (Walker Review 2009); and • [CCRemClawBack] (+) – Compensation/Remuneration Committee – Clawback of Short-Term or Long-Term Incentive Payments for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholders, coverage/ rating + 7/87.50 rprox (Walker Review 2009). The positive (+) direction marker for these variables represents an enhancement in the risk ‘alignment’ effect with outside shareholders  – a level of equity and options giving rise to a level of risk-taking in alignment with outside shareholder interests. This equates to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) of this Stage 2 for these variables.

231 232

 APRA Final Report, above n 1, p 67.  See discussion in Sect. 12.5 above.

578

12  Government and Market Reform Report Recommendations for Compensation…

APRA Final Report Findings for Risk Adjustments and Variable Remuneration In the case of the APRA Final Report, APRA criticized “inadequate oversight and challenge by the board over remuneration outcomes” and that it had been “reactive rather than pre-emptive when applying risk adjustments to variable remuneration.”233 For these aspects of the Compensation/Remuneration Committee’s functions, there a number new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to: • the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating + 7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox. Other criticisms by APRA included (with the relevant governance variable introduced here): • there was no documentation for risk adjustments for relevant years’ deferred remuneration as the preference was “to deal with risk issues in the current year’s performance assessment”:234 –– [CCFailRiskAdjDocs] (−)  – Compensation/Remuneration Committee  – Failure of Documentation for Prior Years Deferred Remuneration for Executives and High End Employees  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure, coverage/rating  −  7/87.50 rprox (APRA); –– [CCFailRiskAdjPriorYrs] (−) – Compensation/Remuneration Committee – Failure to Make Risk Adjustments Against Prior Years Deferred Remuneration for Executives and High End Employees  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure, coverage/rating  −  7/87.50 rprox (APRA); • the “absence of a clear malus policy for deferred remuneration [which] undermine[d] the effective application of the remuneration framework”:235 –– see the variables in this Sect. 12.18 above: • • • • •

[CCRemRestrictPropn] (+); [CCRemDefer] (+); [CCRemDelay] (+); [CCRemLock-Up] (+); and [CCRemClawBack] (+)

 APRA Final Report, above n 1, p 72.  Ibid. 235  Ibid. 233 234

12.18  Restrictions, Delay, Lock-Up, Deferral and Clawback of Incentive Payments …

579

• over-reliance on performance assessments provided by the CEO and the Group CRO:236 –– [CCRelyPerfAssessCEO&CRO] (−)  – Compensation/Remuneration Committee –– Over-reliance on Performance Assessments provided by the CEO and the Group CRO for Executives and High End Employees – RiskTaking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/ rating − 7/87.50 rprox (APRA); • there was “no comprehensive assessment of the effectiveness of risk management within each Executive’s area of responsibility” which was largely based on the Executive’s ‘self-assessment’:237 –– [CCRelyExecSelfAssess] (−) – Compensation/Remuneration Committee –– Over-reliance on Executive Self-Assessments of Risk Management for Executives and High End Employees  – Risk-Taking in Excess of Risk ­ Appetite  – Likelihood of Bank Failure, coverage/rating  −  7/87.50 rprox (APRA); • BRC approval for variable remuneration “largely based on generalised attestations from the CEO and Group CRO”:238 –– [BRCRelyGenAttestCEO&CRO] (−)  – Board Risk Committee –– Over-­ reliance on General Attestations provided by the CEO and the Group CRO for Executives and High End Employees  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure, coverage/rating  −  7/87.50 rprox (APRA); • while the CRO was required to “consider risk culture, risk appetite, controls, incidents and issues under the Executive’s accountability” there was “little in the way of a formal assessment to form the basis for individual executive remuneration decisions”:239 –– [CROFailFormAssessRiskCult] (−) – Chief Risk Officer (CRO) –– Failure of Formal Assessment of Risk Culture for Individual Executive’s or High End Employee’s Remuneration Decisions  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure, coverage/rating  −  7/87.50 rprox (APRA); –– [CROFailFormAssessRiskApp] (−) – Chief Risk Officer (CRO) –– Failure of Formal Assessment of Risk Appetite for Individual Executive’s or High End Employee’s Remuneration Decisions  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure, coverage/rating  −  7/87.50 rprox (APRA);  Ibid.  Ibid. 238  Ibid. 239  Ibid. 236 237

580

12  Government and Market Reform Report Recommendations for Compensation…

–– [CROFailFormAssessControls] (−) – Chief Risk Officer (CRO) –– Failure of Formal Assessment of Controls for Individual Executive’s or High End Employee’s Remuneration Decisions  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure, coverage/rating  −  7/87.50 rprox (APRA); –– [CROFailFormAssessIncid] (−) – Chief Risk Officer (CRO) –– Failure of Formal Assessment of Incidents for Individual Executive’s or High End Employee’s Remuneration Decisions  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure, coverage/rating  −  7/87.50 rprox (APRA); and –– [CROFailFormAssessIssues] (−) – Chief Risk Officer (CRO) –– Failure of Formal Assessment of Issues for Individual Executive’s or High End Employee’s Remuneration Decision  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure, coverage/rating  −  7/87.50 rprox (APRA). The result was a lack of documentation and ‘herding’ of executive remuneration outcomes based on CBA’s overall financial performance rather than individual performance and risk outcomes: The lack of documentation results in limited transparency of decision-making, which constrains the effective governance over decisions and the oversight required by APRA’s prudential framework. Without a documented assessment, a ‘herding’ of Executive variable remuneration outcomes can result, with outcomes being more closely tied to the overall financial performance of the CBA rather than to individual performance and risk outcomes. The result is that Group Executives have generally received the same or very similar outcomes regardless of the risk assessment for each individual.240

Thus a number of recommendations and observations followed for board guidance including: • ‘comprehensive guidance’ from the board on reductions to STVR and LTVR:241 –– [CCRiskAdjustHighEnd] (+) – Compensation/Remuneration Committee – Responsibility for Risk Adjustments (Generally) for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (Walker Review 2009)(relational effect path Sect. 12.6); –– [CCHighEndRiskApp] (+)  – Compensation/Remuneration Committee  – Risk Adjustment for Risk Appetite of Bank for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path 12.11); –– [CCHighEndCapCost] (+)  – Compensation/Remuneration Committee  – Risk Adjustment for Cost of Capital for Executives and High End Employees –

240 241

 Ibid.  Ibid, p 73.

12.18  Restrictions, Delay, Lock-Up, Deferral and Clawback of Incentive Payments …

581

Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path 12.16); and –– [CCHighEndLiqRisk] (+)  – Compensation/Remuneration Committee  – Risk Adjustment for Liquidity Risk for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path 12.23). • a “mandated minimum downward adjustment for STVR (e.g. ten per cent) for a ‘partially met’ rating…[as]…a step towards better use of the risk gate opener”:242 –– [CCHighEndMinAdjRGO10%Redn] (+)  – Compensation/Remuneration Committee  – Minimum Mandated Risk Adjustment of 10% Reduction for ‘Partially Met’ Rating for Risk Gate Opener for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA); • some financial institutions globally used “prescriptive rules for measurable risk symptoms, especially for conduct, that as a matter of policy must be taken into account in human resource processes such as promotion and remuneration” to which a risk scorecard for senior executives was a step:243 –– [CCHighEndRiskScoreRules] (+)  – Compensation/Remuneration Committee – Rules for Risk Symptoms for Risk Scorecard for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA); • that it was “[b]etter practice is for banks to have a database or ‘library’ of consequence management options to assist in learning from previous incidents and to set clear expectations for both positive and negative risk outcomes for remuneration”:244 –– [CCHighEndLibraryRiskOut] (+)  – Compensation/Remuneration Committee  – Database/Library of Previous Risk Outcomes (Positive and Negative) for Remuneration for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA). For better governance of the remuneration framework, APRA observed that: • longer and more frequent meetings of the Compensation/Remuneration Committee gave a greater opportunity for review and challenge: –– the existing [CompCom] (+/−) variable  – Compensation Committee  – Presence, Operation and Frequency – coverage/rating +/−7/87.50 rprox (relational effect path section 10.2.4.1 of Stage 1 and Sect. 12.4 above);  Ibid.  Ibid. 244  Ibid. 242 243

582

12  Government and Market Reform Report Recommendations for Compensation…

• risk and internal audit executives should present comprehensive assessments to the Compensation/Remuneration Committee six-monthly or annually:245 –– [CCHighEndRiskPresent] (+) – Compensation/Remuneration Committee – Six-Monthly or Annual Comprehensive Assessments Presented by Risk Executives to Compensation Committee for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA); –– [CCHighEndIntAudPresent] (+)  – Compensation/Remuneration Committee – Six-Monthly or Annual Comprehensive Assessments by Internal Audit Executives to Compensation Committee for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA); • the size and allocation of variable remuneration being subject to “the full range of current and potential risks”:246 –– [CCRiskAdjustHighEnd] (+) – Compensation/Remuneration Committee – Responsibility for Risk Adjustments (Generally) for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (Walker Review 2009)(relational effect path Sect. 12.6); –– [CCHighEndRiskApp] (+)  – Compensation/Remuneration Committee  – Risk Adjustment for Risk Appetite of Bank for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path 12.11); –– [CCHighEndCapCost] (+) – Compensation Committee – Risk Adjustment for Cost of Capital for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path 12.16); and –– [CCHighEndLiqRisk] (+) – Compensation Committee – Risk Adjustment for Liquidity Risk for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path 12.23). • better coordination between the BRC and Compensation/Remuneration Committee with “subdued or negative financial performance of the entity should generally lead to a considerable contraction of the entity’s total variable remuneration, taking into account both current compensation and reductions in payouts of amounts previously earned, including through malus and clawback arrangements”:247

 Ibid.  Ibid. APRA cites Australian Prudential Regulation Authority, Prudential Practice Guide PPG 511 Remuneration, November 2009. 247  APRA Final Report, above n 1, p 73. 245 246

12.18  Restrictions, Delay, Lock-Up, Deferral and Clawback of Incentive Payments …

583

–– [CCRiskAdjustBRC] (+)  – Banks  – Compensation/Remuneration Committee –– Compensation/Remuneration Committee to Obtain Advice from Board Risk Committee (BRC) advised by the Chief Risk Officer (CRO) on Risk Adjustments to Performance Objectives – Enhancement of Level of Risk-­Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009)(relational effect path in Sect. 12.6); –– see the variables in this Sect. 12.18 above: • • • • •

[CCRemRestrictPropn] (+); [CCRemDefer] (+); [CCRemDelay] (+); [CCRemLock-Up] (+); and [CCRemClawBack] (+)

• joint meetings between the BRC and the Compensation/Remuneration Committees for risk ratings and remuneration decisions for Executive Committee members:248 –– [CCBRCJointMeet] (+) – Compensation/Remuneration Committee – Joint Meetings with Board Risk Committee (BRC) for Risk Ratings and Remuneration Decisions for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA); –– [CCRiskAdjustBRC] (+)  – Compensation/Remuneration Committee –– Compensation Committee to obtain advice from Board Risk Committee advised by the CRO on Risk Adjustments to Performance Objectives  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (Walker Review 2009)(relational effect path 12.6); • an absence of quantitative data to apply to the remuneration framework”:249 –– [CCFailQuantData] (−)  – Compensation Committee  – Failure to Apply Quantitative Data to Remuneration Framework – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure, coverage/rating  −  7/87.50 rprox (APRA); • detailed reporting recommendations were required by the Compensation/ Remuneration Committee: –– [CCBoardReporting] (+)  – Compensation/Remuneration Committee  – Reporting Requirements to the Board – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA); –– the content of the reporting is to:

248 249

 Ibid, pp 73–74.  Ibid, p 74.

584

12  Government and Market Reform Report Recommendations for Compensation… • allow the Board to assess the effectiveness of the framework across the Group, and the appropriateness of the outcomes being generated including the application of the risk gate opener as well as other aspects of the framework; • inform the Board of differences in the scale of risk reductions across business and support units, and provide assurance that these differences are justified; • assist in the review and update of guidance to management on the appropriate reduction in variable remuneration for staff that partially meet risk requirements to strengthen the link between risk-conscious behaviour of employees, consequence management and remuneration outcomes across the Group; and • inform the Board of the systemic or analytical link between employee sanctions executed such as a formal warning, and the remuneration outcomes that are generated so that there is tangible accountability for poor outcomes.250

APRA further considered that there was ineffective application of the risk gate opener to adjust variable remuneration outcomes. There was “widespread reluctance” to reduce variable remuneration for poor risk and compliance outcomes and risk adjustments were not consistently applied at senior management level  – or applied at all – even for ‘partially met’ ratings.251 Nor did the size of the adjustments encourage “positive risk and compliance behaviours”252 and did not “influence the risk/reward trade-off for employees”:253 • [CCRiskAdjustHighEnd] (+)  – Banks  – Compensation/Remuneration Committee – Responsibility for Risk Adjustments (Generally) for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009)(relational effect path Sect. 12.6); • [CCHighEndRiskApp] (+) – Compensation Committee – Risk Adjustment for Risk Appetite of Bank for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path 12.11); • [CCHighEndCapCost] (+) – Compensation Committee – Risk Adjustment for Cost of Capital for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path 12.16); • [CCHighEndLiqRisk] (+) – Compensation Committee – Risk Adjustment for Liquidity Risk for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path 12.23); • [CCHighEndMinAdjRGO10%Redn] (+)  – Compensation Committee  – Minimum Mandated Risk Adjustment of 10% Reduction for ‘Partially Met’ Rating for Risk Gate Opener for Executives and High End Employees  –

 Ibid. See also the more general recommendations in Recommendations 23 and 24, ibid, pp 74–75. 251  Ibid, p 75. 252  Ibid. 253  Ibid, p 76. 250

12.18  Restrictions, Delay, Lock-Up, Deferral and Clawback of Incentive Payments …

585

Enhancement of Level of Risk-Taking in Alignment with Shareholders coverage/ rating + 7/87.50 rprox (APRA)(relational effect path this Sect. 12.18); • and the new governance variable: –– [CCFailHighEndRGORiskAdj] (−) – Compensation Committee – Failure to Apply Risk Gate Opener for Risk Adjustments for ‘Not Met’ Rating to Remuneration for All Executives and High End Employees – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox (APRA); and –– guidance on the application of the Risk Gate Opener is provided by APRA’s Recommendation 25 which requires that: • the CBA Board provide clear guidance to management on the Board’s expectations in determining an appropriate level of risk adjustment for good and poor risk behaviours and outcomes; • the risk function assist in the application of the risk gate opener in the Group through applying more rigour in challenging outliers, observed inconsistencies and absolute levels of risk reductions; and • CBA, with due regard for confidentiality concerns, communicate the impact of both good and poor risk outcomes on remuneration across the Group to reinforce the link between accountability and consequence.254

The APRA Final Report concludes its remuneration review with a number of ‘gaps’ in the remuneration framework including: • that the CRO’s “target fixed and variable remuneration mix is not materially different to that of the business unit Group Executives” contrary to better practice “typically with a higher weighting on fixed remuneration aimed at safeguarding the independence of this critical function”:255 –– [CROTargetFixVarMix] (−) – Chief Risk Officer (CRO) – Target Fixed and Variable Remuneration Equivalent to Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox (APRA); –– [CROFixedRemWeight] (+)  – Chief Risk Officer (CRO)  – Fixed Remuneration with Higher Weighting to Preserve Independence of Function – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA); • there was no ‘upside’ for sound risk management256 with the risk gate opener only acting downwards; –– [CCHighEndRGOFullMet] (+)  – Compensation/Remuneration Committee – No Reduction Adjustment for Risk Gate Opener for ‘Fully Met’

 Ibid, Recommendation 25, p 78 (emphasis in original).  Ibid, p 78. 256  Ibid, p 78. 254 255

586

12  Government and Market Reform Report Recommendations for Compensation…

Rating257 to Remuneration of All Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA); –– [CCRGOPositiveAdjust] (+) – Compensation/Remuneration Committee  – Positive/Upwards Adjustment to Reward Sound Risk Management258 for Risk Gate Opener to Remuneration of All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA); • there was no “basis for collective risk adjustments, positive or negative, as a means of demonstrating collective accountability across a team, business unit or division as a result of significant risk events” (the AUSTRAC collective adjustment being the first time):259 –– [CCFailCollectiveAdjNeg] (−) – Compensation/Remuneration Committee – Failure to Apply Negative/Downward Collective Risk Adjustment to Remuneration for a Team, Business Unit or Division for Significant Risk Events  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox (APRA); –– [CCCollectiveAdjPos] (+)  – Compensation/Remuneration Committee  – Positive/Upward Collective Risk Adjustment to Remuneration for a Team, Business Unit or Division for Significant Risk Events –– Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA); • for short-term variable remuneration now taken as equity over two years for the CEO and Group Executives “up to 60 per cent of STVR is deferred over two to five years in some jurisdictions and up to seven years in others”:260 –– see the variables in this Sect. 12.18 above: • • • • •

[CCRemRestrictPropn] (+); [CCRemDefer] (+); [CCRemDelay] (+); [CCRemLock-Up] (+); and [CCRemClawBack] (+)

• better practice included “clear guidance on when and to what degree malus and clawback are used, and how they should be applied” to STVR and LTVR:261 –– see the variables in this sect. 12.18 above:

 Ibid, p 69  Ibid, p 78. 259  Ibid. 260  Ibid. 261  Ibid. 257 258

12.19  Failure to Adjust Pay Bonuses for Risks Incurred for Low Level Employees

• • • • •

587

[CCRemRestrictPropn] (+); [CCRemDefer] (+); [CCRemDelay] (+); [CCRemLock-Up] (+); and [CCRemClawBack] (+)

• while clawback was not presently used in Australia, “were it designed to be readily exercised, [it] would help to drive behaviours that avoid unsound risk management and strengthen accountability for senior management and other material risk-takers”262 and was recommended for “serious misconduct”:263 –– see the variables in this Sect. 12.18 above: • • • • •

[CCRemRestrictPropn] (+); [CCRemDefer] (+); [CCRemDelay] (+); [CCRemLock-Up] (+); and [CCRemClawBack] (+).

12.19 Failure to Adjust Pay Bonuses for Risks Incurred for Low Level Employees The OECD Key Findings 2009 found that a particular factor of the GFC was the failure to adjust performance bonuses for risk, in particular for lower level employees: An area of particular concern in financial firms is whether there is any risk adjustment in measuring performance for the purpose of bonuses, especially for employees lower down in the organisation where usually stock incentives (i.e. long term incentives) are not important. A recent survey by remuneration consultants for the FSF indicated an alarming lack of risk adjustment which is a cause of concern for two reasons. First, lack of risk adjustment de-links the incentives of employees from the shareholders. Second, it leads to firms overpaying their employees versus their contribution to long term value creation (i.e. Economic Value Added, EVA). Paying out large bonuses based largely on non-risk adjusted, flow metrics serves to de-capitalise the financial institution.264

[CCBonusLowEnd] (−) – Compensation/Remuneration Committee – Bonuses for Low End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure – Coverage/rating − 7/87.50 rprox – relational effect path This passage suggests a new governance variable, in accord with the effect described in the above passage, [CCBonusLowEnd] (−)  – Compensation Committee – Bonuses for Low End Employees – Risk-Taking in Excess of Risk  Ibid.  Ibid, Recommendation 26, p 79. 264  OECD Key Findings 2009, above n 20, p 17. 262 263

588

12  Government and Market Reform Report Recommendations for Compensation…

Appetite  – Likelihood of Bank Failure. The [CCBonusLowEnd] (−) variable is hypothesized to have the same effect as the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 above. The direction marker for this variable is negative representing a level of bonuses to low end employees giving rise to a level of risk-taking in excess of the bank’s risk appetite and increasing the likelihood of bank failure.265 This equates to a coverage/rating of −7/87.50 rprox for the [CCBonusLowEnd] (−) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for this Compensation Committee low end variable.

12.20 Required Minimum Shareholdings of Executive Board Members, Executives and High End Employees Including Vesting Arrangements ‘Skin in the Game’ Shareholdings and ‘Retention’ Vesting Arrangements The Walker Review 2009 considered whether ‘skin in the game’ shareholdings and ‘retention’ vesting arrangements for board members and high end employees  – equal to their total compensation on a historic basis – should be mandated: [E]xecutive board members and “high end” employees should be expected to have “skin in the game” in the form of a shareholding or retention of vested awards in an amount at least equal to their compensation on a historic or expected basis, to be built up over a period at the discretion of the remuneration committee; and that vesting should not be accelerated on cessation of employment other than on compassionate grounds.266

The Review’s Recommendation 34 thus determined that this should be so: Executive board members and “high end” employees should be expected to maintain a shareholding or retain a portion of vested awards in an amount in line with their total compensation on a historic or expected basis, to be built up over a period at the discretion of the remuneration committee. Vesting of stock for this group should not normally be accelerated on cessation of employment other than on compassionate grounds.267

The principal governance variables identified in Table 2.1 of Stage 1 relating to director equity and option holdings already exist: • [AudShortOpts] (−) – Audit Committee  – Short Term Options Granted to Outside Directors  – Reduction in Monitoring Effect, coverage/rating − 7/87.50 rprox;268 • [EqOptIncent] (+) – Equity/Option Plans and Holdings of Directors/ Executives – Incentive/‘Alignment’ Effect (excludes short-term options), coverage/rating + 7/87.50 rprox;269

 See discussion in Sect. 12.5 above.  Walker Review 2009, above n 2, Para 7.35, p 118. 267  Ibid, Recommendation 34, p 118. 268  See discussion in section 10.2.5.1 of Stage 1, above n 22, pp 311–312. 269  See discussion in section 10.2.4 of Stage 1, above n 22, pp 303–309. 265 266

12.21  Formal Code of Conduct for Remuneration Consultants Including Use…

589

• [EqOptEntrch] (−)  – Equity/Option Plans and Holdings of Directors/ Executives – ‘Entrenchment’ Effect (excludes short-term options), coverage/rating − 7/87.50 rprox;270 and • [ShortTOpts] (−) – Short-Term Option Holdings/Plans of Directors and Executives, coverage/rating − 7/87.50 rprox.271 In addition, the following variables have been introduced in Sect. 12.5 of this Chap. 12: • [EqOptRiskAlignHighEnd] (+) – Equity and Options for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests – based on the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of +7/87.50 rprox; and • [EqOptRiskFailHighEnd] (−) – Equity and Options for Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure – based on the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of −7/87.50 rprox. And the variables for the restrictions, delay, lock-up, deferral and clawback of incentive payments are set out in the preceding Sect. 12.18 above: • • • • •

[CCRemRestrictPropn] (+); [CCRemDefer] (+); [CCRemDelay] (+); [CCRemLock-Up] (+); [CCRemClawBack] (+)

Further observations in relation to benefits paid on commencement or termination of employment are contained in Sects. 17.2–17.3 of Chap. 17 below.

12.21 Formal Code of Conduct for Remuneration Consultants Including Use of the Code by Remuneration Committee to Engage Advisers272 Concern was expressed by the OECD as to whether essentially part-time non-­ executive directors who were on the remuneration committee to avoid conflicts of interests could oversee the process with consequent reliance on remuneration consultants273 and, in addition, increases in non-executive pressures and remuneration:

 Ibid.  See discussion in section 10.2.5.1 of Stage 1, above n 22, pp 311–312. 272  Walker Review 2009, above n 2, Recommendation 38/39, p 22. 273  OECD 2010 Conclusions and Practices, above n 26, Para 26, p 10. 270 271

590

12  Government and Market Reform Report Recommendations for Compensation…

It is important for a company to take steps to ensure that remuneration is established through an explicit governance process where the roles and responsibilities of those involved, including consultants and risk managers, are clearly defined and separated. In a number of jurisdictions, it is considered good practice to give a significant role to non-executive independent board members in the process. Their remuneration should be decided through a transparent and robust process that is disclosed in the remuneration report to shareholders.274

For compensation consultants, it was necessary that they be engaged by independent board members, that there be disclosure of any other remuneration services and that consultants follow a code of conduct: Where remuneration consultants are hired to advise on remuneration contracts and conditions, it is good practice for them to be engaged by the board with a key role for independent board members (e.g. the remuneration committee or equivalent) and who are thus independent of management. Their role, including other work for the company, should be disclosed in a remuneration report. Boards need to ensure their continued independence by prohibiting or limiting the contemporaneous provision of other remuneration services and by requiring them to adhere to a code of conduct.275

[CCRemAdvise] (+/−)  – Compensation/Remuneration Committee  – Outside Advisers – Coverage/rating +/−7/87.50 rprox – relational effect path This recommendation of the OECD 2010 Conclusions and Practices is hypothesized to behave identically to the Stage 1 governance variable [OutBrdAdv] (+)276 in section 7.3.2.1.2 of Stage 1 – Outside/External Board Advisers – but with a dual direction marker. The [CCRemAdvise] (+/−) variable is given a dual direction marker (+/−) as the composition and levels of director, CEO and executive compensation – and therefore the balancing point between a level of equity and options (or other incentives) giving rise to a level of risk-taking in line with outside shareholder interests and, by contrast, a level of equity, options and incentives in excess of the bank’s risk appetite and increasing the risk of bank failure – will be affected positively or negatively by the operation of this variable. Speaking only of direction (and not behaviour or configuration of the relational effect path), this is identical to the [EqOptRiskAlignHighEnd] (+) and [EqOptRiskFailHighEnd] (−) variables above.277 For the relational effect path, [CCRemAdvise] (+/−) is hypothesized to have a relational effect path identical to [OutBrdAdv] (+) in section 7.3.2.1.2 of Stage 1 which in turn is a ‘strong-form’ version of the [BrdIndMon] (+) variable in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1. This equates to a coverage/rating of +/−7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) of this Stage 2.

 Ibid, Para 27, p 10.  Ibid, Para 30, p 11. 276  [OutBrdAdv] (+) variable  – Outside/External Board Advisers. See discussion in section 7.3.2.1.2 of Stage 1, above n 22, pp 211–212. 277  See discussion in Sect. 12.5 above. 274 275

12.22  Incentive Payments and Bonuses to Be Calculated by Economic Profit Not…

591

12.22 Incentive Payments and Bonuses to Be Calculated by Economic Profit Not Revenue Important for the Walker Review 2009 was “that assessments of financial performance used to calculate bonus pools should be based on risk-adjusted measures such as economic profit rather than revenue…that is, the need for the size of bonus pools to be determined by reference to economic profit rather than revenues”.278 The BCBS is also mindful of pay based on future revenue, though not specifically calling for profit to be used as the measure: Practices by which remuneration is paid for potential future revenues whose timing and likelihood remain uncertain should be carefully evaluated by means of both qualitative and quantitative key indicators.279

[CCRiskEcoProfit] (+)  – Compensation/Remuneration Committee  – Risk Adjustment for Economic Profits for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – Coverage/rating + 7/87.50 rprox – relational effect path This variable is hypothesized to act identically to the Compensation/Remuneration Committee’s variables for risk adjustments for executives and high end employees in Sect. 12.6 above: • [CCPerfObjectBenchHighEnd] (+)  – Banks  – Compensation/Remuneration Committee – Responsibility for Performance Objectives and Benchmarks or All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009); and • [CCRiskAdjustHighEnd] (+)  – Banks  – Compensation/Remuneration Committee – Responsibility for Risk Adjustments (Generally) for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009). Endowing the Compensation/Remuneration Committee with the responsibility for risk adjustments for economic profits for executives and high end employees is hypothesised to act like the director, CEO and management compensation governance variable [EqOptRiskAlignHighEnd] (+) in Sect. 12.5 above. The direction marker for this variable is positive representing an economic profit matched to a level of equity, options, incentives and bonuses giving rise to a level of risk-taking in alignment with outside shareholder interests.280 Thus, the [CCRiskEcoProfit] (+) variable requiring ‘economic profit’ rather than revenue for the calculation of incentives and bonuses for executives and ‘high end’ employees has a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

 Walker Review 2009, above n 2, Para 7.24, pp 114–115.  BCBS Guidelines 2015, above n 4, Para 149, p 34. 280  See discussion in Sect. 12.5 above. 278 279

592

12  Government and Market Reform Report Recommendations for Compensation…

12.23 Remuneration Design Adjustments for the firm’s Risk Appetite, Cost of Capital and Liquidity Risk Risk adjustments for executives and high end employees for the firm’s risk appetite, cost of capital and liquidity risk – relational effect paths Again, the Compensation/Remuneration Committee’s variables for risk adjustments for executives and high end employees is set out in Sect. 12.6 above: • [CCPerfObjectBenchHighEnd] (+)  – Banks  – Compensation/Remuneration Committee – Responsibility for Performance Objectives and Benchmarks for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009); and • [CCRiskAdjustHighEnd] (+)  – Banks  – Compensation/Remuneration Committee – Responsibility for Risk Adjustments (Generally) for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009). The discussion by Van Den Berghe in Sect. 12.18 also suggests three further risk adjustment governance variables for executives and ‘high end’ employees, identical in behaviour and relational effect path to [CCRiskAdjustHighEnd] (+) in Sect. 12.6 above, coverage/rating + 7/87.50 rprox, but more specific in the type of risk adjustment: • [CCHighEndRiskApp] (+) – Compensation/Remuneration Committee – Risk Adjustment for Risk Appetite of Bank for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path 12.11); • [CCHighEndCapCost] (+) – Compensation/Remuneration Committee – Risk Adjustment for Cost of Capital for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (relational effect path 12.16); and • [CCHighEndLiqRisk] (+)  – Compensation/Remuneration Committee  – Risk Adjustment for Liquidity Risk for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (this Sect. 12.23). Again, the direction marker for these variables is positive (+) each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 representing specific adjustments matched to a level of equity and options giving rise to a level of risk-taking in alignment with outside shareholder interests.

12.24  Adjusting Pay Benchmarks for Risk

593

This equates to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for each of these three specialised risk adjustment variables for executives and high end employees.

12.24 Adjusting Pay Benchmarks for Risk The Walker Review 2009 explained that pay benchmarks should be adjusted for risk “to take account of the incremental capital, liquidity, franchise or other risk that would be entailed in vigorous pursuit of, for example, market share or revenue”.281 The difficulty, pointed out the Review, was that: Remuneration schemes cannot impose negative consequences on an executive equivalent to the positive outcomes, and thus risk adjustment in remuneration structures is essential to counterbalance any executive disposition to increase risk as the means of increasing short-­ term returns.282

Thus performance objectives/benchmarks were the responsibility of the Compensation/Remuneration Committee but the risk adjustments were the responsibility of the Board Risk Committee (BRC) advised by the Chief Risk Officer (CRO): Advice on what is effectively the risk coefficient for specific performance objectives should be a clear responsibility of the board risk committee, as discussed in the previous chapter. While it is for the remuneration committee to determine, with the CEO (except in the case of the CEO personally), the performance objectives for the remuneration packages it decides will be appropriate, the board risk committee, advised by the CRO, should be accorded an effectively independent authority in respect of risk adjustment of these objectives.283

Any difference in views on the adjustments were to be decided by the Chairperson of the board and the non-executive directors.284 The variables for risk adjustments for executives and high end employees were introduced in Sect. 12.6 above: • [CCPerfObjectBenchHighEnd] (+)  – Banks  – Compensation/Remuneration Committee – Responsibility for Performance Objectives and Benchmarks for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009); and • [CCRiskAdjustHighEnd] (+)  – Banks  – Compensation/Remuneration Committee – Responsibility for Risk Adjustments (Generally) for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009).  Walker Review 2009, above n 2, Para 7.36, p 118.  Ibid, Para 7.37, p 118. 283  Ibid. 284  Ibid, Recommendation 35, p 119. 281 282

594

12  Government and Market Reform Report Recommendations for Compensation…

And the variable for the Compensation/Remuneration Committee to obtain advice from the Board Risk Committee on risk adjustments to performance objectives from the Walker Review 2009285 was also introduced in Sect. 12.6: • [CCRiskAdjustBRC] (+) – Banks – Compensation Committee –– Compensation Committee to obtain advice from Board Risk Committee advised by the CRO on Risk Adjustments to Performance Objectives – Enhancement of Level of RiskTaking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009).

12.25 Remuneration and Breaches of Company Risk Appetite Limits, Internal Procedures and Legal Requirements For the BCBS, adjustments to pay should also take into account all risks, “including breaches of risk appetite limits, internal procedures or legal requirements”.286 This passage suggests a new governance variable: [CCHighEndBreach] (−) – Banks – Compensation Committee – Risk Adjustment for Breaches by Executives and High End Employees of Company Risk Appetite Limits, Internal Procedures and Legal Requirements – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure  – Coverage/rating − 7/87.50 rprox – relational effect path [CCHighEndBreach] (−) is hypothesised to act like the variable [EqOptRiskFailHighEnd] (−) in Sect. 12.5 above. The direction marker for this variable is negative representing a breach – of risk-appetite limits, internal procedures or legal requirements – which result in a level of risk beyond the bank’s risk appetite or in breach of such procedures and requirements and therefore increase the likelihood of bank losses, internal actions or remediation, external actions or proceedings against the bank or bank failure.287 This equates to a coverage/rating of −7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the [CCHighEndBreach] (−) high end variable.

 Ibid, Recommendation 35, p 22.  BCBS Guidelines 2015, above n 4, Para 149, p 150. 287  See discussion in Sect. 12.5 above. 285 286

Chapter 13

FSB Principles for Sound Compensation Practices (FSBP) and FSB Implementation Standards (FSBIS) Abstract Chapter 13 examines the FSB Principles for Sound Compensation Practices (FSBP) and the FSB Implementation Standards (FSBIS). For the FSBP, FSB principles and standards 1–3 are for effective governance of compensation, FSB principles and standards 4–7 are for effective alignment of compensation with prudent risk-taking and FSB principles and standards 8–9 cover effective oversight and engagement by stakeholders. Moving then to the FSBIS, FSBIS 1 and 2 relate to the Compensation/ Remuneration Committee structure and governance while FSBIS 3 covers compensation and capital. FSBIS 4–14 set out governance variables for pay structure and risk alignment. The chapter concludes with FSBIS 15 which governs disclosure. Keywords  FSB Principles for Sound Compensation Practices · FSB Implementation Standards · Effective governance · Effective alignment · Prudent risk-taking · Effective oversight · Compensation/Remuneration Committee Structure and Governance · Compensation and capital · Pay structure and risk alignment The APRA Final Report and the FSRC Final Report require banks to adhere to the FSB Principles for Sound Compensation of April 20091 – together with the FSB Principles for Sound Compensation Practices Implementation Standards of September 20092 – and the FSB Supplementary Guidance to the FSB Principles and

 Financial Stability Board, FSB Principles for Sound Compensation Practices, 2 April 2009 accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/r_0904b.pdf (‘FSBP’). 2  Financial Stability Board, FSB Principles for Sound Compensation Practices Implementation Standards, 25 September 2009, accessed 28 February 2019, available at http://www.fsb.org/wp-­ content/uploads/r_090925c.pdf (‘FSBIS’). 1

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_13

595

596

13  FSB Principles for Sound Compensation Practices (FSBP) and FSB…

Standards on Sound Compensation Practices, the use of compensation tools to address misconduct risk.3 FSB Principles for Sound Compensation Practices (FSBP) The FSBP do not prescribe the design or levels of individual compensation but, instead, are intended to curb excessive risk taking and encourage risk management: The Principles are intended to reduce incentives towards excessive risk taking that may arise from the structure of compensation schemes. They are not intended to prescribe particular designs or levels of individual compensation. One size does not fit all – financial firms differ in goals, activities and culture, as do jobs within a firm. However, any compensation system must work in concert with other management tools in pursuit of prudent risk taking.4

The link – and necessity for connection – between risk-taking incentives and risk management and control systems is emphasised by the FSB: In principle, if risk management and control systems were strong and highly effective, the risk-taking incentives provided by compensation systems would not matter because risk would stay within the firm’s appetite. In practice, all risk management and control systems have limitations and, as the current crisis has shown, they can fail to properly control risks. The incentives provided by compensation can be extremely powerful. Without attention to the risk implications of the compensation system, risk management and control systems can be overwhelmed, evaded, or captured by risk-takers.5

The FSBP are modelled on the relational approach in the following Sects. 13.1– 13.4 of this Chap. 13.

13.1 FSB Principles and Standards 1–3 for Effective Governance of Compensation For the FSBP, the governance of remuneration or compensation – the responsibility of the board of directors – should adhere to a number of principles, here using the numbering of the FSB (i.e., FSBComp1 represents Principle 1, FSBComp2 represents Principle 2, etc). For these aspects of the board’s functions, there a number new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to:

 Financial Stability Board, Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, The use of compensation tools to address misconduct risk, 9 March 2018, accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/ P090318-1.pdf (‘FSBSupp’). 4  FSBP, above n 1, p 1. 5  Ibid, Commentary on the Principles, p 5. 3

13.1  FSB Principles and Standards 1–3 for Effective Governance of Compensation

597

• the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 16 with a coverage/rating of +7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of −7/87.50 rprox. Thus, the principles and standards for the FSBP for 2009 included: • “the firm’s board of directors must actively oversee the compensation system’s design and operation”7 including: –– [FSBComp1DesignOperate] (+)  – Banks  – FSBP  – Board of Directors  – Responsibility for Oversight and Design of Compensation System by Board of Directors8  – Enhancement of level of risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; –– [FSBComp1BeyondCEOExec] (+) – Banks – FSBP – Board of Directors – Responsibility for Control of Compensation System Beyond Control of CEO and Management9 – Enhancement of level of risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • See also [CompBeyondCEOBrd] (+) variable in Sect. 12.7 – Oversight of Compensation/Remuneration Beyond CEO and Board  – Level of Risk-­ Taking in Alignment with Shareholder Interests, coverage/rating + 7/87.50 rprox (OECD Key Findings 2009); –– [FSBComp1IndRiskExpert] (+)  – Banks  – FSBP  – Board of Directors  – Responsibility for Control of Compensation System by Non-Executive Board Members and Employees who are Independent and Experts in Risk Management and Compensation10 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • see also [CCRemIndMon] (+) variable in Sect. 12.7  – Compensation/ Remuneration Committee  – Compensation Committee Comprised of Independent Directors – Independent Director Monitoring of Remuneration

 Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 7  FSBP, above n 1, Principle 1, p 2 8  Ibid. 9  Ibid. 10  Ibid. 6

598

13  FSB Principles for Sound Compensation Practices (FSBP) and FSB…

Process – Level of Risk-Taking in Alignment with Shareholder Interests, coverage/rating + 7/87.50 rprox (OECD Key Findings 2009); and • see also [CompIndMon] (+) variable in Sect. 33.5 below – Compensation Committee – Independence – Enhancement in Monitoring Effect (Walker Review 2009, EC Second Green Paper 2011 and OECD 2010 Conclusions and Practices); • “the firm’s board of directors must monitor and review the compensation system to ensure the system operates as intended”11 including: –– [FSBComp2BrdMonReview] (+) – Banks – FSBP – Board of Directors – Monitoring and Review of Compensation System by Board of Directors12 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox, the content of this variable to include review for compliance with: • design policies and procedures; and • outcomes, risk measurements and risk outcomes consistent with intentions; • see also [CCHighEndReview] (+) variable in Sect. 12.16 – Compensation/ Remuneration Committee  – Periodic Review of Compensation Policies and Performance-Based Compensation for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholder,s coverage/rating + 7/87.50 rprox; –– [FSBComp2BrdControls] (+)  – Banks  – FSBP  – Board of Directors  – Compensation System to include Controls13 – Enhancement of Level of Risk-­ Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox, including the sub-variables: • [FSBComp2IDDeviations] (+) – Banks – FSBP – Board of Directors – Identification of Material Deviations of Compensation Outcomes14  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [FSBComp2RuleDepart] (+)  – Banks  – FSBP  – Board of Directors  – Identification/Detection of Departures from Rules15  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [FSBComp2SystemWeaks] (+) – Banks – FSBP – Board of Directors – Identification of Unreasonable or Undesirable Outcomes from System Weaknesses including Imprecise Risk Measures16 – Enhancement of Level  Ibid, Principle 2, p 2.  Ibid. 13  Ibid. 14  Ibid, Commentary on the Principles, p 7. 15  Ibid. 16  Ibid, Commentary on the Principles, p 7. 11 12

13.1  FSB Principles and Standards 1–3 for Effective Governance of Compensation

of Risk-Taking in Alignment ing + 7/87.50 rprox;

with

Shareholders,

599

coverage/rat-

• “staff engaged in financial and risk control must be independent, have appropriate authority, and be compensated in a manner that is independent of the business area they oversee and commensurate with their key role in the firm”17 including: –– [FSBComp3RiskStaffIndAuth] (+) – Banks – FSBP – Board of Directors – Independence, Authority and Compensation of Risk Staff Independent of Business Area they Oversee18  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; –– [FSBComp3NoInfluence] (+)  – Banks  – FSBP  – Board of Directors  – Compensation of Risk-Control Employees Not to be Affected by Personnel in Business Units19 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; –– [FSBComp3ShortTComp] (−)  – Banks  – FSBP  – Board of Directors –– Compensation of Risk-Control Employees Affected by Short-Term Measures20 – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox; –– [FSBComp3LowCompQual] (−) – Banks – FSBP – Board of Directors –– Compensation of Risk-Control Employees Too Low Affecting Quality and Authority of Risk-Control Staff21 – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox; –– [FSBComp3QualMeasures] (+)  – Banks  – FSBP  – Board of Directors  – Compensation Quality Measures for Compensation to Avoid Distortions22 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox, the content including: • • • •

all costs23; quality and independence of valuations24; “avoiding giving current-year credit for expected future-year revenue”25; and avoiding “a long tail of risk on the firm in the form of model assumptions which cannot be validated and whose failure only becomes apparent in future years”.26

 Ibid, Principle 3, p 2.  Ibid. 19  Ibid, Commentary on the Principles, p 7. 20  Ibid. 21  Ibid. 22  Ibid. 23  Ibid. 24  Ibid. 25  Ibid. 26  Ibid. 17 18

600

13  FSB Principles for Sound Compensation Practices (FSBP) and FSB…

–– see also [CultFailAuthRiskFn] (−) variable in Sect. 40.2 – Bank Culture – Inconsistent/Weak Credibility, Authority and Respect of Risk Function  – Reduction of Monitoring Effect  – Reduction in Quality of Decision-making (APRA); –– see also [FailLowStatus] (−) variable in Sect. 38.5 – Banks – Board Oversight of Risk Management  – Separation and Low Status of Risk Managers  – Causing Deficiency or Reduction in Flow of Information from Management to Risk Managers – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility (OECD Key Findings 2009 and EC Green Paper 2010); and –– see also [SecLineComplyRecogStat&Auth] (+) variable in Sect. 45.1  – Banks – second Line Risk Management Function – Recognition, Stature and Authority of Compliance Function  – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Enhancement in Information Flow  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making (APRA);

13.2 FSB Principles and Standards 4–7 for Effective Alignment of Compensation with Prudent Risk-Taking Again, these FSB governance variables are modelled on: • the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating + 7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox. Thus, the principles and standards for the FSBP for 2009 included: • “compensation must be adjusted for all types of risk”27 including: –– [FSBComp4RiskAdjustAll] (+)  – Banks  – FSBP  – Adjustment to Compensation of All Employees for All Types of Risk Prospective and Actually Realised28  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; –– [FSBComp4Quant&Judge] (+)  – Banks  – FSBP  – Adjustment to Compensation of All Employees for All Types of Risk Based on Quantitative

27 28

 Ibid, Principle 4, p 2.  Ibid.

13.2  FSB Principles and Standards 4–7 for Effective Alignment of Compensation...

601

Measures and Human Judgment29 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; –– [FSBComp4RiskAdjustLiqRisk] (+)  – Banks  – FSBP  – Adjustment to Compensation of All Employees for Liquidity Risk30 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; –– [FSBComp4RiskAdjustReputRisk] (+)  – Banks  – FSBP  – Adjustment to Compensation of All Employees for Reputational Risk31 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; and –– [FSBComp4RiskAdjustCostCap] (+)  – Banks  – FSBP  – Adjustment to Compensation of All Employees for Cost of Capital32  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox. The FSB explains that Principle 4 “adjusts for risk that the employee or business unit imposes on the firm but that is not yet realized.”33 • see also: –– [CCPerfObjectBenchHighEnd] (+) variable in Sect. 12.6  – Banks  – Compensation/Remuneration Committee  – Responsibility for Performance Objectives and Benchmarks for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009); –– [CCRiskAdjustHighEnd] (+) variable in Sect. 12.6 – Banks – Compensation/ Remuneration Committee – Responsibility for Risk Adjustments (Generally) for All Executives and High End Employees – Enhancement of Level of RiskTaking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (Walker Review 2009); –– [CCRiskAdjustBRC] (+) variable in Sect. 12.6  – Banks  – Compensation/ Remuneration Committee –– Compensation/Remuneration Committee to Obtain Advice from Board Risk Committee (BRC) advised by the Chief Risk Officer (CRO) on Risk Adjustments to Performance Objectives – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (Walker Review 2009); –– [CCHighEndCapCost] (+) variable in Sect. 12.16  – Compensation/ Remuneration Committee  – Risk Adjustment for Cost of Capital for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (IIF);  Ibid.  Ibid. 31  Ibid. 32  Ibid. 33  Ibid, Commentary on Principles, p 8. 29 30

602

13  FSB Principles for Sound Compensation Practices (FSBP) and FSB…

–– [CCHighEndRiskApp] (+) variable in 12.11 – Compensation/Remuneration Committee – Risk Adjustment for Risk Appetite of Bank for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (IIF); –– [RASQualRepRisk] (+) variable in Sect. 40.5  – Banks  – Boards  – Risk Appetite Statement – Qualitative Measure of Reputational Risk – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making (BCBS); and –– [RASQuantLiquidity] (+) variable in Sect. 40.5 – Banks – Boards – Risk Appetite Statement – Quantitative Measure of Liquidity Risk – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making (BCBS); • “compensation outcomes must be symmetric with risk outcomes”34 including: –– [FSBComp5RiskSymmetry] (+) – Banks – FSBP – Compensation Outcomes to be Symmetrical with Risk Outcomes (Generally)35 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox including the sub-variables: • [FSBComp5BonusPoolSize] (+) – Banks – FSBP – Compensation Pool Size to be Linked to Overall Performance of Bank36  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [FSBComp5IncentContribPerform] (+)  – Banks  – FSBP  – Employee Incentive Payments Linked to Individual’s Contribution to Overall Bank Performance37 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; and • [FSBComp5BonusDimDisapp] (+)  – Banks  – FSBP  – Bonuses to Diminish or Disappear for Poor Bank, Divisional or Business Unit Performance38 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox. The FSB explains that bonuses have been moved upwards for good performance but there has been hesitation in reducing bonuses for poor performance which is inconsistent with Principle 5: the bonus component of compensation has been much more variable upward in response to good performance than downward in response to poor performance, especially poor firm-­ wide performance. In years of losses by the firm as a whole, most employees’ bonuses at

 Ibid, Principle 5, p 3.  Ibid. 36  Ibid. 37  Ibid. 38  Ibid. 34 35

13.2  FSB Principles and Standards 4–7 for Effective Alignment of Compensati…

603

most firms have continued at a significant portion of boom-year levels. In other words, the size of firms’ bonus pools showed much more inertia than did economic performance.39

• see also: –– [CCRemLTVRHighEnd] (+) – Compensation/Remuneration Committee – Long-Term Focus for All Executives and High End Employees – Long-Term Variable Remuneration for All Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (APRA)(relational effect path in Sect. 12.6 above); –– [CCRemLTVRActual] (+) – Compensation/Remuneration Committee  – Long-Term Variable Remuneration for Performance Actually Realised  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA) (relational effect path in Sect. 12.7 above); and –– [CCRemFailPayPerform] (−) – Compensation/Remuneration Committee – Absence and/or Weakness between Remuneration and Performance – Risk-­ Taking in Excess of Risk Appetite  – Likelihood of Bank Failure, coverage/rating  −  7/87.50 rprox (OECD Key Findings 2009)(relational effect path in Sect. 12.7); • “compensation payout schedules must be sensitive to the time horizon of risks”40 including: –– [FSBComp6RiskTimeHoriz] (+) – Banks – FSBP – Compensation Schedule Matched to Time Horizon of Risks41 – Enhancement of Level of Risk-­Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including the sub-variables: • [FSBComp6DeferTimeHoriz] (+)  – Banks  – FSBP  – Variable Compensation Deferred According to Time Horizon of Risks42  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [FSBComp6STPayForLTRisks] (−)  – Banks  – FSBP  – Payment Over Short Term Where Risks Realised Long Term 43  – Risk-Taking in Excess of Risk Appetite  – Likelihood of bank Failure, coverage/ rating − 7/87.50 rprox; • [FSBComp6PayForUnreal] (−) – Banks – FSBP – Payout for Unrealised or Uncertain Income at Time of Payout44 – Risk-Taking in Excess of Risk Appetite – Likelihood of bank Failure, coverage/rating − 7/87.50 rprox;  Ibid, Commentary on Principles, p 11.  Ibid, Principle 6, p 3. 41  Ibid. 42  Ibid. 43  Ibid. 44  Ibid. 39 40

13  FSB Principles for Sound Compensation Practices (FSBP) and FSB…

604

• see also: –– [CCHighEndRiskTime] (+) variable in Sect. 12.12  – Compensation/ Remuneration Committee  – Risk Adjustment for ‘Risk Time Horizon’ of Profit for Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox (IIF); –– [CCRemLTVRHighEnd] (+) variable in Sect. 12.6 – Compensation/ Remuneration Committee – Long-Term Focus for All Executives and High End Employees – Long-Term Variable Remuneration for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA); –– [CCRemLTVRActual] (+) variable in Sect. 12.7  – Compensation/ Remuneration Committee  – Long-Term Variable Remuneration for Performance Actually Realised  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (APRA); and –– see also the variables in Sect. 12.18 above: • • • • •

[CCRemRestrictPropn] (+); [CCRemDefer] (+); [CCRemDelay] (+); [CCRemLock-Up] (+); and [CCRemClawBack] (+).

The FSB favoured “clawback” in the case of poor performance or poorly-­ performed exposures but was against “golden parachutes”: One way to align time horizons is to place a portion, and in some cases up to the entirety, of any given year’s bonus grant, both cash and equity, into the equivalent of an escrow account. All or part of the grant is reversed if the firm as a whole performs poorly or if the exposures the employee caused the firm to assume in the year for which the bonus was granted perform poorly (a “clawback”). Departure of the employee from the firm should not trigger early payout (hence, for example, many past “golden parachute” arrangements did not conform to this principle).45

“Golden handshakes” on commencement with the bank were also problematic in the face of the relevant Principle 6 while “multi-year guaranteed bonuses” offended this Principle: “Golden handshake” payments that reimburse unvested compensation foregone at the employee’s predecessor firm are a difficult problem. If employees are routinely compensated by a new employer for accumulated unvested bonuses, or for vested bonuses still subject to clawback, in a manner that removes the employee’s exposure to risks imposed on the old employer, the incentive effects of the Principles will be reduced. Similarly, multi-­ year guaranteed bonuses are not in line with the principle.46

45 46

 Ibid, Commentary on Principles, p 12.  Ibid (footnote omitted).

13.3  FSB Principles and Standards 8–9 for Effective Oversight and Engagement…

605

• “the mix of cash, equity and other forms of compensation must be consistent with risk alignment”47 including: –– [FSBComp7CashEqMixRisk] (+) – Banks – FSBP – Mix of Cash, Equity and Other Compensation to be Risk Aligned with Employee’s Position and Role48 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox. The FSB explains that Principles 5, 6 and 7 “are practices that make compensation appropriately sensitive to risk outcomes”49 and: These Principles complement the risk adjustment approach because available risk measures, both quantitative and judgmental, have limitations. Sole reliance on them is likely to leave loopholes that would encourage taking poorly measured risk. If compensation is sensitive to outcomes, exploiting the loopholes becomes less attractive.50

The FSB explains that the ‘mix’ should seek to align executives with the long-­ term interests of the bank: The goal should be a mix of cash, ordinary equity, and appropriately structured options that generates a closer match between executive incentives and the long term stewardship of the firm than in the past. Variable compensation for senior executives is probably more risk-aligned when a relatively small fraction is paid in cash and most is deferred.51

13.3 FSB Principles and Standards 8–9 for Effective Oversight and Engagement by Stakeholders Again, these FSB governance variables are modelled on: • the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating + 7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox. Thus, the principles and standards for the FSBP for 2009 included:

 Ibid, Principle 7, p 3.  Ibid. 49  Ibid, Commentary on Principles, p 8. 50  Ibid. 51  Ibid, p 11. 47 48

13  FSB Principles for Sound Compensation Practices (FSBP) and FSB…

606

• “supervisory review of compensation practices must be rigorous and sustained, and deficiencies must be addressed promptly with supervisory action”52 including: –– [FSBComp8Supervision] (+) – Banks – FSBP – Bank to have Constructive Relationship with Supervisors to Ensure Compensation Practices Conform with FSB Principles53 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox. For Principle 9, the FSB states: • “firms must disclose clear, comprehensive and timely information about their compensation practices to facilitate constructive engagement by all stakeholders”54 including: –– disclosure variables based on the [CCDiscloseBandElement] (+) variable in Sect. 12.17 of Stage 2 and, in turn, the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 each with a coverage/rating of +8/100.00 rprox include: • [FSBComp9DisclosePractices] (+) – Banks  – FSBP  – Clear, Comprehensive and Timely Information about Compensation Practices55 – Enhancement in Risk Management and Internal and External Monitoring, coverage/rating + 8/100.00 rprox including: –– –– –– –– ––

all elements of the Principles56; design and manner of implementation57; manner of risk adjustment58; relation of compensation to actual performance over time59; compensation outcomes for employees at different levels and business units60; and –– summaries of results of internal and external audits61; • [FSBComp9DisclRiskManConts] (+) – Banks – FSBP – Disclosure of Risk Management Controls and Other Control Systems62 – Enhancement in Risk Management and Internal and External Monitoring, coverage/rating + 8/100.00 rprox;  Ibid, Principle 8, p 3.  Ibid. 54  Ibid, Principle 9, p 3. 55  Ibid. 56  Ibid, Commentary on Principles, p 14. 57  Ibid. 58  Ibid. 59  Ibid. 60  Ibid. 61  Ibid. 62  Ibid, Principle 9, p 3. 52 53

13.3  FSB Principles and Standards 8–9 for Effective Oversight and Engagement…

607

• see also [CCDiscloseBandElement] (+) variable in Sect. 12.17  – Compensation/Remuneration Committee  – Disclosure of Bands and Elements of Compensation for Executives and High End Employees  – Enhancement in Risk Management and Internal and External Monitoring, coverage/rating + 8/100.00 rprox: • The approach to the [CCDiscloseBandElement] (+) variable is to hypothesise that it is identical in direction, behaviour and relational effect path to the [TransTimeMon] (+)63 variable in section 9.1.2.1 of Stage 1, coverage/rating  +  8/100.00 rprox. That variable links, most directly, the transparency and timing of reporting with both enhancement of the risk management and monitoring function (Risk Management, Monitoring & Audit Factor No 564) and the quality of decision-making (Decision-making Factor No 765). Given its focus on risk management, monitoring and decision-making, the [TransTimeMon] (+) variable’s relational effect path is positive (+) and the zone of effect of that relational effect path is hypothesised to be similar to that of the [BrdSkills] (+)66 and [BrdIndMon] (+)67 variables but with an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance68); and • Vital, too, in the [TransTimeMon] (+) variable is the operation of Reporting Factor No 1 and Compliance Factor No 2 again described in section 9.1.2.1 of Stage 1. The relational effect path of the [TransTimeMon] (+) variable, coverage/rating  +  8/100.00 rprox, is hypothesized to begin with Reporting Factor No 1 and Compliance Factor No 2 as the ‘drivers’ of the zone of effect. But the FSB’s commentary on the supervisory oversight/review of compensation and stakeholder engagement principles69 is beyond the scope of this Stage 2 Key Code and Advanced Handbook.

 Transparency and timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 6, pp 262–263. 64  See discussion in section 2.6.5 of Stage 1, above n 6, pp 47–51. 65  See discussion in section 2.6.7 of Stage 1, above n 6, pp 51–58. 66  Board – Director Skills ‘Mix’ – see Figure 7.2 and discussion in section 7.3.1.2.1 of Stage 1, above n 6, pp 198–201. 67  Board Independent Director: Executive Director Proportion – Monitoring Effect – see discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, above 6, pp 208–212. 68  See discussion in section 2.6.2 of Stage 1, above n 6, pp 41–43. 69  FSBP, above n 1, Commentary on Principles, p 14. 63

608

13  FSB Principles for Sound Compensation Practices (FSBP) and FSB…

13.4 FSB Implementation Standards (FSBIS) The FSBIS are a set of standards for implementation of the FSBP. Again, these FSBIS governance variables are modelled on: • the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating + 7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox. FSBIS 1 and 2 and the Compensation/Remuneration Committee Structure and Governance Thus, the implementation standards for the Compensation/Remuneration Committee for the FSBIS for 2009 included: • [FSBIS1CCStructGov] (+)  – Banks  – FSBIS  – Compensation/Remuneration Committee  – Structure and Governance to Oversee Compensation System70  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including the following: –– “competent and independent judgment on compensation policies and practices and the Incentives for managing risk, capital and liquidity”71; –– working closely with the bank’s BRC72; –– compensation policy in compliance with FSBP and supervisory/regulatory authorities73; and –– annual compensation review including external review74; • [FSBIS2RiskEmployRemPerf] (+) – Banks – FSBIS – Risk and Compliance Employees  – Remuneration and Performance Measures75  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including the following: –– remuneration independent of other business units76; –– qualifications and experience77; and –– performance measures based on objectives.78  FSBIS, above n 2, Governance IS 1, p 2.  Ibid. 72  Ibid. 73  Ibid. 74  Ibid. 75  Ibid, Governance IS 2, p 2. 76  Ibid. 77  Ibid. 78  Ibid. 70 71

13.4  FSB Implementation Standards (FSBIS)

609

FSBIS 3 and Compensation and Capital Thus, the implementation standards for compensation and capital for the FSBIS for 2009 included: • [FSBIS3VarCompCap] (+) – Banks – FSBIS – Compensation/Remuneration Committee  – Total Variable Compensation Does Not Inhibit Strengthening of Capital Base79  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including the following: –– limiting variable compensation as a percentage of total net revenues.80 FSBIS 4–14 Pay Structure and Risk Alignment Thus, the implementation standards for pay structure and risk alignment for the FSBIS for 2009 included: • [FSBIS4VarCompPoolRisks] (+)  – Banks  – FSBIS  – Compensation/ Remuneration Committee  – Size and Allocation of Variable Compensation to Take Account All Current and Potential Risks81 – Enhancement of Level of Risk-­ Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including the following: –– cost and quantity of capital; –– cost and quantity of liquidity risk; and –– consistency with timing and likelihood with potential future revenues.82 • [FSBIS5VarCompNegFinPerform] (+)  – Banks  – FSBIS  – Compensation/ Remuneration Committee – Size of Variable Compensation Pool to Contract for Subdued and Negative Financial Performance of Bank83 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including the following: –– use of malus and clawback arrangements.84 • [FSBIS6VarCompExecRiskExpose] (+)  – Banks  – FSBIS  – Compensation/ Remuneration Committee  – Structure of Variable Compensation of Senior Executives with Material Risk Exposures85  – Enhancement of Level of RiskTaking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including the following: –– substantial portion of compensation to be variable86;  Ibid, Compensation and Capital IS 3, p 2.  Ibid. 81  Ibid, Pay Structure and Risk Alignment IS 4, p 3. 82  Ibid. 83  Ibid, Pay Structure and Risk Alignment IS 5, p 3. 84  Ibid. 85  Ibid, Pay Structure and Risk Alignment IS 5, p 3. 86  Ibid. 79 80

610

13  FSB Principles for Sound Compensation Practices (FSBP) and FSB…

–– 40% – 60% of variable portion to be deferred over years87; and –– deferral proportion to increase with seniority and responsibility so that it exceeds 60% for senior executives.88 • [FSBIS7VarCompDeferPeriod] (+)  – Banks  – FSBIS  – Compensation/ Remuneration Committee – Deferral Period of at Least 3 Years89 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including the following: –– vesting of deferred compensation no faster than on a pro-rata basis.90 • [FSBIS8VarCompEquityPropn] (+)  – Banks  – FSBIS  – Compensation/ Remuneration Committee – Substantial Proportion of More than 50% of Variable Compensation to be Equity or Equity-Linked/Non-Cash Instruments91  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including the following: –– aligning incentives with long-term value and risk horizons92; and –– subject to a share-retention policy.93 • [FSBIS9VarCompCashPropn] (+)  – Banks  – FSBIS  – Compensation/ Remuneration Committee – Cash Proportion of Variable Compensation to Vest Gradually94  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including the following: –– claw-back in times of negative contribution of bank or business unit95; and –– subject to realised performance.96 • [FSBIS10GovtRestructComp] (+)  – Banks  – FSBIS  – Compensation/ Remuneration Committee  – Restructure of Compensation for Risk and LongTerm Growth in Case of Government Intervention to Stabilise Bank97  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/ rating + 7/87.50 rprox including the following: –– independent review of compensation of executives and high end employees.98

 Ibid.  Ibid. 89  Ibid, Pay Structure and Risk Alignment IS 7, p 3. 90  Ibid. 91  Ibid, Pay Structure and Risk Alignment IS 8, p 3. 92  Ibid. 93  Ibid. 94  Ibid, Pay Structure and Risk Alignment IS 9, p 3. 95  Ibid. 96  Ibid. 97  Ibid, Pay Structure and Risk Alignment IS 10, p 4. 98  Ibid. 87 88

13.4  FSB Implementation Standards (FSBIS)

611

• [FSBIS11NoGuarBonuses] (+) – Banks – FSBIS – Compensation/Remuneration Committee – Prohibition of Guaranteed Bonuses Not Based on Risk or Actual Performance99  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox excluding the following: –– minimum bonuses to hire new staff only in first year.100 • [FSBIS12TermPayRuleValRisk] (+)  – Banks  – FSBIS  – Compensation/ Remuneration Committee – Contractual Termination Payments Only Permitted if Based on Long-Term Value Creation and Prudent Risk-Taking101 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including the following: –– such payments to be only for actual performance achieved over time.102 • [FSBIS13ComplyFSBP&S] (+)  – Banks  – FSBIS  – Compensation/ Remuneration Committee – Compliance with FSB Principles and Standards for Sound Compensation103 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including the following: –– compliance with supervisory measures104; and • [FSBIS14NoHedgeCompInsure] (+)  – Banks  – FSBIS  – Compensation/ Remuneration Committee – Employees to Comply with No Hedging Strategies and/or Compensation- and Liability-Related Insurance105  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox. FSBIS 15 – Disclosure For disclosure of the compensation system, the FSB requires a disclosure variable – here based on the [CCDiscloseBandElement] (+) variable in Sect. 12.17 of Stage 2 and, in turn, the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 each with a coverage/rating of +8/100.00 rprox – as follows: • [FSBIS15CompDiscloseAnnReport] (+) – Banks  – FSBP  – Clear, Comprehensive and Timely Disclosure in an Annual Report about the Compensation System106 – Enhancement in Risk Management and Internal and External Monitoring, coverage/rating + 8/100.00 rprox including107:

 Ibid, Pay Structure and Risk Alignment IS 11, p 4.  Ibid. 101  Ibid, Pay Structure and Risk Alignment IS 12, p 4. 102  Ibid. 103  Ibid, Pay Structure and Risk Alignment IS 13, p 4. 104  Ibid. 105  Ibid, Pay Structure and Risk Alignment IS 14, p 4. 106  Ibid, Disclosure IS 15, pp 4–5. 107  Ibid. 99

100

612

–– –– –– –– –– –– ––

13  FSB Principles for Sound Compensation Practices (FSBP) and FSB…

all national requirements; design characteristics; criteria for performance and risk adjustments; pay for performance link; deferral/vesting policy and criteria; allocation parameters for cash/other compensation; quantitative information on compensation for senior executives and high end employees who affect risk including:

• amounts of remuneration for the financial year, split into fixed and variable compensation, and number of beneficiaries; • amounts and form of variable compensation, split into cash, shares and share-linked instruments and other; • amounts of outstanding deferred compensation, split into vested and unvested; • the amounts of deferred compensation awarded during the financial year, paid out and reduced through performance adjustments; • new sign-on and severance payments made during the financial year, and number of beneficiaries of such payments; and • the amounts of severance payments awarded during the financial year, number of beneficiaries, and highest such award to a single person.108

• See also [FSBComp9DisclosePractices] (+) variable in Sect. 13.3 above – Banks  – FSBP  – Clear, Comprehensive and Timely Information about Compensation Practices109 – Enhancement in Risk Management and Internal and External Monitoring, coverage/rating + 8/100.00 rprox. FSBIS 16–19 – Supervisory Oversight A discussion of the FSM Implementation Standards 16–19 for supervisory oversight is beyond the scope of the Stage 2 Key Code and Advanced Handbook.110

 Ibid.  Ibid. 110  Ibid, Supervisory Oversight IS 16–19, p 5. 108 109

Chapter 14

NAB Self-Assessment 2018 Recommendations and Commentary on Remuneration Abstract  Chapter 14 of the Stage 2 Key Code and Advanced Handbook for Australian major banks examines the NAB Self-Assessment 2018’s recommendations and commentary on remuneration. This begins with the NAB remuneration framework recommendations for fixed and variable remuneration and the NAB remuneration framework recommendations for consequence management. There follows the NAB board oversight of remuneration practices and the NAB remuneration governance model. The chapter continues by examining NAB’s assessment of risk and conduct within the remuneration framework and concludes with NAB’s application of remuneration consequences. Keywords  NAB Self-Assessment 2018 · Remuneration framework · Fixed and variable remuneration · Consequence management · Board oversight of remuneration practices · Risk · Conduct · Remuneration consequences For the NAB Self-Assessment 2018,1 the governance of remuneration or compensation – the responsibility of the Compensation/Remuneration Committee – should adhere to a number of principles, here using the ‘NABComp’ prefix. For these aspects of the NAB remuneration/compensation framework, there are a number new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to: • the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 12 with a coverage/rating + 7/87.50 rprox; and

1  National Australia Bank, NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/content/dam/ nabrwd/documents/reports/corporate/nab-self-assessment-2018.pdf (‘NAB Self-Assessment 2018’), pp 45–49. 2  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’).

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_14

613

614

14  NAB Self-Assessment 2018 Recommendations and Commentary on Remuneration

• the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox. Thus, the governance variables from the NAB Self-Assessment 2018 included:

14.1 NAB Remuneration Framework – Fixed and Variable Remuneration In the positive (+) direction for fixed remuneration: • [NABCompFixedCashSalary] (+)  – Banks  – NABComp  – Compensation/ Remuneration Committee  – Fixed Remuneration Comprising Annual Cash Salary3 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompFixedCashBench] (+)  – Banks  – NABComp  – Compensation/ Remuneration Committee – Fixed Remuneration Benchmarked Against Market Data4 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; In the positive (+) direction for variable remuneration: • [NABCompVarCash] (+) – Banks – NABComp – Compensation/Remuneration Committee  – Variable Remuneration Component in Cash5  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompVarDeferSharesELT] (+) – Banks – NABComp – Compensation/ Remuneration Committee  – Variable Remuneration Component in Deferred NAB Shares  – Deferred Minimum 4  Years for Executive Leadership Team (ELT)6 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox;

For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27 3  NAB Self-Assessment 2018, above n 1, p 47. 4  Ibid. 5  Ibid. 6  Ibid.

14.1  NAB Remuneration Framework – Fixed and Variable Remuneration

615

• [NABCompVarDeferSharesOther] (+) – Banks – NABComp – Compensation/ Remuneration Committee  – Variable Remuneration Component in Deferred NAB Shares – Deferred Minimum 2 or 3 Years for Other Roles7 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompVarDeferSharesExtend] (+)  – Banks  – NABComp  – Board  – Variable Remuneration Component in Deferred NAB Shares  – Extension of Period8 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompVarDeferSharesForfeit] (+)  – Banks  – NABComp  – Board  – Variable Remuneration Component in Deferred NAB Shares – Forfeit of Shares During Deferral Period9 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox including the following sub-variables: –– [NABCompVarDeferSharesForfeitResign] (+)  – Banks  – NABComp  – Board – Variable Remuneration Component in Deferred NAB Shares – Forfeit of Shares During Deferral Period for Resignation10 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; –– [NABCompVarDeferSharesForfeitDismiss] (+)  – Banks  – NABComp  – Board – Variable Remuneration Component in Deferred NAB Shares – Forfeit of Shares During Deferral Period for Dismissal with Cause11 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; –– [NABCompVarDeferSharesForfeitConduct] (+)  – Banks  – NABComp  – Board – Variable Remuneration Component in Deferred NAB Shares – Forfeit of Shares During Deferral Period for Failure to Meet Threshold Conduct Requirements12  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompVarDeferSharesClawback] (+) – Banks – NABComp – Board – Variable Remuneration Component in Deferred NAB Shares  – Clawback13  Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/ rating + 7/87.50 rprox;

 Ibid.  Ibid. 9  Ibid. 10  Ibid. 11  Ibid. 12  Ibid. 13  Ibid. 7 8

14  NAB Self-Assessment 2018 Recommendations and Commentary on Remuneration

616

• [NABCompVarCalc] (+) – Banks – NABComp – Board – Variable Remuneration Calculation14  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox including the following sub-variables: –– [NABCompVarCalcIndivTarget] (+)  – Banks  – NABComp  – Board  – Variable Remuneration Calculation – Individual Target for Variable Reward Opportunity ($)15 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; –– [NABCompVarCalcIndivScore] (+)  – Banks  – NABComp  – Board  – Variable Remuneration Calculation  - Individual Score for Performance Against a Balanced Scorecard16  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; –– [NABCompVarCalcGroupPerform] (+) – Banks – NABComp – Board – Variable Remuneration Calculation - One NAB Score Reflecting the Group’s Performance17  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; and –– [NABCompVarCalcBrdAdjust] (+)  – Banks  – NABComp  – Board  – Variable Remuneration Calculation  - Board Discretion to Adjust Variable Reward Outcomes Downward18  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox.

14.2 NAB Remuneration Framework – Consequence Management In the positive (+) direction for ‘consequence management’19 in relation to variable remuneration: • [NABCompConseqManAmberGate] (+)  – Banks  – NABComp  – Board  – Consequence Management for Variable Remuneration – Conduct Gates – Amber Conduct Gate for 25% Reduction of Variable Reward20 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompConseqManRedGate] (+)  – Banks  – NABComp  – Board  – Consequence Management for Variable Remuneration – Conduct Gates – Red Conduct Gate for No Variable Reward and Forfeiture of Prior Years Reward Still  Ibid.  Ibid. 16  Ibid. 17  Ibid. 18  Ibid. 19  Ibid. 20  Ibid. 14 15

14.2  NAB Remuneration Framework – Consequence Management

617

in Deferral21  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompConseqManRiskGoal] (+)  – Banks  – NABComp  – Board  – Consequence Management for Variable Remuneration – Risk Goal – Reduction of Variable Remuneration for Risk Goal Not Met22 - Enhancement of Level of Risk-­Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompConseqManDeferral (+)  – Banks  – NABComp  – Board  – Consequence Management for Variable Remuneration  – Deferral of Variable Reward – Applies to amounts above $50,000 – Range 30% Deferred for 2 Years to 60% Deferred for 4  Years23  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including; –– forfeiture conditions; and –– see also the ‘NABCompVarDeferShares’-prefix variables in Sect. 14.1 above; • [NABCompConseqManClawBEAR&MRTs] (+)  – Banks  – NABComp  – Board – Consequence Management for Variable Remuneration – Clawback for BEAR Accountable Persons, UK MRTs or Senior Managers24 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompConseqManCCMon] (+) – Banks – NABComp – Compensation/ Remuneration Committee  – Consequence Management for Variable Remuneration  – Consequence Management Monitoring by Compensation/ Remuneration Committee for Poor Conduct and Risk Management Issues25  Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox the content of this variable including26: –– Monthly Group CRO Report; –– Quarterly risk culture updates; –– Six-monthly updates to BRC and Compensation/Remuneration Committee on risk performance; and

 Ibid.  Ibid. 23  Ibid. 24  Ibid. The Australian Treasury announced in a Proposals Paper of 22 January 2020 that it proposed to extend the BEAR to other APRA regulated entities in the insurance and superannuation industries with the introduction of the Financial Accountability Regime (FAR). See Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, accessed 17 February 2020, available at https://treasury.gov.au/sites/default/files/2020-01/c2020-24974.pdf. See Attachment A  – Summary of changes from the BEAR to the FAR, pp 11–13. The Government intends to introduce legislation by the end of 2020 to implement the FAR. See Proposal Paper, Next steps, p 3. 25  NAB Self-Assessment 2018, above n 1, ibid. 26  Ibid. 21 22

618

14  NAB Self-Assessment 2018 Recommendations and Commentary on Remuneration

–– Full-year update on risk performance including bank-wide risk management consequence; • [NABCompConseqManCCRoles] (+) – Banks – NABComp – Compensation/ Remuneration Committee  – Consequence Management for Variable Remuneration  – Roles and Responsibilities for Consequence Management  Reviewing, Assessing and Recommending Policies and Practices27  Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox the content of this variable including28: –– –– –– –– ––

Encouraging good customer outcomes; Sustainable bank outcomes; Enhancing long-term shareholder returns; Nurturing a strong culture; and Complying with applicable regulatory requirements and global regulatory trends;

• [NABCompConseqManCCStratRev] (+)  – Banks  – NABComp  – Compensation/Remuneration Committee  – Consequence Management for Variable Remuneration  – Roles and Responsibilities for Consequence Management  – Strategic Review of Executive Remuneration Framework29  Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompConseqManCCBEAR] (+) – Banks – NABComp – Compensation/ Remuneration Committee  – Consequence Management for Variable Remuneration  – Roles and Responsibilities for Consequence Management  – Compliance with Laws including BEAR30  - Enhancement of Level of RiskTaking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompConseqManCCSedg] (+) – Banks – NABComp – Compensation/ Remuneration Committee  – Consequence Management for Variable Remuneration  – Roles and Responsibilities for Consequence Management  – Compliance with Sedgwick Review31 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox;

 Ibid, p 48.  Ibid. 29  Ibid. 30  Ibid. The Australian Treasury announced in a Proposals Paper of 22 January 2020 that it proposed to extend the BEAR to other APRA regulated entities in the insurance and superannuation industries with the introduction of the Financial Accountability Regime (FAR). See Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, accessed 17 February 2020, available at https://treasury.gov.au/sites/default/files/2020-01/c2020-24974.pdf. See Attachment A  – Summary of changes from the BEAR to the FAR, pp 11–13. The Government intends to introduce legislation by the end of 2020 to implement the FAR. See Proposal Paper, Next steps, p 3. 31  NAB Self-Assessment 2018, above n 1, ibid. 27 28

14.2  NAB Remuneration Framework – Consequence Management

619

• [NABCompConseqManCCBreach] (+) – Banks – NABComp – Compensation/ Remuneration Committee  – Consequence Management for Variable Remuneration  – Roles and Responsibilities for Consequence Management  – Outcomes for Conduct, Regulatory and Prudential Breaches32 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including33: –– –– –– ––

Risk appetite; Culture; Code of Conduct; and Values;

• [NABCompConseqManCCCollRemOut] (+)  – Banks  – NABComp  – Compensation/Remuneration Committee  – Consequence Management for Variable Remuneration  – Roles and Responsibilities for Consequence Management – With BRC – Collective Remuneration Outcomes34 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including35: –– –– –– ––

Overall bank results; Risk Management Framework (RMF); Risk appetite; Qualitative factors including: • • • • • • • •

Progress against resolving issues; Prudential compliance; Breaches and incidents; Timeliness of escalation; Management of events and breaches; Customer impacts; Reputational impacts; and Determining the One NAB Score (reflecting the group’s performance);

• [NABCompConseqManCCIndivRiskMan] (+)  – Banks  – NABComp  – Compensation/Remuneration Committee  – Consequence Management for Variable Remuneration  – Roles and Responsibilities for Consequence Management – Consideration of Individual Risk Management Performance36 Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including37:

 Ibid.  Ibid. 34  Ibid. 35  Ibid. 36  Ibid. 37  Ibid. 32 33

620

14  NAB Self-Assessment 2018 Recommendations and Commentary on Remuneration

–– Impact on individual variable reward outcomes; –– Detailed assessment of individuals’ involvement in customer, risk and reputation matters; and –– Specific consequences applied where appropriate; • [NABCompConseqManCCStratPeop] (+)  – Banks  – NABComp  – Compensation/Remuneration Committee  – Consequence Management for Variable Remuneration  – Roles and Responsibilities for Consequence Management – Strategic People Topics38 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including: –– Bank people strategy through three-year transformation program.39

14.3 NAB Board Oversight of Remuneration Practices In the positive (+) direction for ‘board oversight of remuneration practices’ in relation to: • [NABCompBoardOseeRemPracts] (+) – Banks – NABComp – Board – Board Oversight of Remuneration Practices  – Changes to Remuneration and Performance Frameworks40 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including41: –– Review of all sales incentive arrangements; –– Sedgwick Review recommendations; –– Review of executive remuneration including engagement with stakeholders including42: • • • •

Customers; Shareholders; Regulators; and Other stakeholders;

–– Review of formal end-of-year risk performance reporting to ensure appropriate data sharing between management, BRC and Compensation/Remuneration Committee including43: • Increased level of individual and collective performance data for recommendations for ELT reward outcomes;  Ibid.  Ibid. 40  Ibid. 41  Ibid. 42  Ibid. 43  Ibid. 38 39

14.4  NAB Remuneration Governance Model

621

• Data and insights to improve assessment of whether remuneration policies are driving desired or undesired behaviours across the bank; and • Improvement of links between risk topics discussed at BRC and consequence management outcomes. Thus, Action #22 for the NAB Self-Assessment 2018 is to: Improve the quality of data and insights provided to the Board, to facilitate a more data driven approach to testing the effectiveness of NAB’s remuneration practices throughout the bank.44

14.4 NAB Remuneration Governance Model In the positive (+) direction for ‘remuneration governance model’ in relation to: • [NABCompRemGovJointBRCCC] (+) – Banks – NABComp – Joint Meetings between BRC and Compensation/Remuneration Committee45 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including46: –– Discussions of risk management performance and related reward recommendations; –– Attendance of Group CRO at all Compensation/Remuneration Committee Meetings; and –– Increased data, insights and evidence to flow from BRC to Compensation/ Remuneration Committee for remuneration consequence and consequence management; • [NABCompRemGovIndivMRTs] (+) – Banks – NABComp – Compensation/ Remuneration Committee  - Oversight of Performance and Remuneration Outcomes for Individual Material Risk Takers (MRTs)47 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including48: –– Individual level data on MRT performance outcomes and recommended incentive allocations; and –– Attestation by Group CRO for review and approval of these; • [NABCompRemGovOutcomes] (+)  – Banks  – NABComp  – Compensation/ Remuneration Committee - Focus on Outcomes rather than Process in Discussions

 Ibid.  Ibid. 46  Ibid. 47  Ibid, p 49. 48  Ibid. 44 45

622

14  NAB Self-Assessment 2018 Recommendations and Commentary on Remuneration

and Papers49  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompRemGovEmergeRisk] (+) – Banks – NABComp – Compensation/ Remuneration Committee - Focus/Proactive on Emerging Risks50 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; and • [NABCompRemGovStratPeop] (+)  – Banks  – NABComp  – Compensation/ Remuneration Committee  - Engagement with Compensation/Remuneration Committee on Strategic People-Related Issues to Support the Board’s Discussions51  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox.

14.5 NAB Assessment of Risk and Conduct Within the Remuneration Framework In the negative (−) direction for ‘risk and conduct within the remuneration framework’ in relation to: • [NABCompRisk&CondPerfApplic] (−) – Banks – NABComp – Compensation/ Remuneration Committee  – Risk and Conduct  - Failings in Application of Remuneration Framework - Requiring Continual Monitoring and Reporting52 Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/ rating − 7/87.50 rprox; In the positive (+) direction for ‘risk and conduct within the remuneration framework’ in relation to: • [NABCompRisk&CondPerfDesign] (+) – Banks – NABComp – Compensation/ Remuneration Committee  - Risk and Conduct  - Remuneration Framework Design – In Theory - Conduct and Risk Management Appropriately Incorporated into Performance Assessments53  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompRisk&CondSnrExecPerfObject] (+)  – Banks  – NABComp  – Compensation/Remuneration Committee – Risk and Conduct - Senior Executive Performance Review  – Five Equally Weighted Objectives54  - Enhancement of

 Ibid.  Ibid. 51  Ibid. 52  Ibid. 53  Ibid. 54  Ibid. 49 50

14.5  NAB Assessment of Risk and Conduct Within the Remuneration Framework

623

Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including55: –– –– –– –– ––

Customer; Risk; Financial; People and leadership; and Strategy;

• [NABCompRisk&CondQualMeasVarReward] (+)  – Banks  – NABComp  – Compensation/Remuneration Committee  – Risk and Conduct  - Qualitative Measures in Application of Discretionary Adjustment to Variable Reward56  Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including57: –– –– –– –– ––

risk; quality of financial results; customer; people; and financial returns;

• [NABCompRisk&CondRiskAdjFinMetric] (+)  – Banks  – NABComp  – Compensation/Remuneration Committee  – Risk and Conduct  - Increased Weighting on Risk-Adjusted Financial Metric to Determine Group Variable Reward58 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompRisk&CondMandRisk&Cust] (+)  – Banks  – NABComp  – Compensation/Remuneration Committee – Risk and Conduct - Mandated Risk and Customer Goals for All Employees59 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompRisk&CondDeferAmts&Periods] (+)  – Banks  – NABComp  – Compensation/Remuneration Committee  – Risk and Conduct  - Increased Deferral Amounts and Time Periods for Earnings above Threshold Amounts60 Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox: –– See also the ‘NABCompVarDeferShares’-prefix variables in Sect. 14.1 above;

 Ibid.  Ibid. 57  Ibid. 58  Ibid. 59  Ibid. 60  Ibid. 55 56

624

14  NAB Self-Assessment 2018 Recommendations and Commentary on Remuneration

• [NABCompRisk&CondReduceSalesIncent] (+)  – Banks  – NABComp  – Compensation/Remuneration Committee  – Risk and Conduct  - Reduction in Prevalence and Number of Sales-Based Incentive Plans61  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [NABCompRisk&CondOseeELT&Brd] (+) – Banks – NABComp – ELT and Board – Risk and Conduct - Oversight of Risk and Conduct within Remuneration Framework62  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; and • [NABCompRisk&CondOseeSedg] (+)  – Banks  – NABComp  – ELT and Board – Risk and Conduct - Oversight of Risk and Conduct within Remuneration Framework  – Changes by Sedgwick Review Recommendations for Retail Banking63  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox.

14.6 NAB Application of Remuneration Consequence In the positive (+) direction for ‘application of remuneration consequence’ in relation to: • [NABCompRemConseqCollReduce] (+)  – Banks  – NABComp  – Board  – Collective Reductions for Remuneration Under Board Discretion64 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including65: –– Regulatory compliance; –– Customer service outcomes; and –– Bank reputation; • [NABCompRemConseqIndivReduce] (+)  – Banks  – NABComp  – Board  – Individual Reductions for Individual Variable Reward Under Board Discretion66 Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/ rating + 7/87.50 rprox including67: –– Accountabilities; –– Customer;

 Ibid.  Ibid. 63  Ibid. 64  Ibid. 65  Ibid. 66  Ibid. 67  Ibid. 61 62

14.6  NAB Application of Remuneration Consequence

–– –– –– ––

625

Risk and reputation outcomes; Risk management performance; Table of risk matters for GMs, EGMs and ELT; and Consequences including: • Forfeiting deferred reward; and • Specific individual percentage reductions.

In the negative (−) direction for ‘application of remuneration consequence’ in relation to: • [NABCompRemConseqUnclearAcc] (−)  – Banks  – NABComp  – Board  – Failings in Individual Downside Adjustments for Leadership Roles Due to Unclear Accountabilities68 - Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox; and • [NABCompRemConseqForfeitEquity] (−) – Banks – NABComp – Board – Failings in Individual Downside Adjustments for Customer-Facing Employees on Sales and Service Plans – Limited to Forfeited Equity Only69 - Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox.

68 69

 Ibid.  Ibid.

Chapter 15

Westpac Review Team 2018 Recommendations and Commentary on Remuneration Abstract  Chapter 15 of the Stage 2 Key Code and Advanced Handbook for the governance of Australian major banks examines the Westpac Review Team 2018 recommendations and commentary on remuneration. This commences with Westpac’s remuneration approach for fixed and variable remuneration. Next, we examine Westpac’s risk gates for short term variable reward, Westpac’s risk adjustments for short term variable reward and Westpac’s navigation and consistency of frameworks and policies. There follows discussion of Westpac’s use of malus provisions, Westpac’s deferral of variable reward and its implementation of the Sedgwick recommendations. The discussion turns to Westpac’s non-remuneration components of consequence management and, to conclude, Westpac’s factors that inform accountability outcomes  - accountability frameworks and policies, diffusion of accountability and the BEAR. Keywords  Westpac Review Team 2018 · Fixed and variable remuneration · Short-term variable reward · Risk adjustments · Malus · Deferral · Sedgwick recommendations · Non-remuneration consequence management · Accountability outcomes For the Westpac Self-Assessment 2018,1 the governance of remuneration or compensation  – the responsibility of the Compensation/Remuneration Committee  – should adhere to a number of principles, here using the ‘WBCComp’ prefix. For these aspects of the Westpac remuneration/compensation framework, there are a number new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to:

 Westpac Banking Corporation, Review Team, Governance, Accountability and Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-Assessment_Report_.pdf (‘Westpac Review Team 2018’), pp 73–80. 1

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_15

627

628

15  Westpac Review Team 2018 Recommendations and Commentary on Remuneration

• the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 12 with a coverage/rating of +7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of −7/87.50 rprox. Thus, the governance variables from the Westpac Self-Assessment 2018 included:

15.1 Westpac’s Remuneration Approach – Fixed and Variable Remuneration In the positive (+) direction for fixed remuneration: • [WBCCompFixedPaySalary] (+)  – Banks  – WBCComp  – Compensation/ Remuneration Committee – Fixed Pay Comprising Salary and Salary-Sacrificed Items3 – Enhancement of Level of Risk-Taking in Alignment with Shareholders coverage/rating + 7/87.50 rprox (Westpac). In the positive (+) direction for variable remuneration: • [WBCCompSTVRCash&DeferShares&Rights] (+) - Banks – WBCComp – Compensation/Remuneration Committee – Short Term Variable Reward in Form of Cash, Deferred Shares or Share Rights4  - Enhancement of Level of Risk-­ Taking in Alignment with Shareholders  - coverage/rating  +  7/87.50 rprox (Westpac); • [WBCCompLTVRShares&RightsRestrictPerf] (+) - Banks  – WBCComp  – Compensation/Remuneration Committee – Long Term Variable Reward in the Form of Deferred Shares or Share Rights Subject to Restrictions and Performance

 Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 3  Westpac Review Team 2018, above n 1, section 10.2.3, p 74. 4  Ibid. 2

15.2  Westpac’s Risk Gates for Short Term Variable Reward

629

Hurdles5 - Enhancement of Level of Risk-Taking in Alignment with Shareholders coverage/rating + 7/87.50 rprox (Westpac); and • [WBCCompSTVRRiskGates&RiskAdj] (+) - Banks  – WBCComp  – Compensation/Remuneration Committee  – STVR Subject to Risk Gates and Risk Adjustments6 - Enhancement of Level of Risk-Taking in Alignment with Shareholders - coverage/rating + 7/87.50 rprox (Westpac).

15.2 Westpac’s Risk Gates for Short Term Variable Reward7 In the positive (+) direction for risk gates for STVR: • [WBCCompSTVRRiskGates] (+) - Banks  – WBCComp  – Compensation/ Remuneration Committee – Short Term Variable Reward Subject to Risk Gates for Eligibility Criteria8  - Enhancement of Level of Risk-Taking in Alignment with Shareholders - coverage/rating + 7/87.50 rprox (Westpac); • [WBCCompSTVRGrpWideRiskGateCode] (+) - Banks  – WBCComp  – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Group-wide Risk Gate Criteria of Code of Conduct9 - Enhancement of Level of Risk-Taking in Alignment with Shareholders  - coverage/rating  +  7/87.50 rprox (Westpac); • [WBCCompSTVRGrpWideRiskGateRisk&Comply] (+) - Banks  – WBCComp  – Compensation/Remuneration Committee  – Short Term Variable Reward Subject to Group-wide Risk Gate Criteria of Risk Management and Compliance Requirements10 - Enhancement of Level of Risk-Taking in Alignment with Shareholders - coverage/rating + 7/87.50 rprox (Westpac) including: –– mandatory compliance training; • [WBCCompSTVRDivLvlRiskGateCriteria] (+) - Banks  – WBCComp  – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Division-Level Risk Gate Criteria11 - Enhancement of Level of Risk-Taking in Alignment with Shareholders  - coverage/rating  +  7/87.50 rprox (Westpac) including: –– Group Risk Adjusted Reward Framework (GRARF); and

 Ibid.  Ibid, section 10.2.4, p 74. 7  Ibid, section 10.3, p 74. 8  Ibid, sections 10.3.1–10.3.3, pp 74–75. 9  Ibid, sections 10.3.4, p 75. 10  Ibid. 11  Ibid, section 10.3.5, p 75. 5 6

630

15  Westpac Review Team 2018 Recommendations and Commentary on Remuneration

–– involvement of Risk and Compliance and HR Functions12; • [WBCCompSTVRRiskGateCloseReview] (+) - Banks  – WBCComp  – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Division-Level Risk Gate Closure Reviewed by Risk and Compliance and HR Functions13  - Enhancement of Level of Risk-Taking in Alignment with Shareholders - coverage/rating + 7/87.50 rprox (Westpac) including: –– tabling of recommendation at relevant remuneration committee14; In the negative (−) direction for risk gates for STVR: • [WBCCompSTVRDivLvlRiskGateVariation] (−) - Banks  – WBCComp  – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Division-Level Risk Gate Criteria  – Variation Between Divisions with Specificity/Clarity of Criteria15  - Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure  - coverage/rating  −  7/87.50 rprox (Westpac) including: –– absence of Group-wide process to support stringency and avoid inconsistencies16; and –– divisional criteria are for front-line roles not support, back-office, control functions and risk and compliance activities.17

15.3 Westpac’s Risk Adjustments for Short Term Variable Reward18 In the positive (+) direction for risk adjustments for STVR: • [WBCCompSTVRRiskAdjustCriteria] (+) - Banks  – WBCComp  – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments for Risk, Compliance and Behaviour Criteria19 - Enhancement of Level of Risk-Taking in Alignment with Shareholders  - coverage/rating + 7/87.50 rprox (Westpac) including: –– involvement of Risk and Compliance and HR Functions20;  Ibid, section 10.3.6, p 75.  Ibid, section 10.3.9, p 75. 14  Ibid, section 10.3.10, p 75. 15  Ibid, section 10.3.7, p 75. 16  Ibid. 17  Ibid. 18  Ibid, section 10.4, p 76. 19  Ibid, sections 10.4.1, p 76. 20  Ibid, section 10.4.2, p 76 12 13

15.3  Westpac’s Risk Adjustments for Short Term Variable Reward

631

• [WBCCompSTVRRiskAdjustReview] (+) - Banks  – WBCComp  – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments Reviewed by Risk and Compliance and HR Functions21 Enhancement of Level of Risk-Taking in Alignment with Shareholders - coverage/rating + 7/87.50 rprox (Westpac) including: –– tabling of recommendation at relevant remuneration committee22; • [WBCCompSTVRRiskAdjustScoreMetric] (+) - Banks  – WBCComp  – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments for Senior Management  – Metricated Scorecard with Percentage Weightings23 - Enhancement of Level of Risk-Taking in Alignment with Shareholders - coverage/rating + 7/87.50 rprox (Westpac) including: –– adherence to Risk Appetite Statement metric of 10% weighting; and –– ability to reduce STVR to 0%24; • [WBCCompSTVRRiskAdjustScoreMetricRisk&Rep] (+) - Banks  – WBCComp  – Compensation/Remuneration Committee  – Short Term Variable Reward Subject to Risk Adjustments for Senior Management  – Metricated Scorecard with Percentage Weightings – 2018 Modification for “Reputation and Risk” Component25 (but subject to insufficient granularity at the specific activity level) - Enhancement of Level of Risk-Taking in Alignment with Shareholders coverage/rating + 7/87.50 rprox (Westpac); • [WBCCompSTVRRiskAdjustDiscretion] (+) - Banks  – WBCComp  – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments for Employees on Discretionary STVR Plans without Scorecards26  - Enhancement of Level of Risk-Taking in Alignment with Shareholders - coverage/rating + 7/87.50 rprox (Westpac); In the negative (−) direction for risk adjustments for STVR: • [WBCCompSTVRRiskAdjustVariation] (−) - Banks  – WBCComp  – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments for Employees Below GM – Variation Between Divisions with Specificity/Clarity of Criteria27 - Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure  - coverage/rating  −  7/87.50 rprox (Westpac) including:

 Ibid.  Ibid. 23  Ibid, section 10.4.7, p 77. 24  Ibid, section 10.4.8, p 77. 25  Ibid, section 10.4.11, p 77. 26  Ibid, section 10.4.13–10.4.14, p 77. 27  Ibid, section 10.4.3, p 76. 21 22

632

15  Westpac Review Team 2018 Recommendations and Commentary on Remuneration

–– absence of Group-wide process to support stringency and avoid inconsistencies28; • [WBCCompSTVRRiskAdjustScoreMetric10%Max] (−) - Banks  – WBCComp  – Compensation/Remuneration Committee  – Short Term Variable Reward Subject to Risk Adjustments for Senior Management  – Metricated Scorecard with Percentage Weightings – Risk Weighting Subject to Maximum of 10% Allows High Percentage of Target Incentive Achieved for Poor Risk Behaviours and Low Risk Management Score29 - Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure  - coverage/rating  −  7/87.50 rprox (Westpac) including: –– ability to reduce STVR to 0% but remuneration tied to “group financial performance with little sensitivity to individual risk management performance”30; • [WBCCompSTVRRiskAdjustDiscretionRare] (−) - Banks  – WBCComp  – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments for Employees on Discretionary STVR Plans without Scorecards31 - Formal Risk Adjustments Rare and No Recording of Discrete Risk Adjustments Limiting Effectiveness32 - Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure - coverage/rating − 7/87.50 rprox (Westpac) remediated by: –– review of risk-adjustment process for discretionary STVR33; • [WBCCompSTVRRiskAdjustReportAgg] (−) - Banks  – WBCComp  – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments  – Failure to Produce Aggregated Data of Total Risk Adjustments34 - Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure - coverage/rating − 7/87.50 rprox (Westpac); • [WBCCompSTVRRiskAdjustReportReason] (−) - Banks  – WBCComp  – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments – Failure to Produce Reasons for Adjustments at Aggregated Level35 - Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure coverage/rating − 7/87.50 rprox (Westpac) including: –– inability to detect trends in behaviours;

 Ibid, section 10.4.4, p 76  Ibid, section 10.4.9, p 77. 30  Ibid, section 10.4.10, p 77. 31  Ibid, section 10.4.13–10.4.14, p 77. 32  Ibid, section 10.4.15–10.4.16, pp 77–78. 33  Ibid, Recommendation A1, p 78. 34  Ibid, section 10.4.17, p 78. 35  Ibid, section 10.4.18, p 78. 28 29

15.4  Westpac’s Navigation and Consistency of Frameworks and Policies

633

• [WBCCompSTVRRiskAdjustEfficacy] (−) - Banks  – WBCComp  – Compensation/Remuneration Committee – Short Term Variable Reward Subject to Risk Adjustments – Perceived “Anchor” or Indicative Level of STVR to which Adjustments are Made Restricts Impact on Risk Behaviours36 - Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure - coverage/rating − 7/87.50 rprox (Westpac) to be remediated by: –– “explicit recording and clear communication of impacts on individual remuneration arising from risk, compliance, customer or behavioural matters”37 in Variable Reward Guidance (VRG) Initiative.38

15.4 Westpac’s Navigation and Consistency of Frameworks and Policies39 In the negative (−) direction for frameworks and policies: • [WBCCompMultiGrp&DivFrames] (−) - Banks  – WBCComp  – Compensation/Remuneration Committee  – Problems in Navigating Multiple Group and Divisional Frameworks and Policies40  - Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure - coverage/rating − 7/87.50 rprox (Westpac); • [WBCCompMultiTerms] (−) - Banks  – WBCComp  – Compensation/ Remuneration Committee  – Problems of Consistency in Divisions and Committees Defining/Referring Terms including to Risk Gate and Risk Adjustment Criteria41 - Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure - coverage/rating − 7/87.50 rprox (Westpac); and • [WBCCompMultiRecordPractices] (−) - Banks – WBCComp – Compensation/ Remuneration Committee – Problems of Consistency in Recording Practices42 Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure - coverage/ rating − 7/87.50 rprox (Westpac).

 Ibid, section 10.4.19, p 78.  Ibid, section 10.4.20, p 78. 38  Ibid, section 10.4.21, p 78. 39  Ibid, section 10.5, p 79. 40  Ibid, sections 10.5.2 and Recommendation A3, p 79. 41  Ibid, sections 10.5.3 and Recommendation A3, p 79. 42  Ibid, sections 10.5.4 and Recommendation A3, p 79. 36 37

634

15  Westpac Review Team 2018 Recommendations and Commentary on Remuneration

15.5 Westpac’s Use of Malus Provisions43 In the positive (+) direction for malus provisions: • [WBCCompMalusNotVested] (+) - Banks  – WBCComp  – Compensation/ Remuneration Committee – Malus Provisions for Variable Reward Granted But Not Yet Vested44  - Enhancement of Level of Risk-Taking in Alignment with Shareholders - coverage/rating + 7/87.50 rprox (Westpac) including: –– material financial or reputational harm; –– inaccurate performance measurement; and –– misconduct; In the negative (−) direction for malus provisions: • [WBCCompMalusNoClawback] (−) - Banks – WBCComp – Compensation/ Remuneration Committee – No Clawback for Variable Reward After Vested or Paid45 - Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure coverage/rating − 7/87.50 rprox (Westpac).

15.6 Westpac’s Deferral of Variable Reward46 In the positive (+) direction for deferral of variable reward: • [WBCCompDeferralFrameAllSTVR] (+) - Banks  – WBCComp  – Compensation/Remuneration Committee  – Group Variable Reward Deferral Framework for All Employees Receiving STVR47  - Enhancement of Level of Risk-Taking in Alignment with Shareholders - coverage/rating + 7/87.50 rprox (Westpac) including: –– deferred portion increases with amount of STVR48; –– threshold of: • at least 40% of STVR; • minimal deferral of 2 years; and • at least 50% of the portion being paid in equity49; –– for Group Executives and most GMs:  Ibid, section 10.7, p 79.  Ibid, section 10.7.1, p 79. 45  Ibid. 46  Ibid, section 10.8, p 80. 47  Ibid, sections 10.8.1–10.8.2, p 80. 48  Ibid. 49  Ibid, section 10.8.3, p 80. 43 44

15.8  Westpac’s Non-remuneration Components of Consequence Management

635

• minimum deferral of 2  years (GMs in Financial Markets and Treasury 4 years); and • minimum threshold of 50% of STVR for Group Executives and 40% for GMs.50

15.7 Westpac’s Implementation of Sedgwick Recommendations51 In the positive (+) direction for Sedgwick Review recommendations: • [WBCCompSedgwickReview] (+) - Banks  – WBCComp  – Compensation/ Remuneration Committee  – Early Implementation of Sedgwick Review Recommendations by 1 October 201852 - Enhancement of Level of Risk-Taking in Alignment with Shareholders - coverage/rating + 7/87.50 rprox (Westpac).

15.8 Westpac’s Non-remuneration Components of Consequence Management53 In the positive (+) direction for non-remuneration consequence management outcomes: • [WBCNonRemConseqManTypes] (+) - Banks  – WBCNonRem  – Non-­ Remuneration Consequence Management54  - Outcomes for Employees below GM-1 - Enhancement of Level of Risk-Taking in Alignment with Shareholders coverage/rating + 7/87.50 rprox (Westpac) including: –– –– –– ––

formal coaching formal warning; termination; and review frameworks and policies for all roles and responsibilities across divisions including back office, support and control functions55;

• [WBCNonRemConseqManBehaviours] (+) - Banks – WBCNonRem – Non-­ Remuneration Consequence Management  - Outcomes for Employees below

 Ibid, section 10.8.4, p 80  Ibid, section 10.9, p 80. 52  Ibid, section 10.9.1, p 80. 53  Ibid, Chap. 11, Other Consequence Management, p 82. 54  Ibid, sections 11.2.2, p 82. 55  Ibid, Recommendation A4, p 84. 50 51

636

15  Westpac Review Team 2018 Recommendations and Commentary on Remuneration

GM-1 – Examples of Unacceptable Behaviours and Associated Consequences56 Enhancement of Level of Risk-Taking in Alignment with Shareholders - coverage/rating + 7/87.50 rprox (Westpac); • [WBCNonRemConseqManTypesGM&GM-1] (+) - Banks – WBCNonRem – Non-Remuneration Consequence Management  - Outcomes for Employees at GM and GM-1 Levels57 - Enhancement of Level of Risk-Taking in Alignment with Shareholders - coverage/rating + 7/87.50 rprox (Westpac) including: –– formal warning; and –– termination; In the negative (−) direction for non-remuneration consequence management outcomes: • [WBCNonRemConseqManFailGrpWideReview] (−) Banks  – WBCNonRem – Non-Remuneration Consequence Management - Outcomes for Employees below GM-1  – Failure to Have Group-Wide Process to Review Outcomes for Consistency58  - Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure - coverage/rating − 7/87.50 rprox (Westpac) to be remediated by: –– regular review across group to ensure inconsistencies between divisions are appropriate59; • [WBCNonRemConseqManFailGrpWideReviewGM&GM-1] (−) - Banks – WBCNonRem – Non-Remuneration Consequence Management - Outcomes for Employees at GM and GM-1 Levels – Failure to Have Group-Wide Process to Review Outcomes for Consistency60 - Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure - coverage/rating − 7/87.50 rprox (Westpac) to be remediated by: –– regular review across group to ensure inconsistencies between GM and GM-1 employees are appropriate.61

 Ibid, sections 11.2.3, p 83.  Ibid, sections 11.2.9, p 83. 58  Ibid, sections 11.2.8, p 83. 59  Ibid, Recommendation A4, p 83. 60  Ibid, sections 11.2.11, p 83. 61  Ibid, Recommendation A4, p 83. 56 57

15.9  Westpac’s Factors that Inform Accountability Outcomes

637

15.9 Westpac’s Factors that Inform Accountability Outcomes62 Accountability Frameworks and Policies In the negative (−) direction for accountability frameworks and policies: • [WBCNonRemConseqManAccDefn] (−) - Banks  – WBCNonRem  – Non-­ Remuneration Consequence Management – No Definition of Accountability or Accountability Distinguished from Responsibility63 - Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure - coverage/rating − 7/87.50 rprox (Westpac); • [WBCNonRemConseqManMiscond&Discip] (−) - Banks – WBCNonRem – Non-Remuneration Consequence Management  – Pre-2018 Misconduct and Disciplinary Policy – Insufficient Guidance on Outcomes for Different Types of Misconduct64  - Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure - coverage/rating − 7/87.50 rprox (Westpac); • [WBCNonRemConseqManSuppMultiFrames] (−) - Banks – WBCNonRem – Non-Remuneration Consequence Management  – Supplementary Frameworks for Consumer Bank, Business Bank, BTFG and Specific Behaviours – Problem of Navigating Multiple Frameworks with Inconsistent Outcomes Across Divisions65  - Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure - coverage/rating − 7/87.50 rprox (Westpac) to be remediated by: –– review of all consequence management frameworks and policies for consistencies, acceptable deviations, simplification and consolidation66; In the positive (+) direction for accountability frameworks and policies: [WBCNonRemConseqManGrpFrame] (+) - Banks – WBCNonRem – Non-­ Remuneration Consequence Management  – Group Consequence Management Framework67  - Enhancement of Level of Risk-Taking in Alignment with Shareholders - coverage/rating + 7/87.50 rprox (Westpac) including: –– –– –– ––

more granular detail of consequence management processes; greater consistency across the Group; step-by-step guidance of consequences of behaviour below expectations68; four levels of severity with examples and consequences69; and

 Ibid, section 11.3, p 84.  Ibid, section 11.3.2 and Recommendation A5, p 82. 64  Ibid, section 11.3.3, p 84. 65  Ibid, sections 11.3.6–11.3.7, p 84. 66  Ibid, Recommendation A5, p 84. 67  Ibid, sections 11.3.4, p 84. 68  Ibid, section 11.3.5, p 84 69  Ibid. 62 63

638

15  Westpac Review Team 2018 Recommendations and Commentary on Remuneration

–– clear process and governance structure.70 Diffusion of Accountability In the negative (−) direction for diffusion of accountability: • [WBCNonRemConseqManAccDiffuseFactors] (−) - Banks – WBCNonRem – Non-Remuneration Consequence Management – Factors Affecting Diffusion of Accountability71 - Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure - coverage/rating − 7/87.50 rprox (Westpac) including: –– absence of end-to-end accountability processes across business units and divisions affecting tools, controls, product delivery and identification of accountable persons including72: • BEAR accountability on Group Executives and GMs may unintentionally relieve GM-1 and GM-2 employees of accountability73; • to be remediated by distinction between “standard owner” and “implementer” under BEAR of issues spanning divisions; –– lack of clarity about roles and responsibilities including74: • understanding of difference of accountability and responsibility; • Line 1 does not always take ownership of risks of the business; • blurring of roles and responsibilities of Lines 1 and 2; –– cultural propensity towards collective decision-making including75: • insufficient ownership of actions and outcomes; • making decisions in committees; • to be remediated by: –– measures to hold collective body to account; and –– review accountability frameworks and policies in light of propensity towards collective decision-making76.  Ibid.  Ibid, section 11.3.8, p 85. 72  Ibid, sections 11.3.9–11.3.11, p 85. 73  Ibid, section 11.3.12, p  85. The Australian Treasury announced in a Proposals Paper of 22 January 2020 that it proposed to extend the BEAR to other APRA regulated entities in the insurance and superannuation industries with the introduction of the Financial Accountability Regime (FAR). See Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, accessed 17 February 2020, available at https://treasury.gov.au/sites/default/files/2020-01/ c2020-24974.pdf. See Attachment A – Summary of changes from the BEAR to the FAR, pp 11–13. The Government intends to introduce legislation by the end of 2020 to implement the FAR. See Proposal Paper, Next steps, p 3. 74  Westpac Review Team 2018, above n 1, sections 11.3.13–11.3.15, p 85. 75  Ibid, sections 11.3.16–11.3.18, pp 85–86. 76  Ibid, Recommendation A6, p 86. 70 71

15.9  Westpac’s Factors that Inform Accountability Outcomes

639

The BEAR In the positive (+) direction for Banking Executive Accountability Regime: • [WBCNonRemConseqManBEARAcc] (+) - Banks  – WBCNonRem  – Non-­ Remuneration Consequence Management  – Articulation of Accountability for Directors, Group Executives and GMs under the BEAR77  - Enhancement of Level of Risk-Taking in Alignment with Shareholders - coverage/rating + 7/87.50 rprox (Westpac) including: –– policies and frameworks for implementation/operation: • BEAR Governance Policy; • Reasonable Steps Framework; and • Operational Plans.78 The BEAR is examined in detail in Chap. 20 below.

 Ibid, sections 11.4.2, p 86. The Australian Treasury announced in a Proposals Paper of 22 January 2020 that it proposed to extend the BEAR to other APRA regulated entities in the insurance and superannuation industries with the introduction of the Financial Accountability Regime (FAR). See Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, accessed 17 February 2020, available at https://treasury.gov.au/sites/default/files/2020-01/c2020-24974.pdf. See Attachment A – Summary of changes from the BEAR to the FAR, pp 11–13. The Government intends to introduce legislation by the end of 2020 to implement the FAR. See Proposal Paper, Next steps, p 3. 78  Westpac Review Team 2018, above n 1, ibid. 77

Chapter 16

Shareholder Value Maximisation in Banks and Financial Firms

Abstract  Chapter 16 of the Stage 2 Key Code and Advanced Handbook for the governance of Australian major banks examines shareholder value maximisation in banks and financial firms. We begin by examining how traditional governance variables maximise the share price through incentives, governance variables and shareholder wealth-­maximisation. We see that incentives tied to the short-term share price for executives and high end employees can lead to risk-taking in excess of risk appetite and increase the likelihood of bank failure. We see that cashing-out equity and options in the GFC reduced executive losses on bank holdings. But, limits on the short-term cashing-out of equity and options by executives and high end employees may help to achieve a level of risk-taking in alignment with shareholders. We then examine shareholder value-maximisation and ownership structure in the case of incentive equity holdings/plans of directors and officers. We find that shareholdings of lower-level management predict bank failure and that owner-control predicts bank failure due to increased risk-taking. The chapter then turns to examine the risk preference of bank management and shareholders which may diverge. Substantial equity ownership is not aligned where holding positions are short-term while long-term stock holding and capping the ratio of variable to fixed compensation may enhance the level of risk-taking in alignment with shareholders. “Inside debt” compensation reduces risk-taking. Keywords  Shareholder value maximisation · Incentives · Governance variables · Incentives and risk-taking · Risk-taking and risk appetite · Ownership structure · Risk preference · Short-term stock holding · Long-term stock holding · Inside debt

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_16

641

642

16  Shareholder Value Maximisation in Banks and Financial Firms

16.1 Traditional Governance Variables Maximise the Share Price The operation of the efficient market hypothesis, the market for corporate control, the shareholder primacy model of corporate governance and its related shareholder wealth-maximisation principle were examined in Key Field No 1 in Chapter 4 of Stage 11  – the application of the principal theories of the firm to the relational approach. Incentives, Governance Variables and Shareholder Wealth-Maximisation In Chap. 8 above of this Stage 2 Key Code and Advanced Handbook, the relational approach examined maximising the ‘default standard’ of shareholder value as that concept had been established by Key Field No 1. In particular, the relational approach asked whether the shareholder wealth-maximisation principle should apply to banks and financial firms? Keeping the risk theme introduced at the start of this Part 4, in this section, the Stage 2 relational approach examines how these questions can be used as a springboard for a discussion of performance-based and variable-based pay  – such as equity, options and bonuses. The themes are examined to suggest new bank-specific governance variables for the Stage 2 relational approach. As an example which arose in the GFC, and using the efficient market hypothesis and shareholder wealth-maximisation principle, Armour and Gordon emphasise that corporate governance mechanisms – the governance variables – encourage the management to maximize shareholder value, in this case proxied by the share price: Corporate governance mechanisms thus encourage managers to maximize the value of shareholders’ claims. Shares in widely held firms are traded on capital markets, which—if they are informationally efficient—function to aggregate into the stock price all publicly available information relevant to the value of diversified shareholders’ claims. This provides a useful way to implement the maximization of the value of shareholders’ claims: that is, to encourage managers to maximize the share price. The share price increases in response to activities that increase the value of shareholders’ claims, as a sole owner would wish… U.S. corporate governance consequently seeks to focus managers’ incentives on maximizing the stock price.2

 Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 2  John Armour and Jeffrey N Gordon, “Systemic Harms and Shareholder Value” (2014) 6(1) The Journal of Legal Analysis 35; ECGI – Law Working Paper No. 222; Columbia Law and Economics Working Paper No. 452, (11 July 2014), accessed 11 May 2017 at SSRN: http://ssrn.com/ abstract=2307959, 36 (footnote omitted). The efficient market hypothesis, that a corporation’s value is accurately reflected in the stock price, is discussed in section 4.2.2 of Stage 1, above n 1, pp 80–82. 1

16.1  Traditional Governance Variables Maximise the Share Price

643

But the authors found that financial firms in the GFC took the largest risks and sustained the largest losses principally on account of governance variables – such as stock-based compensation examined in Chapter 10 of Stage 1 and independent directors examined in Chapter 7 of Stage 1 – which operated in conditions of systemic (consequential failure) risk to other financial firms/banks and non-­ financial firms: The case of banks illustrates dramatically the problems of SVM [shareholder value maximization] in relation to systemic harms. The failure of a bank can trigger harms both to other banks and to nonfinancial firms that might have used it as a source of credit. Thus bank risk-taking has a systematic, as opposed to idiosyncratic (firm-specific), character. Yet bank executives who had the strongest incentives to maximize the value of bank shares—as reflected in stock-based compensation, oversight by independent directors, and shareholder power—worked at the firms that took the greatest risks and suffered the greatest losses.3

Hopt had a similar view on “perverse incentives” in equity-based pay systems which caused executives to focus on the short-term.4 The OECD Kirkpatrick Report 2009 similarly found remuneration and incentive systems influenced the sensitivity of financial institutions to the shocks of the GFC and “unsustainable balance sheet positions”: It has been often argued that remuneration and incentive systems have played a key role in influencing not only the sensitivity of financial institutions to the macroeconomic shock occasioned by the downturn of the real estate market, but also in causing the development of unsustainable balance sheet positions in the first place. This reflects a more general concern about incentive systems that are in operation in non-financial firms and whether they lead to excessive short term management actions and to “rewards for failure”.5

Adams undertakes a review of financial firm governance in the financial crisis.6 Further discussed in Chapter 26 of this Stage 2,7 among the variables examined is whether variable performance pay for executives caused them to take on greater risk: It is less clear from the literature what effective CEO and director compensation should look like. To align their incentives with those of shareholders, CEOs and directors should receive a certain amount of performance-based pay in the form of equity. In addition, hold-

 Ibid, 38 (footnotes omitted). The effect of “shareholder power” on the relational approach will be examined in a proposed future Stage of the relational approach. 4  Klaus J Hopt, Better Governance of Financial Institutions, “Corporate Governance of Banks and Other Financial Institutions After the Financial Crisis”, (2013) 13(2) Journal of Corporate Law Studies 219–253 (Part B); “Corporate Governance of Banks after the Financial Crisis”, in E Wymeersch, K J Hopt and G Ferrarini, eds., Financial Regulation and Supervision, A post-crisis analysis, Oxford University Press 2012, pp 337–367 (Part A); ECGI – Law Working Paper No. 207. (1 April 2013), accessed 11 May 2017 at SSRN: http://ssrn.com/abstract=2212198, 13. 5  Grant Kirkpatrick, The Corporate Governance Lessons from the Financial Crisis, Report of the OECD Steering Group on Corporate Governance, 11 February 2009, Financial Market Trends, Vol 2009/1, ISSN 1995-2864, accessed 27 March 2017 at http://search.oecd.org/finance/financial-­ markets/42229620.pdf, (‘OECD Kirkpatrick Report 2009’)\, 12. 6  Renee Adams, “Governance and the Financial Crisis” (Eur. Corp. Governance Inst., Finance Working Paper No. 284/2009, 2009), available at http://ssrn.com/abstract=1398583 7  See discussion in Sect. 26.2 below. 3

644

16  Shareholder Value Maximisation in Banks and Financial Firms

ing performance-pay constant, total compensation should increase as risk increases. However, equity incentives may induce managers to take excessive risks. In addition, poorly governed firms may be more likely to overpay their directors. Thus it is not always clear whether a given compensation contract is effective or not.8

The author finds “the fact that TARP banks had higher performance pay for CEOs is consistent with the idea that performance pay may have led executives of banks to take on too much risk”.9 Fahlenbrach and Stulz examined whether bank CEO incentives – as a method to align the interests of bank CEOs with shareholders  – caused worse firm performance in the crisis.10 The authors conclude that less-well-aligned incentives did not result in worse performance for banks in the GFC: Based on our evidence, lack of alignment of bank CEO incentives with shareholder interests cannot be blamed for the credit crisis or for the performance of banks during that crisis. Whether we look at depository banks only or at a larger sample that includes investment banks as well, there is no evidence that banks with CEOs whose incentives were less well aligned with the interests of their shareholders performed worse during the crisis.11

Indeed, for the authors, banks where CEOs had larger stakes in the bank performed worse in the crisis: When we attempt to explain the performance of banks in the cross section, we find evidence that banks where CEOs had better incentives in terms of the dollar value of their stake performed significantly worse than banks where CEOs had poorer incentives.12

An explanation for the authors is that CEOs with more aligned incentives took greater risks before the crisis which later turned out badly.13 To explain this, the authors explained that CEOs would have sold-off their substantial holdings in their banks before the GFC if they believed they were not acting in shareholders’ interests ex ante.14 [CCSTIncentRisk] (−)  – Compensation/Remuneration Committee  – Incentives Tied to Short-Term Share Price for Executives and High End Employees  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure  – Coverage/rating − 7/87.50 rprox – relational effect path Incentives tied to the short-term share price for executives and ‘high end’ employees are hypothesised to act like the new governance variable [EqOptRiskFailHighEnd] (−) in Sect. 12.5 above. The direction marker for this  Adams, above n 6, 7.  Ibid, 13. 10  Rudiger Fahlenbrach & Rene Stulz, “Bank CEO Incentives and the Credit Crisis” 1 (Fisher Coll. of Bus. Working Paper Series, Working Paper No. 2009-03-013, 2010), available at http://ssrn. com/abstract=1439859, 25. 11  Ibid. 12  Ibid. 13  Ibid, 26. 14  Ibid. 8 9

16.1  Traditional Governance Variables Maximise the Share Price

645

variable is negative representing a short-term share price matched to a level of equity, options and incentives giving rise to risk-taking in excess of the bank’s risk appetite and increasing the risk of bank failure.15 This equates to a coverage/rating of −7/87.50 rprox for the [CCSTIncentRisk] (−) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) of this Stage 2 for this Compensation Committee high end variable. Incentives and Risk-Taking – Cashing-Out Equity and Options Reduced Executive Losses on Bank Holdings While Cheffins observed that Enron-like financial statement manipulation frauds generally did not occur,16 he does show that executive pay was targeted – with justification – by shareholders in the GFC: Of the 14 companies removed from the S&P 500 during 2008 where there was publicized criticism of executive pay, 11 were at risk companies [ ], implying critics specifically (and sensibly) targeted executives who presided over a massive write-down in shareholder value. As for the other three companies, they were perhaps singled out because CEO pay comfortably exceeded the 2007 median for S&P 500 CEOs ($8.4 million). In addition, at one of the companies the CEO resigned due to a scandal (Commerce Bancorp) and at another (IAC/ Interactive Corp.) the CEO had been paid an eye-catching total of $295.1 million in 2006 [ ].17

Over time, too, for Cheffins, some executives of failed firms had cashed-out a vast number of options: …To take a high-profile example, while the market value of Lehman Brothers shares held by its CEO Richard Fuld had fallen from nearly $600 million to nothing by the time Lehman Brothers went bankrupt, he had already pocketed an estimated $363 million between 1993 and 2007 by cashing in share options.18

Thus, although bank and financial firm executives suffered high paper losses on their holdings of firm equity when the firm went bankrupt, huge sums of option compensation were cashed out prior to the GFC period reducing the overall loss. Indeed, Bebchuk, Cohen and Spamann examine executive compensation at Bear Sterns and Lehman Brothers from 2000 to 2008.19 The authors explain that many commentators concluded that executive pay and incentives caused excessive risk taking20 but that there was also an opposing view – that incentives did not affect

 See discussion in Sect. 12.5 above.  Brian R Cheffins, “Did Corporate Governance ‘Fail’ During the 2008 Stock Market Meltdown? The Case of the S&P 500” ECGI – Law Working Paper No. 124/2009, (1 May 2009), accessed 11 ay 2017 at SSRN: http://ssrn.com/abstract=1396126, 21. 17  Ibid, 29 (footnote and tables omitted). 18  Ibid, 32 (footnotes omitted). 19  Lucian A Bebchuk, Alma Cohen and Holger Spamann, “The Wages of Failure: Executive Compensation at Bear Stearns and Lehman 2000–2008”, (2010) 27 Yale Journal on Regulation 257–282; Harvard Law and Economics Discussion Paper No. 657; ECGI – Finance Working Paper No. 287, (24 November 2009), accessed 11 May 2017 at SSRN: http://ssrn.com/abstract=1513522 20  Ibid, 1. 15 16

646

16  Shareholder Value Maximisation in Banks and Financial Firms

risk-taking and that, instead, there was failure to perceive risks.21 The authors dismiss the opposing view by demonstrating that executives at Bear Sterns and Lehman Brothers were able to retain significant cash bonuses and cash-out significant amounts of equity which made their “bottom-line payoffs” positive.22 For the authors, executive incentives – which were not returned but taken “off the table” – were not aligned with long-term shareholder value but instead with short-­ term results even when the risk may lead to firm failure: The analysis indicates that the design of the firms’ performance-based compensation did not produce a tight alignment of executives’ interests with long-term shareholder value. Rather, the design provided executives with substantial opportunities (of which they made considerable use) to take large amounts of compensation based on short-term gains off the table and retain it even after the drastic reversal of the two companies’ fortunes. Such a design provides executives with incentives to seek improvements in short-term results even at the cost of maintaining an excessively elevated risk of an implosion at some point down the road.23

The authors make the same conclusion in relation to the payment of bonuses which were not returned24 and the cashing-out of shares and options.25 The solution for the authors is that a “limited fraction” – 10% – of shares and options be allowed to be cashed out in any year.26 Bebchuk and Spamann in their article27 show that, even if these executives made losses ex post the crisis, this did not mean that, ex ante, the risk taken was not a rational one: To be sure, if the losses had been the only possible outcome of the strategy chosen, bank executives would have had every reason not to choose it. But ex ante, the losses that later occurred were only one of a number of possibilities. Bank managers could recognize the possibility of such losses, yet rationally decide that they were outweighed by the possibility of continued profitability of the risky lines of business…The possibility of losses is a normal feature of rational business decisions, and our discussion above has acknowledged such possibilities throughout. The mere fact that a risky strategy turned out to produce losses ex post does not mean that it was not rational to follow the strategy ex ante.28

 Ibid, 1–2.  Ibid, 2. 23  Ibid, 24. 24  Ibid. 25  Ibid. 26  Ibid, 26. 27  Lucian A Bebchuk and Holger Spamann, “Regulating Bankers’ Pay” (2010) 98(2) Georgetown Law Journal 247–287, 2010; Harvard Law and Economics Discussion Paper No. 641, (1 October 12,009), accessed 11 April 2017 at SSRN: https://ssrn.com/abstract=1410072 28  Ibid, 24. 21 22

16.1  Traditional Governance Variables Maximise the Share Price

647

For the authors, mandating the use of restricted common stock,29 ‘Say-on-Pay’ shareholder voting30 and enhancing the role and independence of directors on compensation committees31 does not eliminate incentives for risk-taking. [CCCashOutRisk] (−)  – Short-Term Cashing-Out of Equity and Options by Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure  – Coverage/rating  −  7/87.50 rprox  – relational effect path Bank executives and high end employees cashing-out equity and options in the short term is hypothesised to act like the preceding [CCSTIncentRisk] (−) variable in this Sect. 16.1 above and so is also hypothesised to act like the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 above. The direction marker for this variable is negative representing a level of equity, options and incentives giving rise to a level of risk-taking in excess of the bank’s risk appetite and increasing the risk of bank failure.32 This equates to a coverage/rating of −7/87.50 rprox for the [CCCashOutRisk] (−) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) of this Stage 2 for this Compensation Committee executive and high end employee variable. [CCCashOutLimit] (+) – Limit on Short-Term Cashing-Out of Equity and Options by Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholders – Coverage/rating + 7/87.50 rprox – relational effect path Placing limits on the cashing-out of equity and options by executives and high end employees – as suggested by Bebchuk, Cohen and Spamann in their examination of executive compensation at Bear Sterns and Lehman Brothers from 2000 to 200833 – is hypothesized to have the opposite effect to the [CCCashOutRisk] (−) variable in this Sect. 16.1 above and the [CCSTIncentRisk] (−) variable in this Sect. 16.1 above. Thus, the [CCCashOutLimit] (+) variable is hypothesised to act like the variable [EqOptRiskAlignHighEnd] (+) in Sect. 12.5 above. The direction marker for this variable is positive representing a level of equity, options and incentives giving rise to a level of risk-taking in alignment with outside shareholder interests.34 This equates to a coverage/rating of +7/87.50 rprox for the [CCCashOutLimit] (+) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) of this Stage 2 for this Compensation Committee executive and high end employee variable.

 Ibid, 32–34.  Ibid, 34–35. 31  Ibid, 35–36. 32  See discussion in Sect. 12.5 above. 33  Bebchuk, Cohen and Spamann, above n 19. 34  See discussion in Sect. 12.5 above. 29 30

648

16  Shareholder Value Maximisation in Banks and Financial Firms

16.2 Shareholder Value-Maximisation and Ownership Structure – Incentive Equity Holdings/Plans of Directors and Officers In the following sections, the relational approach examines an additional consideration to the Stage 2 variables suggested by the GFC  – the seniority level of the executives/managers to which equity or options are paid as part of the bank’s incentive equity or option holding plans. In this respect, Berger, Imbierowicz and Rauch examine the ownership structure and equity holdings in failed banks during the GFC.35 The authors separate the ownership structure into three groups.36 For the management structure, the authors identify: the numbers of outside directors, chief officers, and other corporate insiders (all normalized by board size), the board size itself, and if the Chairman is also the CEO.37

The consequences of equity pay to relevant management levels is now considered.

16.3 Shareholdings of Lower-Level Management Predict Bank Failure Continuing here, Berger, Imbierowicz and Rauch identify accounting variables and ownership structure as predictive of bank failure, in particular, larger shareholdings of lower-level management: Our results confirm the extant bank failure literature by finding that accounting variables such as the capital ratio, the return on assets, and the proportion of loans that are non-­ performing help predict bank default. Our key new finding is that the ownership structure of a bank is also an important predictor of bank PD [default probability]. Specifically, we find that larger shareholdings of lower-level management significantly increase bank PD.38

But, for the authors, shareholdings of outside directors and the “chief officers” had no effect on the probability of bank failure39: Lower-level managers with large shares may take on more risk to increase the value of their shares. Outside directors and chief officers would face the same incentives as shareholders,

 Allen N Berger, Björn Imbierowicz and Christian Rauch, The Roles of Corporate Governance in Bank Failures During the Recent Financial Crisis (October 12, 2014), accessed 11 May 2017 at SSRN: http://ssrn.com/abstract=2021799 36  Ibid, 2. 37  Ibid. 38  Ibid, 2–3 (emphasis added). 39  Ibid, 3. 35

16.3  Shareholdings of Lower-Level Management Predict Bank Failure

649

but are vilified in the event of a default, so that the moral hazard problem and the connected risk-taking appetite may be curbed.40

The explanation appears to be based on the level and nature of risk that the different groups face. According to the authors, lower-level management engages in higher risk-taking to increase the share price and can find other comparable employment in the case of bank failure.41 The effect on higher-level management seems to depend on the size of shareholdings. Lower shareholdings of this higher-level management do not create lower risk-taking as the manager has (in effect) a fixed ­remuneration and so depends on continued existence of the firm.42 For higher shareholdings, there are two possibilities for the authors with different consequences for risk-taking: either upper-level managers support and promote risk-taking in the bank to increase the value of their shares, or upper-level managers curb the risk-taking of the bank by monitoring and discouraging lower-level management from taking excessive risks.43

In terms of the relational approach, this operates as a ‘reputational constraint’ on outside directors and chief officers as described in section 4.2.2 of Stage 1.44 For the authors, their solution is to recommend that only minimal stock be given to lower-­ level management “unless they are monitored by upper-level managers who do not benefit substantially from share price increases” and with “more stringent rules on equity-based bank compensation systems.”45 The OECD Kirkpatrick Report 2009 noted that executive directors usually have shareholdings to align with the interests of shareholders and that, similarly, non-­ executive directors also have such holdings provided they are not of a size to reduce their independence.46 But lower-level incentive remuneration at the trading level caused excessive risk taking with unlimited bonuses in case of success and losses limited to zero in case of failure: Official as well as private reports have drawn attention also to remuneration problems at the sales and trading function level. One central banker (Heller, 2008) has argued that the system of bonuses in investment banking provides incentives for substantial risk taking while also allowing no flexibility for banks to reduce costs when they have to: at the upper end, the size of the bonus is unlimited while at the lower end it is limited to zero. Losses are borne entirely by the bank and the shareholders and not by the employee.47

The OECD Key Findings 2009 also considered that an incentive system that operated at lower levels contributed to risk taking:  Ibid, 26.  Ibid, 23. 42  Ibid. 43  Ibid. 44  See discussion in section 4.2.2 of Stage 1, above n 1, 80–82. 45  Berger, Imbierowicz and Rauch, above n 35, 23. 46  OECD Kirkpatrick Report 2009, above n 5, 14. 47  Ibid, 14 (footnote omitted and emphasis added) citing Heller, D. (2008), “Three ways to reform bank bonuses”, Financial Times, 3 February. 40 41

650

16  Shareholder Value Maximisation in Banks and Financial Firms

[S]uccess or failure of its corporate governance system, might well be determined by an incentive system extending well below the CEO and other key executives, the usual focus of corporate governance debates. A number of non-financial companies have faced such situations in the past (Metallgesellschaft, Sumitomo Corporation, etc) and promotion systems have often led to excessive risk taking behaviour including breaches of compliance obligations at lower levels with serious consequences for the company as a whole (e.g. Siemens).48

The OECD 2010 Conclusions and Practices also picked-up on the issue of lower-­ level executives and management who have an effect on the company’s risk taking with disclosure requirements needing to extend to this group49: In their efforts to align remuneration with the longer term interests of the company and its shareholders, it is important for the board to decide and disclose in a remuneration report specific mechanisms that link compensation to the long run interests of the company such as multi-year performance-based vesting conditions, deferred compensation, claw-backs and adjustment for risk. Performance measures should be related to the strategic objectives of the company and the time frame used to measure performance specified.50

How do these observations on the equity holdings of different levels of management translate to variables of the relational approach? [EquityLowerLvlMan] (−)  – Equity Holdings of Lower Level Management  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure  – Coverage/rating − 7/87.50 rprox – relational effect path The preceding discussion suggests that equity holdings of lower level management are hypothesised to increase risk-taking and therefore are hypothesized to have the same negative effect as the [EqOptRiskFailHighEnd] (−) in Sect. 12.5 above. The direction marker for this variable is negative representing a level of equity giving rise to a level of risk-taking in excess of the bank’s risk appetite and increasing the risk of bank failure.51 This equates to a coverage/rating of −7/87.50 rprox for the [EquityLowerLvlMan] (−) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for this Compensation Committee lower level management variable.

 OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis: Key Findings and Main Messages, June 2009, approved for publication 29 May 2009, accessed 12 April 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/43056196. pdf, (‘OECD Key Findings 2009’), p 17. 49  OECD Directorate for Financial and Enterprise Affairs, OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis, Conclusions and emerging good practices to enhance implementation of the Principles, 24 February 2010, accessed 11 May 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/44679170.pdf, (‘OECD 2010 Conclusions and Practices’), Para 24, p 10. 50  Ibid. 51  See discussion in Sect. 12.5 above. 48

16.4  Owner-Control Predicts Bank Failure Due to Increased Risk-Taking

651

[EquityHigherLvlMan] (+/−) – Equity Holdings of Higher Level Management – Effect of Risk-Taking  – Coverage/rating +/−7/87.50 rprox  – relational effect path As noted above, for Berger, Imbierowicz and Rauch, the risk-taking effect of equity holdings of higher level management depends on the size of shareholdings. Again noted by the authors, for higher shareholdings, there are two possibilities with different consequences for risk-taking: either upper-level managers support and promote risk-taking in the bank to increase the value of their shares, or upper-level managers curb the risk-taking of the bank by monitoring and discouraging lower-level management from taking excessive risks.52

Thus, with two possible outcomes, the [EquityHigherLvlMan] (+/−) variable is identical in relational effect path to the [EquityLowerLvlMan] (−) variable in this Sect. 16.3 above and the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 above but with a dual direction marker. The positive (+) direction marker represents an enhancement in the risk ‘alignment’ effect with outside shareholders – a level of equity giving rise to a level of risk-taking in line with outside shareholder interests. The counterpart negative (−) direction marker represents an increase in the likelihood of the bank ‘failure’ effect – a level of equity giving rise to a level of risk-taking in excess of the bank’s risk appetite which increases the likelihood of bank failure. This equates to a coverage/rating of +/−7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the [EquityHigherLvlMan] (+/−) variable.

16.4 Owner-Control Predicts Bank Failure Due to Increased Risk-Taking The effects of ownership concentration are examined by Gropp and Köhler.53 Comparing banks owned by a controlling shareholder as opposed to widely-­ dispersed shareholding manager-controlled banks, the authors found that owner-­ controlled banks took more risks before the financial crisis and consequently had bigger losses: The results in this paper suggest that owner controlled banks experienced higher profits before the crisis and larger losses during the crisis. Both imply that owner controlled banks

 Berger, Imbierowicz and Rauch, above n 35, 23.  Reint Gropp and Matthias Köhler, “Bank Owners or Bank Managers: Who is Keen on Risk? Evidence from the Financial Crisis”, European Business School Research Paper No. 10-02, (23 February 2010), accessed 12 May 2017 at SSRN: http://ssrn.com/abstract=1555663 52 53

652

16  Shareholder Value Maximisation in Banks and Financial Firms

incurred greater risks compared to manager controlled banks. Economically these effects are large.54

The profits of such owner-controlled banks, even in strong-shareholder protection countries, fell significantly more than those of manager-controlled banks in weaker shareholder-protection countries: The profits of banks owned by a majority shareholder operating in a country with strong shareholder rights declined about five times as much during the recent crisis compared to widely held banks operating in countries with weak shareholder rights. These effects are robust to including a wide variety of regulatory, bank specific and country specific variables.55

For the authors, this was a strong answer to popular opinion that the crisis was caused or exacerbated by managers who took more short-term risks on behalf of shareholders because of their compensation packages: The results contradict the popular sentiment that managers took advantage of insufficient control by shareholders to obtain compensation packages that disproportionately reward short-term risk taking (e.g. OECD, 2009). They do not support the idea that aligning the interests of management better with shareholders will reduce risk taking of banks. Instead they suggest the opposite. If management is better controlled by shareholders, banks may increase their risk taking.56

Laeven and Levine examine the relationship between risk taking, bank ownership structure, and bank regulation.57 They find that bank owners take greater risk than non-shareholder managers, that large owners induce managers to take greater risks and that the agency costs of managers vis-à-vis shareholders are reduced by shareholder protection regimes which, as a result, reduce the need for a large shareholder to protect shareholder interests: We find that banks with more powerful owners tend take greater risks, but the relation between ownership and risk weakens in economies with stronger shareholder protection laws. This is consistent with theories predicting that (i) equity holders have stronger incentives to increase risk than non-shareholding managers and debt holders, (ii) large owners with substantial cash flows have the power and incentives to induce the bank’s managers to increase risk taking, but (iii) effective legal protection of small shareholders reduces the need for the emergence of large owners to mitigate agency problems in order to boost bank risk taking.58

For the first finding, the authors explain that diversified owners seek more bank risk than debt holders and non-shareholder managers:

 Ibid, 21–22.  Ibid. 56  Ibid (footnote omitted). 57  Luc Laeven and Ross Levine, “Bank Governance, Regulation and Risk Taking” (2009) 93 J. Fin. Econ. 259, (June 2008), accessed 11 April 2017 at SSRN: https://ssrn.com/abstract=1142967 58  Ibid, 27. 54 55

16.4  Owner-Control Predicts Bank Failure Due to Increased Risk-Taking

653

[D]iversified owners (owners who do not have a large fraction of their personal wealth invested in the bank) tend to advocate for more bank risk taking than debt holders and non-­ shareholder managers (managers who do not have a substantial equity stake in the bank).59

For the second point, the authors explain that regulations such as deposit insurance increase risk-taking by owners: [T]heory predicts that regulations influence the risk taking incentives of diversified owners differently from those of debt holders and non-shareholder managers. For example, deposit insurance intensifies the ability and incentives of stockholders to increase risk …The impetus for greater risk taking generated by deposit insurance operates on owners, not necessarily on non-shareholder managers.60

For the third issue, the authors elaborate “effective shareholder protection laws” reduce the necessity for large shareholders to monitor: Besides empowering equity holders, effective shareholder protection laws reduce the need for the emergence of a large shareholder to mitigate agency problems...Accordingly, large shareholders will play a less prominent role in shaping corporate behavior in economies with effective shareholder protection laws.61

How is the work of Gropp and Köhler and, separately, Laeven and Levine represented in the Stage 2 relational approach? [OwnerControlRisk] (−) – Banks – Owner-Controlled Banks – Effect of Owner-­ Controlled Risk-Taking of Executives and High End Employees – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure  – Coverage/rating − 7/87.50 rprox – relational effect path The preceding discussion suggests that owner-controllers of banks are hypothesised to increase risk-taking by bank managers and therefore are hypothesized to have the same effect as the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 above. The direction marker for this variable is negative representing a level of owner equity giving rise to a level of risk-taking in excess of the bank’s risk appetite and increasing the likelihood of bank failure.62 This equates to a coverage/rating of −7/87.50 rprox for the [OwnerControlRisk] (−) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for this Compensation Committee executive and high end employee variable. Existing [NationGov*] (+) Variable  – National Governance/Shareholder Protection Regime – Coverage/rating + 8/100.00 rprox – relational effect path Laeven and Levine’s third issue  – that “effective shareholder protection laws reduce the need for the emergence of a large shareholder to mitigate agency problems” and that “large shareholders will play a less prominent role in shaping  Ibid, 2.  Ibid. 61  Ibid, 3 (references omitted). 62  See discussion in Sect. 12.5 above. 59 60

654

16  Shareholder Value Maximisation in Banks and Financial Firms

corporate behaviour in economies with effective shareholder protection laws”63 is already encapsulated in the relational approach in the [NationGov*] (+) variable discussed in section 7.3.1.3–7.3.1.3.2 of Stage 164 and Sect. 28.10 of this Stage 2. The [NationGov*] (+) variable has a coverage/rating of +8/100.00 rprox in the Coverage Table (Table 3.1 of Stage 1), the Relational Proximity Table (Table 3.2 of Stage 1) and the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above of this Stage 2).

16.5 Risk Preference of Bank Management and Shareholders May Diverge At the least, for Hopt,65 compensation packages can affect the risk-preference of some corporate actors, particularly management: Equity governance and debt governance face partly parallel and partly divergent interests of management, shareholders, debtholders, and supervisors. Management tends to be risk-­ averse for lack of diversification, but may be more risk-prone because of equity­based compensation, in end games and under similar circumstances. Shareholders are risk­prone and interested in corporate governance. Debtholders are risk-averse and interested in debt governance. Supervisors are risk-averse and interested in maintaining financial stability and in particular in preventing systemic crises.66

Directors, for Hopt, suffered in part from “over-optimism” caused by short-term pay which caused directors to take on high risks which only crystalise or become known in the long-term.67 The problems of high risk-taking by directors were exacerbated by deposit insurance and bail-out systems.68 For the OECD, executives held significant equity in the banks which should have reduced their risk appetite. But this did not occur because of large compensation packages and short-term bonuses: The financial crisis has raised new aspects of the compensation issue, especially at banks. First, especially in the US but also in Europe, executives have had quite large equity positions in their companies. Ceteris paribus, this meant that they faced significant potential downside risks (that materialised,) which should have restricted their risk appetite. However, they also received very large compensation and short term bonuses (for example, the top five executives at Bear Stearns earned on average $28 million in 2006) which ex ante

 Laeven and Levine, above n 57, 3 (references omitted).  See discussion in sections 7.3.1.3–7.3.1.3.2 of Stage 1, above n 1, pp 202–206. 65  Klaus J Hopt, “Corporate Governance of Banks after the Financial Crisis”, in E Wymeersch, K J Hopt and G Ferrarini, eds., Financial Regulation and Supervision, A post-crisis analysis, Oxford University Press 2012, pp 337–367; ECGI – Law Working Paper No. 181/2011 (29 august 2011), accessed 12 May 2017 at SSRN: http://ssrn.com/abstract=1918851 66  Ibid, 3–4. 67  Hopt, above n 4, 16. 68  Ibid, 19 (footnote omitted). 63 64

16.5  Risk Preference of Bank Management and Shareholders May Diverge

655

appears to have more than offset any expected loss on their equity holdings. The compensation structure as a whole led to risk taking strategies for their companies since the executives faced restricted (expected) losses on the downside and their basic cash compensation was high.69

The governance variables arising from these considerations have already been discussed in this Part 4 above: • [BankDepInsure] (−) variable – Banks – Deposit Insurance – Effects of Risk-­ Taking – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure – coverage/rating − 7/87.50 rprox (relational effect path in Sect. 11.7); • [BankGovBail] (−) variable – Banks – Government Bailout – Effects of Risk-­ Taking – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure – coverage/rating − 7/87.50 rprox (relational effect path in Sect. 11.7); • [EqOptRiskAlignHighEnd] (+) variable – Equity and Options for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests – coverage/rating + 7/87.50 rprox70 (relational effect path in Sect. 12.5); • [EqOptRiskFailHighEnd] (−) variable  – Equity and Options for Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure  – coverage/rating  −  7/87.50 rprox71 (relational effect path in Sect. 12.5); • [EquityLowerLvlMan] (−) variable  – Equity Holdings of Lower Level Management  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure – coverage/rating − 7/87.50 rprox (relational effect path in Sect. 16.3); • [EquityHigherLvlMan] (+/−) variable  – Equity Holdings of Higher Level Management – Effect of Risk Taking – coverage/rating +/−7/87.50 rprox (relational effect path in Sect. 16.3); and • [CCSTIncentRisk] (−) – Banks – Compensation Committee – Incentives Tied to Short-Term Share Price for Executives and High End Employees  – Risk-­ Taking in Excess of Risk Appetite – Likelihood of Bank Failure – coverage/rating − 7/87.50 rprox (relational effect path in Sect. 16.1).

 OECD Key Findings 2009, above n 48, 16–17 (footnote omitted).  See discussion in Sect. 12.5 above. 71  David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), Recommendation 34, p 22. 69 70

656

16  Shareholder Value Maximisation in Banks and Financial Firms

16.6 Substantial Equity Ownership Not Aligned Where Holding Positions Are Short-Term Bolton, too, examines the effect of equity ownership as a mechanism to align the interests of directors and management with dispersed shareholders to reduce agency costs.72 The author points to a high degree of share ownership which was not aligned properly73 and shows that the median level of share ownership by directors and CEOs at six particular financial institutions far exceeded the average for firms generally and financial firms.74 Bolton, after explaining that these holdings should have aligned shareholder and management interests in the long-term share price, instead points to the fact that their positions were not long-term particularly for firms at the centre of the crisis: …according to corporate governance theory (see Jensen and Meckling, 1976, or Bhagat and Bolton, 2008), these substantial amounts of stock ownership should better align the interest of these officers and directors with those of external shareholders. The individuals with the above ownership stakes have an enormous amount lose. Therefore, it is in their best interest to manage the firm to maximize the value of their ownership positions over the long term. That, however, assumes that they hold these positions for the long term which is not necessarily the case, especially for the firms at the heart of the U.S. financial crisis.75

Instead stock sales by the directors of these six firms far exceeded stock purchases in number (5-to-1) and dollar value (40-to-1).76 Again, this gives rise to the [CCSTIncentRisk] (−) variable  – Banks  – Compensation Committee  – Incentives Tied to Short-Term Share Price for Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/rating of −7/87.50 rprox (relational effect path in Sect. 16.1). Long-Term Stock Holding and Capping the Ratio of Variable to Fixed Compensation Bolton concludes that the interests of insiders and outsiders align only if both hold the stock long-term.77 The author points to excessive risk and leverage as symptoms of the problem.78 Armour and Gordon, too, support executive pay reforms in financial firms  – some in existence already – which reduce the incentive problems and focus mangers on long-term risk such as:

 Brian J Bolton, “The U.S.  Financial Crisis: A Summary of Causes & Consequences”, (21 October 2009), accessed 12 May 2017 at SSRN: http://ssrn.com/abstract=2133576, 23–26. 73  Ibid, 23. 74  Ibid, 24. 75  Ibid (footnotes omitted). 76  Ibid, 26. 77  Ibid. 78  Ibid. 72

16.6  Substantial Equity Ownership Not Aligned Where Holding Positions Are…

657

restrict[ing] managers’ ability to cash out equity-linked compensation in the short run, effectively forcing managers to post this as a bond for continued good performance… [or] weaken[ing] managerial incentives to increase shareholder value, by imposing a cap on the ratio of variable to fixed executive compensation.79

Again, this gives rise to the following variables from Chap. 12 and this Chap. 16: • [EqOptRiskAlignHighEnd] (+) variable – Equity and Options for Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests – coverage/rating + 7/87.50 rprox80 (relational effect path in Sect. 12.5); • [EqOptRiskFailHighEnd] (−) variable  – Equity and Options for Executives and High End Employees – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure  – coverage/rating  −  7/87.50 rprox81 (relational effect path in Sect. 12.5); • [CCRemLTVRHighEnd] (+) variable – Banks – Compensation Committee – Long-Term Focus for All Executives and High End Employees  – Long-Term Variable Remuneration for All Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating + 7/87.50 rprox (relational effect path in Sect. 12.6); • [CCRemLTVRActual] (+)  – Banks  – Compensation/Remuneration Committee  – Long-Term Variable Remuneration for Performance Actually Realised  – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating  +  7/87.50 rprox (relational effect path in Sect. 12.7); • [CCCashOutRisk] (−) variable  – Short-Term Cashing-Out of Equity and Options by Executives and High End Employees  – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure – relational effect path – coverage/ rating − 7/87.50 rprox (relational effect path in Sect. 16.1); and • [CCCashOutLimit] (+) variable – Limit on Short-Term Cashing-Out of Equity and Options by Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests – coverage/rating + 7/87.50 rprox (relational effect path in Sect. 16.1). [CCVarFixRatio] (+) – Compensation Committee – Capping the Ratio of Variable to Fixed Compensation for Executives and High End Employees  – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – Coverage/rating + 7/87.50 rprox – relational effect path An additional variable is required by Armour and Gordon’s suggestion of capping the ratio of variable to fixed executive compensation, extended here to executives and high end employees.

 Armour and Gordon, above n 2, 58–9.  See discussion in Sect. 12.5 above. 81  Walker Review 2009, above n 71, Recommendation 34, p 22. 79 80

658

16  Shareholder Value Maximisation in Banks and Financial Firms

Endowing the Compensation/Remuneration Committee with the responsibility for capping the ratio of variable to fixed compensation for high end employees is hypothesised to act like the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 above. The direction marker for this variable is positive representing a ratio matched to a level of equity and options giving rise to a level of risk-taking in alignment with outside shareholder interests.82 This equates to a coverage/rating of +7/87.50 rprox for the [CCVarFixRatio] (+) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for this Compensation Committee executive and high end employee variable. Problems with Long-Term Stock Holding Considering whether the CEO and executives should be made to hold their equity compensation throughout the whole period they are at the firm, Booth explains that equity compensation restricts (talented) executives’ ability to diversify risk which may cause them to leave the firm’s employment in order to sell the stock.83 In ­addition, there may be problems of ‘overvalued equity’ where an artificially high stock price is maintained by risky or fraudulent practices lest the stock price should fall, the latter resonating with the Enron collapse.84 In Sect. 16.1 of this Chap. 16 above, Bebchuk, Cohen and Spamann investigated share option and bonus compensation at Bear Sterns and Lehman Brothers during 2000–2008.85 They, too, considered whether a “substantial fraction” of shares and equity compensation should be held until retirement: One way to ensure that executives place more weight on long-term stock prices is to require them to retain a substantial fraction of the shares and options awarded to them until retirement. This approach has been long followed by Goldman Sachs, which requires executives to hold 75% of awarded shares until they retire. As one of us stressed in recent work with Jesse Fried, however, hold-till-retirement requirements provide executives with a counterproductive incentive to depart, and this incentive would be especially strong in the case of executives who have been successful and have amassed a large equity portfolio.86

The solution for the authors is that a “limited fraction” – 10% – of shares and options be allowed to be cashed out in any year.87 This aspect is addressed by the [CCCashOutLimit] (+) variable  – Limit on Short-Term Cashing-Out of Equity and Options by Executives and High End Employees – Level of Risk-Taking in Alignment with Shareholder Interests – coverage/rating + 7/87.50 rprox (relational effect path in Sect. 16.1).

 See discussion in Sect. 12.5 above.  Richard A Booth, “Things Happen” (2009) Villanova Law Review, forthcoming, (September 2, 2009), accessed 11 May 2017 at SSRN: http://ssrn.com/abstract=1466941,18 (footnotes omitted). 84  Ibid, 18 (footnotes omitted). 85  Bebchuk, Cohen and Spamann, above n 19. 86  Ibid, 26. 87  Ibid, 26. 82 83

16.7  “Inside Debt” Compensation Reduces Risk-Taking

659

16.7 “Inside Debt” Compensation Reduces Risk-Taking Tung and Wang examine the “inside debt” holdings of CEOs – essentially pensions and deferred compensation88: A nascent literature, unrelated to banks or the Global Financial Crisis, argues that the existing executive compensation literature has overlooked an important species of executive pay incentive: inside debt—firm debt held by insiders of the firm. Conventional wisdom holds that executive pay comes in only two basic forms: cash and equity-based compensation. Managers do not hold inside debt. Recent research shows, however, that managers in fact do hold significant amounts of inside debt in the form of pensions and deferred compensation. These forms of compensation give managers fixed claims against the firm that like conventional debt, depend on the firm’s solvency for full payment.89

For the authors “[t]his counters the risk shifting incentives that accompany equity compensation. It also improves managerial effort as the firm nears insolvency.”90 The authors conclude that there is a positive relationship between inside debt holdings and firm performance during the GFC and that inside debt holdings reduce (negative relationship) risk-taking behaviour by CEOs: We show that CEOs’ inside debt holdings preceding the Crisis are significantly positively associated with bank performance and significantly negatively associated with bank risk taking during the Crisis. Our results are consistent with the existing theoretical and empirical literature on inside debt incentives, though ours is the first study to demonstrate inside debt effects within the highly regulated environment of commercial banking.91

Indeed, the authors believe the effect to be so strong as to permit inside debt holdings to be a substitute for banking regulation.92 The authors thus suggest that inside debt should be part of the “optimal incentive contract”.93 [CEOInsideDebt] (+)  – Bank CEO ‘Inside Debt’  – Level of Risk-Taking in Alignment with Shareholder Interests  – Coverage/rating  +  7/87.50 rprox  – relational effect path The preceding discussion suggests that ‘inside debt’ of bank CEOs is hypothesised to reduce risk-taking by bank managers and therefore is hypothesized to have the opposite effect to the [CCCashOutRisk] (−) variable in Sect. 16.1 above and the [CCSTIncentRisk] (−) variable in Sect. 16.1 above. Thus, the [CEOInsideDebt] (+) variable is hypothesised to act like the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 above. The direction marker for this variable is positive representing a

 Frederick Tung and Xue Wang, “Bank CEOs, Inside Debt Compensation, and the Global Financial Crisis”, Boston Univ. School of Law Working Paper No. 11–49, (11 December 2012), accessed 3 April 2017 at at SSRN: http://ssrn.com/abstract=1570161 89  Ibid, 6–7. 90  Ibid. 91  Ibid, 29. 92  Ibid, 4–5 (footnotes omitted). 93  Ibid, 4–5. 88

660

16  Shareholder Value Maximisation in Banks and Financial Firms

level of ‘inside debt’ (here, pensions and deferred compensation) giving rise to a level of risk-taking in alignment with outside shareholder interests.94 This equates to a coverage/rating of +7/87.50 rprox for the [CEOInsideDebt] (+) high end variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

94

 See discussion in Sect. 12.5 above.

Chapter 17

Additional Compensation/Remuneration Committee Considerations

Abstract In Chap. 17 we examine additional Compensation/Remuneration Committee considerations and governance variables. This begins with the Chairperson’s pay and non-executive director pay differentials. We then review ‘enhanced disclosure’ of pay which is not linked to performance and exceptional commencement, termination and pension arrangements  – ‘golden hellos’ and ‘golden parachutes.’ We conclude by identifying the disclosure obligation for ‘enhanced benefits’ and their compensation component. Enhanced payouts on termination for executives and high end employees can lead to risk-taking in excess of risk appetite and thus increase the likelihood of bank failure as do enhanced payouts on commencement. Keywords  Chairperson · Non-executive director · Pay differentials · Enhanced benefits not linked to performance · Golden hellos · Golden parachutes · Disclosure obligation · Compensation component

17.1 Chairperson Pay and Non-executive Director Pay Differentials The Walker Review 2009 recommended that the Chairperson’s pay, in line with normal practice, should remain a flat fee irrespective of the performance of the company.1 Fees for non-executive directors also required review with a “larger differential” to recognize the chairs of the audit, remuneration and Board Risk Committee.2

 David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), Para 7.44, p 121. 2  Ibid, Para 7.45, p 121. 1

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_17

661

662

17  Additional Compensation/Remuneration Committee Considerations

Any such differentials should be subject to the governance variables examined in this Part 4 giving rise to the following variable: [CCNonExecDiff] (+/−)  – Compensation/Remuneration Committee  – Pay Differentials for Non-Executive Director Chairs of Audit, Compensation and Board Risk Committees – Effect on Risk-Taking – Coverage/rating +/−7/87.50 rprox – relational effect path The [CCNonExecDiff] (+/−) variable is hypothesised to act like the variables [EqOptRiskAlignHighEnd] (+) and [EqOptRiskFailHighEnd] (−) in Sect. 12.5 but with a dual direction marker. The positive aspect of the directional marker represents a level of additional equity, options, incentives and bonuses giving rise to a level of risk-taking in alignment with outside shareholders. The counterpart negative marker represents the same additional pay but which results in a level of risk-taking beyond the bank’s risk appetite and therefore increases the likelihood of bank losses or failure.3 This equates to a coverage/rating of +/−7/87.50 rprox in the Bank Combined Coverage and Proximity Table (Table 10.2 above) for the pay differential for non-­ executive chairs of relevant committees variable [CCNonExecDiff] (+/−).

17.2 Enhanced Disclosure of Pay Not Linked to Performance and Exceptional Commencement/Termination/Pension Arrangements – ‘Golden Hellos’ and ‘Golden Parachutes’ For Moody’s Challenges 2008 for executive compensation, there should be improvements in exit (termination) pay practice and ensuring there are appropriate executive retirement compensation plans.4 The Walker Review 2009 observed that: In new pension arrangements, and when existing contracts are renewed, adjustment of the terms in this respect should be made as a matter of best practice. Feedback to the Review has led to the conclusion that this requirement should not be restricted to pension benefits but should cover any exceptional termination payments that may not be appropriately and specifically linked to performance.5

Further, enhanced disclosure “would reduce the likelihood of inappropriate or excessive termination awards in any form through placing an explicit obligation on

 See discussion in Sect. 12.5 above.  Christian Plath, Corporate Governance in the Credit Crisis: Key Considerations for Investors, Moody’s Global Corporate Governance, November 2008, (20 November 2008), accessed 10 April 2017 at SSRN: https://ssrn.com/abstract=1309707, (‘Moody’s Challenges 2008’), 4. 5  Walker Review 2009, above n 1, Para 7.49, p 123. 3 4

17.2  Enhanced Disclosure of Pay Not Linked to Performance and Exceptional…

663

remuneration committees to incorporate a statement in their report”.6 Thus, Recommendation 37 provided that: The remuneration committee report should state whether any executive board member or “high end” employee has the right or opportunity to receive enhanced benefits, whether while in continued employment or on termination, resignation, retirement or in the wake of any other event such as a change of control, beyond those already disclosed in the directors’ remuneration report and whether the committee has exercised its discretion during the year to enhance such benefits either generally or for any member of this group.7

For the BCBS, pay or benefits on joining the firm or on termination are not permitted: “Golden hellos” or “golden parachutes”, under which new or terminated executives or staff receive large payouts irrespective of performance, are generally not consistent with sound compensation practice.8

But, for the IIF, severance pay was permitted but must be tied to realised performance: Severance pay should take into account realized performance for shareholders over time.9

The IIF gave no specific recommendation in relation to severance pay but did provide an example of how it might operate: Severance pay for top executives has received considerable attention as a result of the absolute size of payouts by firms that have encountered difficulties. In a severance situation, it is important to distinguish between the payout of accrued benefits such as pension payments, profit sharing and vested options or restricted stock, and the payments related directly to severance. Insofar as permissible within existing contractual obligations, the severance portion should be reviewed and approved by the Board or the compensation committee to ensure it reasonably reflects the performance of the individual over time, taking into account the reason for severance. Future contractual negotiations should take into account realized performance for shareholders.10

 Ibid, Para 7.50, p 123.  Ibid, Recommendation 37, p 123. 8   The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’), p 35. 9  Institute of International Finance, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, Financial Services Industry Response to the Market Turmoil of 2007–2008, Washington, DC, July 2008, accessed 24 March 2017 at http://www.apec.org.au/docs/11_CON_GFC/IIF_Final_Report_of_the_Committee_on_Market_ Best_Practices.pdf (‘IIF Final Report 2008’), Principle II.vi, p 49. 10  Ibid, p 51. 6 7

664

17  Additional Compensation/Remuneration Committee Considerations

17.3 Disclosure Obligation for ‘Enhanced Benefits’ There are two aspects in relation to ‘enhanced benefits’ for the relational approach – a disclosure obligation and a compensation component. The disclosure obligation in this section gives rise to a new governance variable: [CCEnhanceDisclose] (+)  – Compensation/Remuneration Committee  – Disclosure of Enhanced Benefits and Conditions of Operation – Enhancement in Risk Management and Internal and External Monitoring  – Coverage/ rating + 8/100.00 rprox - relational effect path [CCEnhanceDisclose] (+) is hypothesised to act like the variable [CCDiscloseBandElement] (+) - Compensation Committee – Disclosure of Bands and Elements of Compensation  – coverage/rating of +8/100.00 rprox (relational effect path in Sect. 12.17). The approach to the [CCDiscloseBandElement] (+) variable in Sect. 12.17 is to hypothesise that it is identical in direction, behaviour and relational effect path to the [TransTimeMon] (+)11 variable in section 9.1.2.1 of Stage 1, coverage/ rating  +  8/100.00 rprox. That variable links, most directly, the transparency and timing of reporting with both enhancement of the risk management and monitoring function (Risk Management, Monitoring & Audit Factor No 512) and the quality of decision-making (Decision-making Factor No 713). Given its focus on risk management, monitoring and decision-making, the [TransTimeMon] (+) variable’s relational effect path is positive (+) and the zone of effect of that relational effect path is hypothesised to be similar to that of the [BrdSkills] (+)14 and [BrdIndMon] (+)15 variables but with an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance16). Compliance Factor No 2 remains present on account of the Walker Review 2009’s direction above that such disclosure include: • whether the enhanced benefit is payable while:  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in section 9.1.2.1 of Stage 1, pp 262–263. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 12  See discussion in section 2.6.5 of Stage 1, ibid., pp 47–51. 13  See discussion in section 2.6.7 of Stage 1, ibid., pp 51–58. 14  Board – Director Skills ‘Mix’ – see Figure 7.2 and discussion in section 7.3.1.2.1 of Stage 1, above n 11, pp 198–201. 15  Board Independent Director: Executive Director Proportion – Monitoring Effect – see discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, above 11, pp 208–212. 16  See discussion in section 2.6.2 of Stage 1, above n 11, pp 41–43. 11

17.4  Compensation Component of ‘Enhanced Benefits’

–– –– –– –– ––

665

in continued employment; termination; resignation; retirement; or in the wake of any other event such as a change of control,

beyond those already disclosed in the directors’ remuneration report; • whether the Compensation Committee has exercised its discretion during the year to enhance such benefits either generally or for any executive member of the board, executive or high end employee17; and • for the IIF, whether the enhanced benefit takes into account realised performance for shareholders over time.18 This equates to a coverage/rating of +8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2) above for the executive and high end employee disclosure variable [CCEnhanceDiscl] (+).

17.4 Compensation Component of ‘Enhanced Benefits’ The compensation component of termination and commencement benefits described in this section gives rise to two new governance variables: [CCGoldPara] (−) – Compensation/Remuneration Committee – Enhanced Payout on Termination for Executives and High End Employees  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure  – Coverage/ rating − 7/87.50 rprox - relational effect path and [CCGoldHello] (−)  – Compensation/Remuneration Committee  – Enhanced Payout on Commencement for Executives and High End Employees – Risk-­ Taking in Excess of Risk Appetite – Likelihood of Bank Failure – Coverage/ rating − 7/87.50 rprox - relational effect path The [CCGoldPara] (−) and [CCGoldHello] (−) variables are hypothesized to have the same effect as the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 above. The direction markers for these variables are negative representing a level of ‘enhanced benefits’ for executives and high end employees giving rise to a level of risk-taking in excess of the bank’s risk appetite and increasing the likelihood of bank failure.19

 Walker Review 2009, above n 1, Recommendation 37, p 123.  IIF Final Report 2008, above n 9, Principle II.vi, p 49. 19  See discussion in Sect. 12.5 above. 17 18

666

17  Additional Compensation/Remuneration Committee Considerations

This equates to a coverage/rating of −7/87.50 rprox for each of the [CCGoldPara] (−) and [CCGoldHello] (−) variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for these Compensation Committee executive and high end employee variables.

Chapter 18

Compensation Practices for Misconduct Risk

Abstract  Chapter 18 examines compensation practices for misconduct risk. There is detailed examination of the Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, the Use of Compensation Tools to Address Misconduct Risk (‘FSBSupp’). FSBSupp 1–4 examine the governance of compensation and misconduct risk. FSBSupp 5–7 provide for the effective alignment of compensation with misconduct risk. In the latter case, compensation is to be adjusted for all risks, measures and tools are provided for adjusting variable compensation for long-term misconduct and compensation policies and procedures are employed to control misconduct. Keywords  Compensation practices · Misconduct risk · Supplementary Guidance to FSB Principles and Standards · Compensation tools to address misconduct risk · Governance of compensation · Effective alignment of compensation · Supervision of compensation and conduct risk

18.1 Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices – The Use of Compensation Tools to Address Misconduct Risk (‘FSBSupp’) The FSBP1 and FSBIS2 were reviewed in Sects. 13.1, 13.2, 13.3 and 13.4 above.

 Financial Stability Board, FSB Principles for Sound Compensation Practices, 2 April 2009 accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/r_0904b.pdf (‘FSBP’). 2  Financial Stability Board, FSB Principles for Sound Compensation Practices Implementation Standards, 25 September 2009, accessed 28 February 2019, available at http://www.fsb.org/wpcontent/uploads/r_090925c.pdf (‘FSBIS’). 1

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_18

667

668

18  Compensation Practices for Misconduct Risk

In March 2018 the FSB issued its Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, the use of compensation tools to address misconduct risk.3 For the FSB, the FSBSupp does not create additional principles and standards to the FSBP and the FSBIS but are recommendations on better practices.4 For the FSB, the definition of misconduct is for each bank to determine “based on the firm’s characteristics and business and in a way that promotes adherence to legal, professional, internal conduct and ethical standards”.5 Thus, compensation tools provide “ex ante incentives for good conduct and ex post adjustment mechanisms for appropriate accountability when misconduct occurs”.6 For the FSB, both reputational and operational risk can include misconduct risk.7 The FSBSupp governance variables are addressed in the following sections of this Chap. 18. The Financial Services Royal Commission (FSRC) commentary and recommendations in relation to remuneration are set out in Chap. 19. FSBSupp 1–4 Governance of Compensation and Misconduct Risk8 For these aspects of the board’s functions and responsibilities in relation to the compensation system, there a number new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to: • the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 19 with a coverage/rating + 7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating −7/87.50 rprox. Thus, the supplementary guidance for the FSBSupp for 2018 includes the following governance variables for the Stage 2 Key Code and Advanced Handbook:

 Financial Stability Board, Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, The use of compensation tools to address misconduct risk, 9 March 2018, accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/ P090318-1.pdf (‘FSBSupp’). 4  Ibid, p 6. 5  Ibid, Foreword, p 1 (footnote omitted). 6  Ibid. 7  Ibid, Background, p 4 (footnote omitted). 8  Ibid, Governance of compensation and misconduct risk, pp 7–9. 9  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 3

18.1  Supplementary Guidance to the FSB Principles and Standards on Sound…

669

• [FSBSupp1BrdOsightEthComply] (+) – Banks – FSBSupp – Board Oversight of Compensation System for Ethical Behaviour and Compliance with Laws, Regulations and Internal Conduct Standards10 - Enhancement of Level of Risk-­ Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox including: –– internal definition of misconduct11; –– values and conduct statements in Risk Appetite Statements tailored to individual business units for assessing performance and promotion12; –– individual accountability for misconduct13; and –– oversight of compensation and performance management policies as core board functions14; • [FSBSupp2CompDesignElements] (+)  – Banks  – FSBSupp  – Elements of Compensation System Design15  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including: –– –– –– –– ––

sound governance16; robust risk management frameworks17; control functions18; human resources19; and roles and responsibilities of control functions including human resources, risk management, compliance and internal audit for definition and metrics for misconduct20;

• [FSBSupp3BrdRespAccMiscond] (+)  – Banks  – FSBSupp  – Board Responsibility/Accountability for Overseeing Misconduct21  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including:

 FSBSupp, above n 3, Supplementary Guidance Supp 1, p 7.  Ibid, Commentary, p 8. 12  Ibid. 13  Ibid. 14  Ibid. 15  Ibid, Supplementary Guidance Supp 2, p 8. 16  Ibid. 17  Ibid. 18  Ibid. 19  Ibid. 20  Ibid, Commentary, p 9. 21  Ibid, Supplementary Guidance Supp 3, p 8. 10 11

670

18  Compensation Practices for Misconduct Risk

–– holding senior management accountable for design and implementation of compensation system to address misconduct22 and preventing and remediating misconduct23; –– regular monitoring of compensation system for misconduct risk by senior managers24; –– board challenge of senior management compensation assessments for serious/ recurring misconduct25; –– board to ensure root causes of misconduct analysed and new rules/policies adopted bank-wide26; and –– senior and middle management responsibility for communication to all employees of compensation tool consequences in cases of misconduct27; • [FSBSupp4BUAccEthPract] (+)  – Banks  – FSBSupp  – Business Unit Management Accountability for Communication, Implementation and Meeting Expectations Regarding Ethical Behaviour and Business Practices28  Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/ rating + 7/87.50 rprox including: –– business unit communication of consequences of misconduct29; and –– business unit identification, monitoring and reporting on indicators of misconduct risk including escalation and remediation.30 FSBSupp 5–7 Effective Alignment of Compensation with Misconduct Risk31 For these aspects of the board’s functions and responsibilities in relation to the compensation system, there a number new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to: • the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating + 7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating −7/87.50 rprox. Thus, the supplementary guidance for the FSBSupp for 2018 includes the following governance variables for the Stage 2 Key Code and Advanced Handbook:  Ibid.  Ibid, Commentary, p 8. 24  Ibid. 25  Ibid, Commentary, p 9. 26  Ibid. 27  Ibid. 28  Ibid, Supplementary Guidance Supp 4, p 8. 29  Ibid. 30  Ibid, Commentary, p 9. 31  Ibid, Effective alignment of compensation with misconduct risk, p 9. 22 23

18.1  Supplementary Guidance to the FSB Principles and Standards on Sound…

671

• [FSBSupp5CompAdjustsAllRisks] (+) – Banks – Compensation to be Adjusted for All Risks32  - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including: –– difficult to measure risks including misconduct risks33; –– process for managing misconduct34; –– embedding non-financial assessment criteria including risk management and compliance in performance and compensation plans at all levels of the bank35 including: • conduct-related goals and alignment with long-term business strategy, values and culture36; and • identification of when non-financial considerations override financial considerations37; –– ongoing programmes and training for conduct compliance38; –– use of qualitative and/or quantitative assessments of conduct39; –– conduct considerations in performance objectives and actual performance measures40 to include all risks from misconduct41; –– responsibility of senior and middle management for misconduct oversight in business units42; –– reduction of variable compensation for misconduct risks/outcomes over time43; and –– adjustments for misconduct causing: • significant loss to the bank, customers or counterparties; or • fraud, gross negligence or failure of controls including breaches.44 • [FSBSupp6LTMiscondRiskTools] (+) – Banks – Measures/Tools for Adjusting Variable Compensation for Long-Term Misconduct45 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating  +  7/87.50 rprox including:  Ibid, Supplementary Guidance Supp 5, p 9.  Ibid. 34  Ibid. 35  Ibid. 36  Ibid, Commentary, p 10. 37  Ibid. 38  Ibid, Supplementary Guidance Supp 5, p 9. 39  Ibid, Commentary, p 10. 40  Ibid. 41  Ibid. 42  Ibid. 43  Ibid. 44  Ibid. 45  Ibid, Supplementary Guidance Supp 6, p 11. 32 33

672

18  Compensation Practices for Misconduct Risk

–– adjustments to variable compensation46; –– in-year adjustment47; –– malus48 (reduction of “value of all or part of deferred compensation based on ex post risk adjustment before it has vested”49); and –– clawback50 (“to return ownership of an amount of variable compensation paid in the past or which has already vested”51); • [FSBSupp7CompControlMiscond] (+) – Banks – Compensation Policies and Procedures to Control Misconduct52 - Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox including: –– –– –– –– ––

triggers for reductions of variable compensation to be specified ex ante53; using full range of financial and non-financial incentives54; using full range of tools to adjust compensation55; value of reduction proportionate to issue or events of misconduct56; adjustment events include57: • • • •

misconduct; material error; material downturn in performance; and material failure of risk management;

–– compensation tools to extend to: • all senior executives and material risk-takers58; • “heads of internal control functions and …those employees in control or direct line of business…responsible… for” control framework weaknesses relevant to the misconduct59; and • those aware or reasonably to be expected to be aware of the misconduct who failed to remedy/address the misconduct60;

 Ibid.  Ibid. 48  Ibid. 49  Ibid, Commentary, p 7, footnote 13 therein. 50  Ibid, Supplementary Guidance Supp 6, p 11. 51  Ibid, Commentary, p 7, footnote 13 therein. 52  Ibid, Supplementary Guidance Supp 7, p 11. 53  Ibid. 54  Ibid, Commentary, p 11. 55  Ibid. 56  Ibid. 57  Ibid. 58  Ibid. 59  Ibid, Commentary, p 12. 60  Ibid. 46 47

18.1  Supplementary Guidance to the FSB Principles and Standards on Sound…

673

–– indicative criteria/scenarios for adjustments to include61: • significant loss to the bank, customers or counterparties; or • fraud, gross negligence or failure of controls including breaches; –– policies to specify factors to take into account for determining responsibility (see listed events)62; –– “all relevant indicators of severity of impact” (see listed factors)63; –– subsequent adjustments after risks/failures are known to reflect the full impact of severity64; –– freezing of grant or vesting of compensation during investigation65; –– procedures for reporting/escalation of misconduct66; –– control functions to be involved in process including human resources67; –– processes to determine responsibility including opportunity to be heard68; –– the role/process of discretion and who may exercise it69; –– the documentation of and grounds for the final decision70; and –– clear communication in writing to affected employees including value of, and reasons for, the adjustment to variable compensation.71 FSBSupp 8 – Supervision of Compensation and Conduct Risk72 The FSB’s commentary on the supervisory oversight/review of compensation and conduct risk is beyond the scope of this Stage 2 Key Code and Advanced Handbook.

 Ibid.  Ibid. 63  Ibid, pp 12–13. 64  Ibid, p 13. 65  Ibid. 66  Ibid. 67  Ibid. 68  Ibid. 69  Ibid. 70  Ibid. 71  Ibid. 72  Ibid, Supplementary Guidance Supp 8, pp 13–14. 61 62

Chapter 19

FSRC Final Report Commentary and Recommendations in Relation to Remuneration Abstract  Chapter 19 examines the FSRC Final Report commentary and recommendations in relation to remuneration. This begins with the FSRC recommendations and commentary on executive remuneration including, experimentation in the design of remuneration, the proportion of fixed and variable remuneration, the design of variable remuneration and the availability of clawback. There follows the FSRC recommendations and commentary on issues of implementation including, risk-related adjustments to remuneration and the disclosure of consequences. The chapter concludes with ‘front-line’ or ‘customer-facing’ staff remuneration including the Sedgwick Review on governance, culture, remuneration and performance management. Keywords  FSRC Final Report · Recommendations and commentary on executive remuneration · Experimentation · Proportion of fixed and variable remuneration · Design of variable remuneration · Clawback · Implementation · Risk-related adjustments · Disclosure of consequences The FSRC Final Report1 notes the FSBP2 and FSBIS3 and opined that they were directed to financial soundness rather than misconduct: Although the Principles stated that compensation should be adjusted to account for all types of risk, including difficult to measure risks, they appear to have been understood as being directed to promoting financial soundness and stability, rather than addressing misconduct.

 Commonwealth of Australia, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 4 February 2019, accessed 5 February 2019, available at https://static.treasury.gov.au/uploads/sites/1/2019/02/fsrc-volume1.pdf, Volume 1, (‘FSRC Final Report’), p 337. 2  Financial Stability Board, FSB Principles for Sound Compensation Practices, 2 April 2009 accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/r_0904b.pdf (‘FSBP’). 3  Financial Stability Board, FSB Principles for Sound Compensation Practices Implementation Standards, 25 September 2009, accessed 28 February 2019, available at http://www.fsb.org/wp-­ content/uploads/r_090925c.pdf (‘FSBIS’). 1

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_19

675

676 19  FSRC Final Report Commentary and Recommendations in Relation to Remuneration

The same was said by the FSRC Final Report of the APRA Prudential Practice Guide PPG 5114 and APRA Prudential Standard Governance CPS 5105 which was amended for requirements on remuneration.6 The FSRC Final Report requires APRA to revise its prudential standards and guidance on remuneration to reduce the risk of misconduct: APRA must revise its prudential standards and guidance about remuneration. [Chairperson of APRA] Mr Byres said that work is already underway at APRA to identify ‘what … good look[s] like’, and that he expects a revised standard will be made available for consultation next year. I encourage APRA to continue that work as expeditiously as possible. …APRA must bear steadily in mind that entities can and should use both the design and the implementation of remuneration and incentive systems to reduce the risk of misconduct. Misconduct can have significant consequences for financial soundness and stability. It undermines trust in the financial system.7

19.1 FSRC Recommendations and Commentary on Executive Remuneration The FSRC Final Report reviews common features of bank remuneration and makes recommendations or commentary on four aspects: • • • •

experimentation in the design of remuneration systems; the proportion of fixed and variable remuneration; the design of variable remuneration; and the availability of clawback.8

Experimentation in the Design of Remuneration For the FSRC, experimentation in the design of remuneration systems was permitted “within limits”9: The qualification – ‘within limits’ – is, of course, critical. But those limits have been identified in the work of the FSB: in its Principles and in its Supplementary Guidance. As the Principles say, ‘[c]ompensation must be adjusted for all types of risk … Risk adjustments should account for all types of risk, including difficult-to-measure risks such as liquidity risk, reputation risk and cost of capital’. That is, financial metrics must not determine ­remuneration. Risk of all kinds, including reputation risk, compliance risk, and conduct

 Australian Prudential Regulation Authority, Draft Prudential Standard CPS 511 Remuneration, Draft July 2019 available at https://www.apra.gov.au/sites/default/files/draft_prudential_standard_ cps_511_remuneration_v2.pdf, (‘CPS 511’). 5  Australian Prudential Regulation Authority, Prudential Standard CPS 510 Governance, July 2019, accessed 22 September 2019, available at: https://www.legislation.gov.au/Details/F2019L00662/Download (‘CPS 510’). 6  FSRC Final Report, above n 1, p 339. 7  Ibid, p 345. 8  Ibid, pp. 349–350. 9  Ibid, p 350. 4

19.1  FSRC Recommendations and Commentary on Executive Remuneration

677

risk, must be taken into account in both designing and implementing the remuneration system.10

For these aspects in relation to the compensation system, there are a number of new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to: • the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 111 with a coverage/rating + 7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (-) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox. Thus, the FSRC Final Report included the following governance variables  – designed for APRA – which the Stage 2 Key Code and Advanced Handbook translates for implementation by boards: • [FSRCAdjustNFRisks] (+)  – Banks  – Boards and/or Compensation/ Remuneration Committee – Compensation to be Adjusted for All Non-Financial Risks12 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [FSRCAdjustMisconduct] (+)  – Banks  – Boards and/or Compensation/ Remuneration Committee – Compensation to be Adjusted for All Misconduct13 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [FSRCAdjustLongTerm] (+)  – Banks  – Boards and/or Compensation/ Remuneration Committee  – Compensation to be Adjusted for Long-Term Financial Soundness14  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [FSRCAdjustRiskMan] (+)  – Banks  – Boards and/or Compensation/ Remuneration Committee – Compensation to be Adjusted for Risk Management

 Ibid (footnote omitted).  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 12  FSRC Final Report, above n 1, p 351. 13  Ibid. 14  Ibid. 10 11

678 19  FSRC Final Report Commentary and Recommendations in Relation to Remuneration

Framework15  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; and • [FSRCRegAssess] (+)  – Banks  – Boards and/or Compensation/Remuneration Committee – Regular Assessments of Compensation System for Reducing Non-­ Financial Risks and Misconduct16  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox. Proportion of Fixed and Variable Remuneration For this aspect, the FSRC Final Report queries the basis on which this is paid  – ‘unless’ there are disqualifying reasons or ‘only if’ conditions are met: Is part, or all of the variable remuneration to be paid unless there are disqualifying reasons? Or is part or all of it to be paid only if certain conditions are met? Effective management of risk, in all its forms, will depend on, among other things, how those questions are answered. In particular, effective management of risk will depend upon the criteria that will be applied in determining variable remuneration.17

Design of Variable Remuneration Citing APRA, the FSRC queries the basis on which long-term variable remuneration is paid, suggesting an absence of measures for long-term financial soundness: [F]or the majority of cases, the conditions which allow [long-term variable remuneration] to vest focused wholly on annual investor return measures such as total shareholder return (TSR) and return on equity (RoE). No apparent links to measures of long-term financial soundness or risk- adjusted performance measures (such as metrics relating to risk-adjusted return on capital) were observed.18

The FSRC Final Report gives rise to the following governance variables, again based on the relational effect path of: • the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating + 7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (-) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox.

 Ibid.  Ibid, p 352. A recommendation applicable to the supervisor and the regulator is omitted (also at p 352): 15 16

APRA (and, where appropriate, ASIC) should do more to gather information about the way that remuneration systems are being applied in practice, and about whether those systems are actually encouraging sound management of non-financial risks, and reducing the risk of misconduct. 17  Ibid, p 352. 18  Ibid, p  353 citing APRA, Information Paper, Remuneration Practices at Large Financial Institutions, April 2018, 18.

19.1  FSRC Recommendations and Commentary on Executive Remuneration

679

It is submitted that the governance variables suggested by the FSRC Final Report are: • [FSRCLTVRNFMeas] (+)  – Banks  – Boards and/or Compensation/ Remuneration Committee – Non-Financial Measures Used in Design of LongTerm Variable Remuneration19  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [FSRCLTVRSoleTSR] (−)  – Banks  – Boards and/or Compensation/ Remuneration Committee  – Total Shareholder Return Measure Only Used in Design of Long-Term Variable Remuneration20 – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox; • [FSRCLTVRRiskMan] (−)  – Banks  – Boards and/or Compensation/ Remuneration Committee – Failure to Utilise How Executive Manages Risk in Design of Long-Term Variable Remuneration21 – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox; and • [FSRCLTVRLimitFinMetrics] (+)  – Banks  – Boards and/or Compensation/ Remuneration Committee  – Limits on Use of Financial Metrics in Design of Long-Term Variable Remuneration22 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox. Availability of Clawback The FSRC Final Report noted that clawback of vested remuneration was rare in Australian financial institutions: The final issue can be addressed briefly. Although the remuneration arrangements examined by the Commission generally allowed for the board to take the decision to forfeit part or all of the unvested portion of deferred remuneration, they very rarely provided for remuneration that had vested to be clawed back.23

Thus the FSRC recommended that APRA provide for clawback of vested remuneration “in appropriate circumstances” which – citing the APRA Final Report24 – appeared to be in cases of “serious misconduct”25 raising the following governance variable: • [FSRCLTVRClawback] (+)  – Banks  – Boards and/or Compensation/ Remuneration Committee  – Clawback of Vested Long-Term Variable Remuneration for Appropriate Circumstances including Serious Misconduct26 –  FSRC Final Report, above n 1, p 354.  Ibid, p 357. 21  Ibid. 22  Ibid. 23  Ibid. 24  Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (‘APRA Final Report’), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-Report_30042018.pdf 25  FSRC Final Report, above n 1, p 358 citing APRA Final Report, ibid., pp. 78–9 26  FSRC Final Report, above n 1, p 354. 19 20

680 19  FSRC Final Report Commentary and Recommendations in Relation to Remuneration

Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox. Again, this variable is modelled on the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of +7/87.50 rprox.

19.2 FSRC Recommendations and Commentary on Issues of Implementation Risk-Related Adjustments to Remuneration The FSRC examined some of the processes in connection with the determination of remuneration of the CEO and Group Executives of CBA.27 The discussion raises again the relational effect paths of: • the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating + 7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (-) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox. It is submitted that the governance variable suggested by the FSRC Final Report is: • [FSRCPoorRiskManDocs] (−)  – Banks  – Boards and/or Compensation/ Remuneration Committee – Provision of Poor Quality, Incomplete or Inadequate Documentation About Risk Management Performance and Remuneration Decisions to Board Committees28 – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox. Supervision of Implementation A discussion of the resources required by APRA for supervisory oversight of remuneration is beyond the scope of the Stage 2 Key Code and Advanced Handbook.29 Disclosure of Consequences The FSRC raised whether there should be greater disclosure around risk-related adjustments to executive remuneration.30 The FSRC recommended greater disclosure to staff to enhance accountability and identify unacceptable events and conduct but stopped short of public disclosure:  Ibid, pp. 359–363.  Ibid, p 361. 29  Ibid, pp. 363–365. 30  Ibid, pp. 365. 27 28

19.2  FSRC Recommendations and Commentary on Issues of Implementation

681

…the remuneration arrangements of an entity show what the entity values. If the board reduces the variable remuneration of executives for their poor management of non-financial risks, and tells other staff that the variable remuneration of those who are accountable for particular events or forms of conduct has been reduced, it sends a clear message to all staff about both accountability and what kinds of conduct the board regards as unacceptable. No public disclosure should be required.31

Thus the FSRC recommendation raises the following governance variables: • [FSRCDisclNFRiskAdjusts] (+)  – Banks  – Boards and/or Compensation/ Remuneration Committee  – Disclosure of Non-Financial Risk-Related Adjustments to Executive Remuneration to Staff32 – Enhancement of Level of Risk-­Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [FSRCDisclNFRiskEvents] (+)  – Banks  – Boards and/or Compensation/ Remuneration Committee  – Disclosure of Non-Financial Risk-Related Events Causing Adjustments to Executive Remuneration to Staff33  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; and • [FSRCDisclNFRiskMisc] (+)  – Banks  – Boards and/or Compensation/ Remuneration Committee  – Disclosure of Non-Financial Risk-Related Misconduct Causing Adjustments to Executive Remuneration to Staff34  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox. Again, these variables are modelled on the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of +7/87.50 rprox. FSRC Recommendations on Supervision of Remuneration As noted above, a discussion of the recommendations required by APRA for supervisory oversight of remuneration is beyond the scope of the Key Code and Advanced Handbook.35 However, the FSRC’s recommendations 5.1–5.336 are translated here for boards and/or Compensation/Remuneration Committees. The discussion raises again the relational effect paths of: • the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating + 7/87.50 rprox; and

 Ibid, p 366 (bold in original).  Ibid. 33  Ibid. 34  Ibid. 35  Ibid, pp. 366–367. 36  Ibid. 31 32

682 19  FSRC Final Report Commentary and Recommendations in Relation to Remuneration

• the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (-) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox. The relevant governance variables are: • Recommendation 5.1 – principles, standards and guidance: –– [FSRCFSBStnds] (+) – Banks – Boards and/or Compensation/Remuneration Committee  – Compensation System to Give Effect to FSB Principles, Standards and Guidance on Sound Compensation Principles and Practices37 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • Recommendation 5.2 – aims: –– [FSRCMiscComplyNFRisks] (+) – Banks – Boards and/or Compensation/ Remuneration Committee  – Compensation System to have Aim of Sound Management of Misconduct, Compliance and Other Non-Financial Risks38 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • Recommendation 5.3 – prudential standards and guidance variables from Sects. 19.1 and 19.2 above: –– –– –– –– –– ––

the [FSRCAdjustNFRisks] (+) variable; the [FSRCAdjustMisconduct] (+) variable; the [FSRCRegAssess] (+) variable; the [FSRCLTVRLimitFinMetrics] (+) variable; the [FSRCLTVRClawback] (+) variable; and the [FSRCPoorRiskManDocs] (−) variable.

19.3 ‘Front-Line’ or ‘Customer-Facing’ Staff Remuneration The Retail Banking Remuneration Review Report of 2017 by Stephen Sedgwick39 is in the main aimed at “staff of banks (Tellers, Sellers and their supervisors and near managers (‘Managers’)) as well as third parties (including Brokers, Aggregators, Franchises, Introducers and Referrers).”40  Ibid, p 366.  Ibid, p 367. 39  Stephen Sedgwick AO, Retail Banking Remuneration Review Report, 19 April 2017, accessed 28 February 2019, available at https://www.betterbanking.net.au/wp-content/uploads/2018/01/ FINAL_Rem-Review-Report.pdf (‘Sedgwick Review’). 40  Ibid, 1.1 Scope of this Review, p 1. 37 38

19.3  ‘Front-Line’ or ‘Customer-Facing’ Staff Remuneration

683

Two of the Recommendations of the FSRC Final Report conclude that: Recommendation 5.4 – Remuneration of front line staff All financial services entities should review at least once each year the design and implementation of their remuneration systems for front line staff to ensure that the design and implementation of those systems focus on not only on what staff do, but also how they do it. Recommendation 5.5 – The Sedgwick Review Banks should implement fully the recommendations of the Sedgwick Review41

A detailed review of governance, remuneration and culture of front-line staff is beyond the scope of this Stage 2 Key Code and Advanced Handbook. However, a number of recommendations and commentary in the Sedgwick Review would – in our view  – be applicable to middle-to higher-level managers and above  – those beyond the front line staff contemplated in that Review. For background before the discussion of additional governance variables proposed by this Stage 2, the Sedgwick Review itself summaries the effect of its recommendations. Indeed, the final recommendation listed here is in its terms directed to the board and senior managers: Adoption of these recommendations will mean, over time, that: • Incentives are no longer paid to any in-scope retail staff based directly or solely on sales performance (see Recommendations 2 and 7); • Instead, eligibility to receive any personal variable reward and incentive payments will have regard to an assessment of that individual’s contribution across a range of measures, of which sales (if included at all) will not be the dominant component (Recommendations 3, 4, 5, and 6) and the maximum available payments will be scaled back significantly for some roles (Recommendation 8); • Retail bank culture will be demonstrably ethically and customer oriented (Recommendation 9); • A significant investment will have been undertaken, as necessary, to ensure that performance is managed consistently with such a philosophy, supported by proactive steps to develop leadership and management skills at all levels so that management practices match the intent of the recommendations (Recommendations 10,11, and 12); and • With clear and consistent leadership shown by the Board and the most senior managers of the bank (Recommendations 13 and 14).42

Thus, this and a number of other recommendations of the Sedgwick Review will be modelled for the Stage 2 relational approach. The Sedgwick Review on Governance, Culture, Remuneration and Performance Management As with the case of the FSB and FSRC, the governance variables will again be modelled on the relational effect paths of:

41 42

 FSRC Final Report, above n 1, p 375.  Sedgwick Review, above n 39, p 7.

684 19  FSRC Final Report Commentary and Recommendations in Relation to Remuneration

• the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 12.4 of Stage 1 with a coverage/rating + 7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (-) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox. The governance variables proposed are (using the Sedgwick Review recommendation numbers): 9. “Each bank formally examine its workplace culture and institute formal processes to redress any conscious or unconscious bias towards sales in preference to ethical behaviour and customer service”43: • [SedgCult9RemoveSalesBias] (+)  – Banks  – SedgwickRev  – Board Oversight of Governance, Culture, Remuneration and Performance  – Removal of Sales Bias from Bank Culture – Enhancement of Level of RiskTaking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; and • [SedgCult9EthicsCustServ] (+) – Banks – SedgwickRev – Board Oversight of Governance, Culture, Remuneration and Performance – Bank Culture to be based on Ethics and Customer Service – Enhancement of Level of RiskTaking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; 10. “Each bank examine its performance management system and make changes as necessary to ensure that the embedded signals and incentives to staff are aligned with Recommendations 2 to 8”44: • [SedgCult10PerfManSyst] (+) – Banks – SedgwickRev – Board Oversight of Governance, Culture, Remuneration and Performance – Bank to Review Performance Management System to Embed Recs 2–8 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; and • [SedgCult10AlignIncent] (+) – Banks – SedgwickRev – Board Oversight of Governance, Culture, Remuneration and Performance – Bank to Review Performance Management System to Align Staff Incentives with Recs 2–8 – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; 11. “Each bank ensure Managers reflect predominantly an ethical and customer focus when: communicating with staff, exercising any discretion while managing performance, and in allocating variable reward payments”45: • [SedgCult11ManFocusEthicsCust] (+) – Banks – SedgwickRev – Board Oversight of Governance, Culture, Remuneration and Performance  –  Ibid, Rec 9, p 9.  Ibid, Rec 10, p 9. 45  Ibid, Rec 11, p 9. 43 44

19.3  ‘Front-Line’ or ‘Customer-Facing’ Staff Remuneration

685

Managers to Reflect Ethical and Customer Focus with Staff, in Performance Management and Allocating Variable Rewards – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; 12. “Each bank reconsider what use is made, if any, of leaderboards, recognition programs and campaigns as well as any other methods that have similar effect (including informally in branches or call centres) and ensure any continuing role in using these methods is consistent with the intention to de-emphasise sales relative to ethical behaviour and customer outcomes”46: • [SedgCult12MethodFocusEthicsCust] (+)  – Banks  – SedgwickRev  – Board Oversight of Governance, Culture, Remuneration and Performance – Removal of Leaderboards from Bank Culture in Favour of Ethics and Customer Outcome – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; 13. “Consistent with the objectives of the recommendations for frontline staff, the variable reward payment and performance management arrangements of all senior and (retail bank) middle level executives be based on: (a) Their overall performance against a number of measures that reflect the nature and breadth of their role; with (b) Customer oriented, ethical behaviour and non-financial measures accounting for the dominant factors in that assessment”47: • [SedgCult13SnrMidExecsPerfMeas] (+) – Banks – SedgwickRev – Board Oversight of Governance, Culture, Remuneration and Performance  – Variable Reward and Performance Measures for Senior and Middle-Level Executives to Reflect Breadth of Role  – Enhancement of Level of RiskTaking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [SedgCult13SnrMidExecEthicsCust] (+) – Banks – SedgwickRev – Board Oversight of Governance, Culture, Remuneration and Performance  – Dominant Variable Reward and Performance Measures for Senior and Middle-­Level Executives to Reflect Ethical and Non-Financial Customer Measures  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; 14. “Boards and Chief Executives”: (a) “Visibly and effectively oversee the implementation of these recommendations for at least the next five years and report publicly, in their Annual Report to shareholders, for example, on how retail staff are remunerated and their performance assessed”; and (b) “Ensure that effective, safe channels are in place to obtain feedback from frontline staff about their perceptions of the effectiveness of efforts to 46 47

 Ibid, Rec 12, p 9.  Ibid, Rec 13, p 9.

686 19  FSRC Final Report Commentary and Recommendations in Relation to Remuneration

reform the bank’s culture, performance management and remuneration arrangements, including in respect of whistleblower arrangements”48: • [SedgCult14BrdCEOImplementRecs] (+)  – Banks  – SedgwickRev  – Board and CEO Oversight of Governance, Culture, Remuneration and Performance  – Boards and CEO Implement Sedgwick Review Recommendations and Report in Annual Report to Shareholders  – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; and • [SedgCult14BrdCEOFeedbackWhistle] (+)  – Banks  – SedgwickRev  – Board and CEO Oversight of Governance, Culture, Remuneration and Performance – Boards and CEO Provide Feedback Channels for Frontline Staff Feedback and Whistleblower Arrangements – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox.

48

 Ibid, Rec 14, p 10.

Chapter 20

The BEAR – Bank Executive Accountability Regime – And APRA’S Non-Financial Risk Accountabilities Abstract Chapter 20 examines the BEAR  – Bank Executive Accountability Regime – and APRA’s non-financial risk accountabilities. This begins by reviewing the meanings of the terms ADI and the obligations of accountable persons. We then examine BEAR accountability obligations of an ADI and an accountable person including governance variables for accountability obligations and ‘reasonable steps’. The key personnel obligations of an ADI are reviewed and the corresponding governance variables provided for. We move then to the deferred remuneration obligations of an ADI and governance variables including those for the meaning of variable remuneration, the minimum amount of variable remuneration and the minimum period of deferral. Section 37F governs the notification obligations of an ADI and governance variables for an ‘Accountability Statement’ and an ‘Accountability Map’. The pecuniary penalty for non-­compliance with the BEAR is provided for by section 37FC including the meaning of the terms ‘prudential matters’ and ‘resolution’. There follows registration of accountable persons and disqualification of accountable persons. The chapter concludes with APRA’s improvements for non-financial risk accountabilities not being clear, cascaded and enforced (NFRAccFail). Keywords  BEAR – Bank Executive Accountability Regime · Accountable persons · Accountability obligations · Reasonable steps · Personnel obligations · Deferred remuneration obligations · Notification obligations · Accountability statement · Accountability map · Pecuniary penalty The Banking Executive Accountability Regime (‘BEAR’) is contained in Part IIAA of the Banking Act 1959 (Cth) in sections 37 – 37KC for authorised deposit-taking institutions or ADIs.1  Being PART IIAA – THE BANKING EXECUTIVE ACCOUNTABILITY REGIME, Banking Act 1959 (Cth), ss 37 – 37KC accessed 28 February 2019, available at http://classic.austlii.edu.au/ au/legis/cth/consol_act/ba195972/index.html#s37g, (the ‘BEAR’). The Australian Treasury announced in a Proposals Paper of 22 January 2020 that it proposed to extend the BEAR to other APRA regulated entities in the insurance and superannuation industries with the introduction of 1

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_20

687

688

20  The BEAR – Bank Executive Accountability Regime – And APRA’S…

The aim of this Chapter 20 of the Stage 2 Key Code and Advanced Handbook is to translate obligations or duties in the BEAR into governance variables of the Stage 2 relational approach. The BEAR has provisions relating not only to remuneration (including variable and deferred remuneration) but also more generally to accountability structures examined in Part 5 and risk management in Part 6. But, for completeness, all the provisions of the BEAR giving rise to Stage 2 governance variables are reviewed here in one place.

20.1 ADIs and Accountable Persons 20.1.1 ADIs Section 37 provides that: (1) An ADI must comply with: (a) its accountability obligations under Division 2; and (b) its key personnel obligations under Division 3; and (c) its deferred remuneration obligations under Division 4; and (d) its notification obligations under Division 5.

20.1.2 Obligations of an Accountable Person Section 37B(1) contains the obligations of an accountable person: (1) An accountable person must comply with his or her accountability obligations under Division 2 in relation to each of the responsibilities that cause him or her to be an accountable person of an ADI, or of a subsidiary of an ADI. For our purposes, an accountable person is defined in section 37BA which basically extends to directors and senior executives defined as persons who: (a) hold a position in an ADI; and (b) because of that position, has actual or effective senior executive responsibility:

the Financial Accountability Regime (FAR). See Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, accessed 17 February 2020, available at https://treasury.gov.au/sites/ default/files/2020-01/c2020-24974.pdf. See Attachment A – Summary of changes from the BEAR to the FAR, pp. 11–13. The Government intends to introduce legislation by the end of 2020 to implement the FAR. See Proposal Paper, Next steps, p 3.

20.1  ADIs and Accountable Persons

689

(i) for management or control of the ADI; or (ii) for management or control of a significant or substantial part or aspect of the operations of the ADI or the relevant group of bodies corporate that is constituted by the ADI and its subsidiaries. Sections 37BA(2) extends the definition to include those who, in summary, have certain responsibilities including board members and senior executives who have: • responsibility for oversight of the ADI as a member of the Board of the ADI; • senior executive responsibility for carrying out the management of all the business activities of the ADI and its subsidiaries, including allocating responsibilities to accountable persons and reporting directly to the Board; • management of the ADI’s financial resources; • overall risk controls and/or overall risk management arrangements of the ADI • management of the ADI’s operations; • information management, including information technology systems, for the ADI; • management of the ADI’s internal audit function; • management of the ADI’s compliance function; • management of the ADI’s human resources function; and • management of the ADI’s anti-money laundering function.

20.1.3 Governance Variables for Obligations of an ADI and Accountable Persons Because the BEAR in the provisions above in effect requires an accountable person to be identified and, later, disclosed (and, later again, obligations are placed on such a person in provisions below), the approach to the governance variables in this Chapter 20 will be to hypothesise that they are identical in behaviour and relational effect path to a disclosure variable from Stage 12 – the [TransTimeMon] (+)3 variable in section 9.1.2.1 of Stage 1 with a coverage/rating of +8/100.00 rprox and in the same positive direction. The [TransTimeMon] (+) variable links, most directly, the transparency and timing of (here, identification, disclosure and) reporting with both enhancement of

 Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 3  Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, ibid., pp. 262–263. 2

690

20  The BEAR – Bank Executive Accountability Regime – And APRA’S…

the risk management and monitoring function (Risk Management, Monitoring & Audit Factor No 54) and the quality of decision-making (Decision-making Factor No 75) as the governance factor ‘sources’ or ‘drivers’ of that variable. Given its focus on risk management, monitoring and decision-making, the [TransTimeMon] (+) variable’s relational effect path is positive (+) and the zone of effect of that relational effect path is hypothesised to be similar to that of the [BrdSkills] (+)6 and [BrdIndMon] (+)7 variables but with an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance8)  – provided by the provisions of the BEAR itself. Alternatively, in the Stage 2 relational approach, the BEAR provisions could be considered as enhancing the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with the ‘drivers’ being the Responsibility Factor No 8 (Delineation and Disclosure of Powers, Duties and Lines of Responsibility in section 2.6.8 of Stage 19) and Decision-making Factor No 7. Again, there is an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance10) provided by the provisions of the BEAR itself. Both approaches give rise to a coverage/rating of +8/100.00 rprox for the following ‘BEARIDAcc’-prefix governance variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • [BEARIDAccPerson] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Identification of Accountable Persons (Generally) – Enhancement of Risk Management and Decision-making and Reporting  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; • [BEARIDAccPersonDir] (+) – Banks – BEAR – Board and Senior Executive Oversight of Accountability  – Identification of Directors on the Board as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; • [BEARIDAccPersonSnrExec] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Identification of Senior Executives as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties  See discussion in section 2.6.5 of Stage 1, ibid., pp. 47–51.  See discussion in section 2.6.7 of Stage 1, ibid., pp. 51–58. 6  Board – Director Skills ‘Mix’ – see Figure 7.2 and discussion in section 7.3.1.2.1 of Stage 1, ibid., pp. 198–201. 7  Board Independent Director: Executive Director Proportion – Monitoring Effect – see discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, ibid., pp. 208–212. 8  See discussion in section 2.6.2 of Stage 1, ibid., pp. 41–43. 9  See discussion in section 2.6.8 of Stage 1, ibid., pp. 54–59. 10  See discussion in section 2.6.2 of Stage 1, ibid., pp. 41–43. 4 5

20.1  ADIs and Accountable Persons

•

•

•

•

•

•

•

691

and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; [BEARIDAccPersonManCont] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Identification of Senior Executive who has Management or Control of an ADI as Accountable Person – Enhancement of Risk Management and Decision-making and Reporting  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-­making, coverage/rating + 8/100.00 rprox; [BEARIDAccPersonSignifSubst] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Identification of Senior Executive who has Management or Control of a Significant or Substantial Part of the Operations of the ADI or Group as an Accountable Person  – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decisionmaking, coverage/rating + 8/100.00 rprox; [BEARIDAccPersonBusinessActivities] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability  – Identification of Senior Executives Responsible for Managing All Business Activities as Accountable Persons  – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; [BEARIDAccPersonAllocate] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability  – Identification of Senior Executives Responsible for Allocating Responsibilities to Accountable Persons and Reporting Directly to the Board as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decisionmaking, coverage/rating + 8/100.00 rprox; [BEARIDAccPersonFinRes] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability  – Identification of Senior Executives Responsible for Managing Financial Resources as Accountable Persons  – Enhancement of Risk Management and Decision-making and Reporting  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; [BEARIDAccPersonRiskCont] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability  – Identification of Senior Executives Responsible for Overall Risk Controls or Overall Risk Management as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; [BEARIDAccPersonRiskADIOps] (+) – Banks – BEAR – Board and Senior Executive Oversight of Accountability  – Identification of Senior Executives Responsible for Management of ADI’s Operations as Accountable Persons  – Enhancement of Risk Management and Decision-making  – Enhancement of

692

•

•

•

•

•

20  The BEAR – Bank Executive Accountability Regime – And APRA’S…

Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; [BEARIDAccPersonIM&ITS] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability  – Identification of Senior Executives Responsible for Information Management including Information Technology Systems as Accountable Persons  – Enhancement of Risk Management and Decision-­making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/ rating + 8/100.00 rprox; [BEARIDAccPersonIntAud] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability  – Identification of Senior Executives Responsible for Management of Internal Audit Function as Accountable Persons  – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; [BEARIDAccPersonComply] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability  – Identification of Senior Executives Responsible for Management of Compliance Function as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; [BEARIDAccPersonHR] (+) – Banks – BEAR – Board and Senior Executive Oversight of Accountability  – Identification of Senior Executives Responsible for Management of Human Resources Function as Accountable Persons  – Enhancement of Risk Management and Decision-making and Reporting  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; and [BEARIDAccPersonAML] (+) – Banks – BEAR – Board and Senior Executive Oversight of Accountability  – Identification of Senior Executives Responsible for Management of Anti-money Laundering Function as Accountable Persons – Enhancement of Risk Management and Decision-making and Reporting  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox.

20.2 BEAR Accountability Obligations of an ADI and an Accountable Person The accountability obligations of an ADI and an accountable person are set out in sections 37C and 37CA. For both the ADI and the accountable person – they are to take reasonable steps to:

20.2  BEAR Accountability Obligations of an ADI and an Accountable Person

693

• conduct its business and by acting with honesty and integrity, and with due skill, care and diligence; and • deal with APRA in an open, constructive and cooperative way; and • prevent matters from arising that would adversely affect the ADI’s prudential standing or prudential reputation; and • for the ADI – ensure that each of its accountable persons meets his or her accountability obligations under section 37CA; Taking reasonable steps is extended in section 37CB to include having: • appropriate governance, control and risk management in relation to a matter; and • safeguards against inappropriate delegations of responsibility in relation to a matter; and • appropriate procedures for identifying and remediating problems that arise or may arise in relation to that matter.

20.2.1 Governance Variables for Accountability Obligations Stage 2 governance variables with the ‘BEARAcc’-prefix will represent the accountability obligations of the ADI and Accountable Person. They are modelled on the [TransTimeMon] (+)11 variable in section 9.1.2.1 of Stage 1 or the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance12) provided by the provisions of the BEAR itself and giving rise to a coverage/rating of +8/100.00 rprox are: • [BEARAccOblige] (+) – Banks – BEAR – Board and Senior Executive Oversight of Accountability  – Accountability Obligations (Generally) of Accountable Persons  – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; • [BEARAccHon&Integ] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability  – Accountability Obligations of Accountable Persons to Act with Honestly and Integrity – Enhancement of Risk Management and Decision-making and Reporting  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; • [BEARAccSkillCareDilig] (+) – Banks – BEAR – Board and Senior Executive Oversight of Accountability  – Accountability Obligations of Accountable Persons to Act with Due Skill, Care and Diligence  – Enhancement of Risk  Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, ibid., pp. 262–263. 12  See discussion in section 2.6.2 of Stage 1, ibid., pp. 41–43. 11

694

20  The BEAR – Bank Executive Accountability Regime – And APRA’S…

Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decisionmaking, coverage/rating + 8/100.00 rprox; • [BEARAccDealAPRA] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability  – Accountability Obligations of Accountable Persons to Deal with APRA in an Open, Constructive and Cooperative Way – Enhancement of Risk Management and Decision-making and Reporting  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; • [BEARAccPrudStand] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability  – Accountability Obligations of Accountable Persons to Prevent Events Harming the ADI’s Prudential Standing or Reputation – Enhancement of Risk Management and Decision-making and Reporting  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; and • [BEARAccADISec37CA] (+) – Banks – BEAR – Board and Senior Executive Oversight of Accountability  – Accountability Obligations of ADI to Ensure Accountable Persons Meets Their Accountability Obligations under Section 37CA  – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox.

20.2.2 Reasonable Steps The reasonable steps provisions are represented by: • [BEARAccReasStepSec37CB] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Accountability Obligations of ADI and Accountable Persons for Reasonable Steps under Section 37CB – Enhancement of Risk Management and Decision-making and Reporting  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox including the sub-variables: –– [BEARAccReasGovContMan] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Accountability Obligations of ADI and Accountable Persons for Reasonable Steps under Section 37CB  – Appropriate Governance, Control and Risk Management in relation to a Matter  – Enhancement of Risk Management and Decision-making and Reporting –- Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; –– [BEARAccReasSafeDeleg] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Accountability Obligations of ADI and Accountable Persons for Reasonable Steps under Section 37CB  –

20.3  Key Personnel Obligations of an ADI

695

Safeguards Against Inappropriate Delegations of Responsibility  – Enhancement of Risk Management and Decision-making and Reporting –Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; and –– [BEARAccReasIDRemedyProb] (+) – Banks – BEAR – Board and Senior Executive Oversight of Accountability – Accountability Obligations of ADI and Accountable Persons for Reasonable Steps under Section 37CB –Appropriate Procedures for Identifying and Remediating Problems  – Enhancement of Risk Management and Decision-making and Reporting –Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-­making, coverage/rating + 8/100.00 rprox.

20.3 Key Personnel Obligations of an ADI The key personnel obligations of an ADI are set out in section 37D to ensure that the responsibilities of the accountable persons of the ADI and its subsidiaries cover: • all parts or aspects of the operations of the relevant group of bodies corporate that is constituted by the ADI and its subsidiaries; and • each of the responsibilities to which subsection 37BA(2) applies; and • to ensure none of the accountable persons of the ADI are prohibited under section 37DA; and • to comply with any directions APRA gives to the ADI under section 37DB.

20.3.1 Governance Variables for Key Personnel Obligations Stage 2 governance variables with the ‘BEARKeyPers’-prefix will represent the key personnel obligations of an accountability obligations of the ADI.  They are modelled on the [TransTimeMon] (+)13 variable in section 9.1.2.1 of Stage 1 or the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance14) provided by the provisions of the BEAR itself and giving rise to a coverage/rating of +8/100.00 rprox as follows: • [BEARKeyPers37D] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Key Personnel Obligations of ADI under Section 37D (Generally) – Enhancement of Risk Management and Decision-making and  Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, ibid., pp. 262–263. 14  See discussion in section 2.6.2 of Stage 1, ibid., pp. 41–43. 13

696

20  The BEAR – Bank Executive Accountability Regime – And APRA’S…

Reporting –- Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox including the sub-variables: –– [BEARKeyPers37DAllParts] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Key Personnel Obligations of ADI under Section 37D  – Obligations to Cover All Parts and Aspects of the Operations of the ADI and Group – Enhancement of Risk Management and Decision-­ making and Reporting –- Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decisionmaking, coverage/rating + 8/100.00 rprox; –– [BEARKeyPers37D37BA(2)] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Key Personnel Obligations of ADI under Section 37D  – Obligations to Cover All Responsibilities In Section 37BA(2)  – Enhancement of Risk Management and Decision-making and Reporting –- Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; –– [BEARKeyPers37DNoProhib] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Key Personnel Obligations of ADI under Section 37D  – No Accountable Persons Prohibited under section 37DA  – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; and –– [BEARKeyPers37DComplyAPRA] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Key Personnel Obligations of ADI under Section 37D  – Comply with APRA Directions under Section 37DB  – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox.

20.4 Deferred Remuneration Obligations of an ADI and Governance Variables For these aspects of the board and senior executive’s functions and responsibilities in relation to the deferred remuneration obligations of an ADI, there a number new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to:

20.4  Deferred Remuneration Obligations of an ADI and Governance Variables

697

• the [EqOptRiskAlignHighEnd] (+) variable in section 12.5 and, in turn, the [EqOptIncent] (+) variable in section 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating + 7/87.50 rprox; and • the [EqOptRiskFailHighEnd] (−) variable in section 12.5 and, in turn, the [EqOptEntrch] (−) variable in section 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating − 7/87.50 rprox. Thus, the BEAR gives rise to the following governance variables for the Stage 2 Key Code and Advanced Handbook:

20.4.1 The Deferred Remuneration Obligation The deferred remuneration obligations of an ADI are set out in section 37E(1) as: (a) to ensure that, in relation to the variable remuneration of an accountable person of the ADI: (i) the payment of a portion of that variable remuneration is deferred for a period; and (ii) the amount of that portion is at least the amount required under section 37EB; and (iii) that period is at least the period required under section 37EC; and (b) to have a remuneration policy in force that requires that, if the person has failed to comply with his or her accountability obligations under section 37CA, the person’s variable remuneration is to be reduced by an amount that is proportionate to the failure; and (c) to ensure that, if the remuneration policy requires the variable remuneration to be reduced because of that failure, the amount of the reduction is not paid to the person. Under subsection (2), a reduction of variable remuneration: (a) need not be a reduction of variable remuneration relating to a period in which the failure occurred; and (b) may be a reduction to zero. These provisions of the BEAR give rise to: • [BEARDeferVarRemPortion] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability –- Defer Payment of a Portion of Variable Remuneration for a Period (Generally) – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; • [BEARDeferVarRemAmount37EB] (+) – Banks – BEAR – Board and Senior Executive Oversight of Accountability –- Defer Amount of a Portion of Variable Remuneration under Section 37EB – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox;

698

20  The BEAR – Bank Executive Accountability Regime – And APRA’S…

• [BEARDeferVarRemPeriod37EC] (+) – Banks – BEAR – Board and Senior Executive Oversight of Accountability –- Period of Deferral of a Portion of Variable Remuneration under Section 37EC – Enhancement of Level of RiskTaking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox; and • [BEARDeferReduceVarRemFail] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability  – Reduction of Person’s Variable Remuneration by Amount Proportionate to the Failure to Comply with Accountability Obligations – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox. For the content of these variables, the BEAR provides for a number of definitions or calculations as follows:

20.4.2 Section 37EA – Meaning of Variable Remuneration (1) The variable remuneration of an accountable person of an ADI, or a subsidiary of an ADI: (i) means so much of the accountable person’s total remuneration as is conditional on the achievement of objectives; and (ii) includes so much of the accountable person’s total remuneration as is remuneration of a kind determined under paragraph (3)(a) or (4)(a) (2) However, remuneration of a kind determined under paragraph (3)(b) or (4)(b) is not variable remuneration of an accountable person of an ADI, or a subsidiary of an ADI. (3) APRA may, by written notice given to an ADI, or a subsidiary of an ADI, determine that: (a) remuneration of a particular kind, of one or more accountable persons of the ADI or subsidiary, is variable remuneration; or (b) remuneration of a particular kind, of one or more accountable persons of the ADI or subsidiary, is not variable remuneration. A determination under this subsection may apply to all accountable persons of the ADI or subsidiary, or be limited to a particular accountable person or class of accountable persons of the ADI or subsidiary. (4) APRA may, by legislative instrument, determine that: (a) remuneration of a particular kind is variable remuneration; or (b) remuneration of a particular kind is not variable remuneration.

20.4  Deferred Remuneration Obligations of an ADI and Governance Variables

699

20.4.3 Section 37EB – Minimum Amount of Variable Remuneration Section 37EB uses a table format to prescribe the minimum amount of variable remuneration to be deferred. In the case of a ‘large ADI’ the minimum amount is: • For the CEO, the lesser of: –– 60% of the CEO’s variable remuneration for the financial year (the relevant financial year) in which the decision was made granting the variable remuneration; or –– 40% of the CEO’s total remuneration for the relevant financial year. • For an accountable person other than the CEO, the lesser of: –– 40% of the accountable person’s variable remuneration for the relevant financial year; or –– 20% of the accountable person’s total remuneration for the relevant financial year.

20.4.4 Section 37EC – Minimum Period of Deferral Subsection 37EC(1) prescribes the minimum period of deferral in relation to variable remuneration of an accountable person as: (a) 4 years; or (b) a shorter period approved by APRA under subsection (4) in relation to the variable remuneration; starting on the day after the day on which the decision was made granting the accountable person the variable remuneration. An extension of the minimum period of deferral may occur under subsection 37EC(2): (2) However, if, at the end of the period under subsection (1), the ADI or subsidiary considers that the accountable person is likely to have failed to comply with his or her accountability obligations under section 37CA, that period is extended until the day the ADI or subsidiary determines whether he or she has failed to comply. Section 37ED provides for an exemption for small amounts of variable remuneration: (1) Paragraph 37E(1)(a) does not apply in relation to the variable remuneration of an accountable person for a financial year if the amount of the person’s variable

700

20  The BEAR – Bank Executive Accountability Regime – And APRA’S…

remuneration that is required, or would apart from this section be required, under subparagraph 37E(1)(a)(ii) to be deferred for that financial year is less than: (a) the amount determined under subsection (2); or (b) if a determination under subsection (2) is not in force – $50,000. (2) The Minister may, by legislative instrument, determine an amount for the purposes of paragraph (1)(a)

20.5 Section 37F – Notification Obligations of an ADI and Governance Variables15 Section 37F provides that: (1) The notification obligations of an ADI are: (a) to give to APRA a document complying with section 37FA (an accountability statement) for each of its accountable persons, and to ensure that APRA is notified of any change to the accountability statement within the period, after the change, provided under subsection (2); and (b) to give to APRA a document complying with section 37FB (an accountability map), and to ensure that APRA is notified of any change to the accountability map within the period, after the change, provided under subsection (2); and (c) to notify APRA of an event mentioned in section 37FC within the period, after the event, provided under subsection (2); and (d) to take reasonable steps to ensure that each of its subsidiaries that is not an ADI complies with paragraphs (a) and (c) as if the subsidiary were an ADI. (2) For the purposes of paragraph (1)(a), (b) or (c), the period is: (a) 14 days; or (b) such other period as determined under subsection (3). (3) APRA may, by legislative instrument, determine, for the purposes of paragraph (2)(b), a period mentioned in paragraph (1)(a), (b) or (c).  The Australian Treasury announced in a Proposals Paper of 22 January 2020 that it proposed to extend the BEAR to other APRA regulated entities in the insurance and superannuation industries with  the  introduction of  the  Financial Accountability Regime (FAR). See Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, accessed 17 February 2020, available at  https://treasury.gov.au/sites/default/files/2020-01/c2020-24974.pdf. See Attachment A  – Summary of changes from the BEAR to the FAR, pp. 11–13. The Government intends to introduce legislation by the  end of  2020 to  implement the  FAR.  See Proposal Paper, Next steps, p  3. Accountability Statements and  Accountability Maps will remain obligations of  the  FAR.  See Proposal Paper, Accountability maps and statements, p 7 and Attachment A, p 12. 15

20.5  Section 37F – Notification Obligations of an ADI and Governance Variables

701

Stage 2 governance variables with the ‘BEARNotify’-prefix will represent the notification obligations of the ADI.  They are modelled on the [TransTimeMon] (+)16 variable in section 9.1.2.1 of Stage 1 or the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance17) provided by the provisions of the BEAR itself and giving rise to a coverage/rating of +8/100.00 rprox as follows: • [BEARNotifyOblige37F] (+) – Banks – BEAR – Board and Senior Executive Oversight of Accountability  – Notification Obligations of ADI under Section 37F – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; • [BEARNotifyAccState37FA] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Notification Obligations of ADI under Section 37F  – Accountability Statement Under Section 37FA Including Changes  – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; • [BEARNotifyAccMap37FB] (+) – Banks – BEAR – Board and Senior Executive Oversight of Accountability  – Notification Obligations of ADI under Section 37F  – Accountability Map Under Section 37FB Including Changes  – Enhancement of Risk Management and Decision-making and Reporting  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 8/100.00 rprox; • [BEARNotifyEventType37FC] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Notification Obligations of ADI under Section 37F – Notify APRA of Event Mentioned in Section 37FC – Enhancement of Risk Management and Decision-making and Reporting  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-­making, coverage/rating + 8/100.00 rprox; • [BEARNotifyEventPeriod37F(2)] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Notification Obligations of ADI under Section 37F – Notify APRA of Event Mentioned in Section 37FC Within Period in Subsection 37F(2) – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating  +  8/100.00 rprox; and • [BEARNotifySubsid] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability  – Notification Obligations of ADI under Section 37F –- Reasonable Steps to Ensure Subsidiary Complies – Enhancement of Risk  Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 2, pp. 262–263. 17  See discussion in section 2.6.2 of Stage 1, above n 2, pp. 41–43. 16

702

20  The BEAR – Bank Executive Accountability Regime – And APRA’S…

Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-­ making, coverage/rating + 8/100.00 rprox. The content of these governance variables are described as follows:

20.5.1 Accountability Statement An accountability statement is explained in section 37FA: (1) For the purposes of paragraph 37F(1)(a), an accountability statement of an ADI, or of a subsidiary of an ADI, for an accountable person of the ADI or subsidiary must contain a comprehensive statement of: (a) the part or aspect of the ADI’s or subsidiary’s operations of which the accountable person has actual or effective responsibility for management or control; and (b) the responsibilities of the accountable person, including any responsibilities to which paragraph 37D(1)(a) applies or subsection 37D(3) applies, as the case requires; and (c) the matters determined by APRA under subsection (2). (2) APRA may, by legislative instrument, determine matters for the purposes of paragraph (1)(c).

20.5.2 Accountability Map An accountability map is explained in section 37FB: (1) For the purposes of paragraph 37F(1)(b), an accountability map of an ADI must contain the following information: (a) the names of all of the accountable persons of the ADI and its subsidiaries; (b) details of the reporting lines and lines of responsibility of those accountable persons; (c) sufficient information to identify an accountable person for each of the responsibilities to which paragraph 37D(1)(a) applies or subsection 37D(3) applies, as the case requires; (d) information of a kind determined by APRA under subsection (2). (2) APRA may, by legislative instrument, determine kinds of information for the purposes of paragraph (1)(d).

20.6  Section 37G – Pecuniary Penalty for Non-compliance with the BEAR

703

20.5.3 Section 37FC – Types of Events for Which APRA Must Be Notified Events for which APRA must be notified are set out in section 37FC: For the purposes of paragraph 37F(1)(c), the following events must be notified to APRA by an ADI: (a) a person ceasing to be an accountable person of the ADI or a subsidiary of the ADI; (b) the dismissal or suspension of an accountable person by the ADI, or subsidiary of the ADI, because the person has failed to comply with his or her accountability obligations under 37CA; (c) the reduction of the variable remuneration of a person by the ADI, or subsidiary of the ADI, because the person has failed to comply with his or her accountability obligations under section 37CA; (d) the ADI becoming aware of: (i) a breach by the ADI of its accountability obligations under section 37C; or (ii) a breach by an accountable person of the ADI, or of a subsidiary of the ADI, of his or her accountability obligations under section 37CA.

20.6 Section 37G – Pecuniary Penalty for Non-compliance with the BEAR 20.6.1 Section 37G – Pecuniary Penalty The pecuniary penalty for breaching the BEAR provisions are set out in section 37G: (1) An ADI is liable to a pecuniary penalty if: (i) the ADI contravenes its obligations under this Part (other than this Division); and (ii) the contravention relates to prudential matters. (2) The amount of the pecuniary penalty is an amount not exceeding: (i) if the ADI is a large ADI–1,000,000 penalty units; or (ii) if the ADI is a medium ADI–250,000 penalty units; or (iii) if the ADI is a small ADI–50,000 penalty units. (3) The Minister may, by legislative instrument, determine: (i) the kinds of ADIs that are large ADIs; and (ii) the kinds of ADIs that are medium ADIs; and (iii) the kinds of ADIs that are small ADIs.

704

20  The BEAR – Bank Executive Accountability Regime – And APRA’S…

(4) In determining the pecuniary penalty, the Federal Court of Australia must have regard to the impact that the penalty would have on the viability of the ADI. (5) Subsection (4) does not limit subclause 1(3) of Schedule 2. (6) This section is a civil penalty provision.

20.6.2 Prudential Matters A prudential matter is defined in section 5 of the Banking Act as: “prudential matters” means matters relating to: (a) the conduct of any part of the affairs of, or the structuring or organising of, an ADI,…, a relevant group of bodies corporate, or a particular member or members of such a group, in such a way as: (i) to keep the ADI, …, group or member or members of the group in a sound financial position; or (ii) to facilitate resolution of the ADI, …, group or member or members of the group; or (iii) to protect the interests of depositors of any ADI; or (iv) not to cause or promote instability in the Australian financial system; or (v) not to cause or promote instability in the New Zealand financial system; or (b) the conduct of any part of the affairs of an ADI,…, a relevant group of bodies corporate, or a particular member or members of such a group, with integrity, prudence and professional skill.

20.6.3 Resolution The term “resolution” is also further defined in section 5: “resolution” means the process by which APRA or other relevant persons manage or respond to an entity: (a) being unable to meet its obligations; or (b) being considered likely to be unable, or being considered likely to become unable, to meet its obligations; or (c) suspending payment, or being considered likely to suspend payment; including through the exercise of powers and functions under this Act or another law.

20.7  Registration of Accountable Persons

705

20.7 Registration of Accountable Persons 20.7.1 Section 37H – Register of Accountable Persons Section 37H requires APRA to establish a register of accountable persons as follows: (1) APRA must establish and keep a register of accountable persons. (2) The register may be kept by electronic means. (3) The register is not a legislative instrument. (4) The register must contain, for each accountable person: (a) the person’s name; and (b) the date of the person’s registration as an accountable person; and (c) the date the person ceases to be an accountable person; and (d) details of any disqualification of the person under section 21 or 37J; and (e) details of any variation or revocation of disqualification under section 22 or 37JA; and (f) details of any direction APRA has given in relation to the person that is: (i) a direction under section 11CA of a kind mentioned in paragraph 11CA(2)(c) or (d); or (ii) a direction under section 23; and (g) such other information as APRA considers appropriate.

20.7.2 Section 37HA – Registration as an Accountable Person An application by an ADI for registration of an accountable person is made to APRA as follows: ( 1) An ADI may apply to APRA to register a person as an accountable person. (2) The application must: (a) be in the form approved in writing by APRA; and (b) contain the information that the form requires; and (c) include a signed declaration that the ADI is satisfied the person is suitable to be an accountable person; and (d) include the accountability statement for the person under section 37F. (3) APRA may, by written notice given to the ADI, request the ADI to give to APRA further information in relation to the application. (4) APRA must, within the period provided under subsection (5), register a person as an accountable person if: (a) the application meets the requirements of subsection (2); and

706

20  The BEAR – Bank Executive Accountability Regime – And APRA’S…

(b) the ADI gives to APRA any further information requested under subsection (3) in relation to the application; unless the ADI withdraws the application before the day of registration. (5) The period for registration under subsection (4) is the period of 14 days after: (a) the day the application is made; or (b) if APRA requests the ADI to give further information under subsection (3) in relation to the application – the day the ADI gives the further information to APRA. The Stage 2 governance variable [BEARRegAccPerson37HA] (+) will represent the registration obligations of the ADI. It is modelled on the [TransTimeMon] (+)18 variable in section 9.1.2.1 of Stage 1. Alternatively, it is modelled on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance19) provided by the provisions of the BEAR itself and giving rise to a coverage/rating of +8/100.00 rprox as follows: • [BEARRegAccPerson37HA] (+)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability – Registration Obligations of ADI under Section 37HA – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating of +8/100.00 rprox.

20.8 Disqualification of Accountable Persons 20.8.1 Section 37J – Disqualification by APRA Section 37J permits APRA to disqualify an accountable person as follows: (1) APRA may disqualify a person from being or acting as an accountable person, for a period that APRA considers appropriate, if APRA is satisfied that: (a) the person has not complied with his or her accountability obligations under section 37CA; and (b) having regard to the seriousness of the non-compliance, the disqualification is justified. (2) For the purposes of subsection (1), APRA may disqualify a person from being or acting as an accountable person of one or more of the following:

 Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 2, pp. 262–263. 19  See discussion in section 2.6.2 of Stage 1, above n 2, pp. 41–43. 18

20.8  Disqualification of Accountable Persons

707

(a) a particular ADI; (b) a particular subsidiary of an ADI; (c) a class of ADIs; (d) a class of subsidiaries of ADIs; (e) any ADI; (f) any subsidiary of an ADI. Written notice provisions are provided for in subsections (3)–(8).

20.8.2 Section 37JA – APRA May Vary or Revoke a Disqualification Revoking a disqualification is governed by section 37JA: (1) APRA may vary or revoke a disqualification made under section 37J on its own initiative or on application by a person disqualified under that section. (2) A variation or revocation of a disqualification takes effect on the day on which it is made. (3) APRA must give the person written notice of: (a) a variation or revocation of a disqualification; or (b) if the person applied for a disqualification to be varied or revoked – a refusal to vary or revoke the disqualification. (4) Part VI applies to a decision by APRA under this section to: (a) vary a disqualification; or (b) refuse to vary or revoke a disqualification.

20.8.3 Section 37JC – Allowing a Person Disqualified by APRA to Act as an Accountable Person Allowing a person disqualified by APRA to act as an accountable person is a contravention of subsection 37JC(1): (1) An ADI, or a subsidiary of an ADI, contravenes this subsection if: (a) a person is disqualified under section 37J; and (b) the person is or acts as an accountable person of the ADI or subsidiary; and (c) the person is disqualified from being or acting as an accountable person in the ADI or subsidiary; and (d) the ADI or subsidiary allows the person to be or act as an accountable person.

708

20  The BEAR – Bank Executive Accountability Regime – And APRA’S…

Subsection (2) provides for a fault-based offence and subsection (3) a strict liability offence for contravening subsection (1). The Stage 2 governance variable [BEARDisqualPerson37JC] (−) will represent the breach by an ADI of the obligation not to allow a disqualified person to act as an accountable person. It is modelled on the [TransTimeMon] (+)20 variable in section 9.1.2.1 of Stage 1 but in the negative direction. Alternatively, it is based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance21) provided by the provisions of the BEAR itself but again in the negative direction. This gives rise to a coverage/rating of −8/100.00 rprox as follows: • [BEARDisqualPerson37JC] (−)  – Banks  – BEAR  – Board and Senior Executive Oversight of Accountability  – Breach by ADI of Obligation Not to allow a Disqualified Person to Act as an Accountable Person – Reduction in Risk Management and Decision-making and Reporting  – Reduction in Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decisionmaking, coverage/rating of −8/100.00 rprox.

20.8.4 Section 37KA – Indemnifying ADIs and Accountable Persons Not Permitted Except for Liability for Legal Costs ADIs and accountable persons must not be indemnified as section 37KA provides: (1) A related body corporate of an ADI must not (whether by agreement or by making a payment and whether directly or through an interposed entity): (a) indemnify the ADI against the consequences of breaching an obligation under this Part; or (b) pay, or agree to pay, a premium for a contract insuring the ADI against the consequences of breaching an obligation under this Part. (2) An ADI, or a related body corporate of an ADI, must not (whether by agreement or by making a payment and whether directly or through an interposed entity): (a) indemnify a person who is or was an accountable person of the ADI against the consequences of breaching an obligation under this Part; or (b) pay, or agree to pay, a premium for a contract insuring such a person against the consequences of breaching an obligation under this Part. (3) This section does not apply to a liability for legal costs.  Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 2, pp. 262–263. 21  See discussion in section 2.6.2 of Stage 1, above n 2, pp. 41–43. 20

20.9  APRA’s Improvements for Non-Financial Risk Accountabilities Not Being Clear…

709

20.9 APRA’s Improvements for Non-Financial Risk Accountabilities Not Being Clear, Cascaded and Enforced (NFRAccFail) The APRA Information Paper 2019 identified that “accountabilities for non-­ financial risk management could be strengthened” and that “risk ownership and accountabilities should be better defined, and supported through remuneration frameworks and consequence management practices”.22 In Sect. 20.1 above, because the BEAR provisions in effect require an accountable person to be identified and, later, disclosed (and, later again, obligations are placed on such a person), the approach to the governance variables in this Sect. 20.9 will be to hypothesise that they are identical in behaviour and relational effect path to a disclosure variable – the [TransTimeMon] (+)23 variable in section 9.1.2.1 of Stage 1 with a coverage/rating of +8/100.00 rprox but in the negative (−) direction. The [TransTimeMon] (+) variable links, most directly, the transparency and timing of (here, identification, disclosure and) reporting with both enhancement of the risk management and monitoring function (Risk Management, Monitoring & Audit Factor No 524) and the quality of decision-making (Decision-making Factor No 725) as the governance factor ‘sources’ or ‘drivers’ of that variable. Given its focus on risk management, monitoring and decision-making, the [TransTimeMon] (+) variable’s relational effect path is positive (+) and the zone of effect of that relational effect path is hypothesised to be similar to that of the [BrdSkills] (+)26 and [BrdIndMon] (+)27 variables but with an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance28) – provided by the provisions of the BEAR itself. But, in this Sect. 20.9, the effect is in the negative (−) direction. Alternatively, in the Stage 2 relational approach, the BEAR provisions could be considered as enhancing the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, coverage/rating + 7/87.50 rprox, with the ‘drivers’ being the Responsibility Factor No 8 (Delineation and Disclosure of Powers, Duties and Lines of Responsibility in

 Australian Prudential Regulation Authority (APRA), Information Paper, Self-Assessments of Governance, Accountability and Culture, 22 May 2019, accessed 5 June 2019, available at https:// www.apra.gov.au/sites/default/files/information_paper_self-­assessment_of_governance_accountability_and_culture.pdf, (APRA Information Paper 2019’),p 17. 23  Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 2, pp. 262–263. 24  See discussion in section 2.6.5 of Stage 1, above n 2, pp. 47–51. 25  See discussion in section 2.6.7 of Stage 1, above n 2, pp. 51–58. 26  Board – Director Skills ‘Mix’ – see Figure 7.2 and discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp. 198–201. 27  Board Independent Director: Executive Director Proportion – Monitoring Effect – see discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, above 2, pp. 208–212. 28  See discussion in section 2.6.2 of Stage 1, above n 2, pp. 41–43. 22

710

20  The BEAR – Bank Executive Accountability Regime – And APRA’S…

section 2.6.8 of Stage 129) and Decision-making Factor No 7. Again, there is an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance30) provided by the provisions of the BEAR itself. But, again in this Sec. 20.9, the effect is in the negative (−) direction giving rise to a coverage/rating of −8/100.00 rprox. Both approaches give rise to a coverage/rating of −8/100.00 rprox for the following ‘NFRAcc’-prefix governance variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2) above as follows: • “accountabilities for non-financial risks not always clearly understood”:31 –– [NFRAccFailClearAccs] (−) – Banks – Non-Financial Risk Accountabilities – “Accountabilities for Non-Financial Risks were Not always Clear” (Generally) –– Reduction in Risk Management and Decision-making and Reporting  – Reduction in Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making  – coverage/rating  −  8/100.00 rprox (APRA Information Paper 2019);32 –– [NFRAccFailClearMultiBU] (−)  – Banks  – Non-Financial Risk Accountabilities  – “Accountabilities for Non-Financial Risks were Not always Clear” for “Risks, Controls and Processes Span[ning] Multiple Business Units or Divisions” –– Reduction in Risk Management and Decisionmaking and Reporting – Reduction in Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making  – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);33 –– [NFRAccFailRoles&Accs] (−)  – Banks  – Non-Financial Risk Accountabilities  – “Accountabilities for Non-Financial Risks were Not always Clear” – Failure to Clarify Roles and Accountabilities –– Reduction in Risk Management and Decision-making and Reporting  – Reduction in Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-­making  – coverage/rating  −  8/100.00 rprox (APRA Information Paper 2019);34 –– [NFRAccFailEndToEndOshipProc] (−)  – Banks  – Non-Financial Risk Accountabilities  – “Accountabilities for Non-Financial Risks were Not always Clear”  – Failure of “End-to-End Ownership of Processes” –– Reduction in Risk Management and Decision-making and Reporting  – Reduction in Delineation and Disclosure of Powers, Duties and Lines of

 See discussion in section 2.6.8 of Stage 1, above n 2, pp. 54–59.  See discussion in section 2.6.2 of Stage 1, above n 2, pp. 41–43. 31  APRA Information Paper 2019, above n 22, p 17. 32  Ibid. 33  Ibid. 34  Ibid. 29 30

20.9  APRA’s Improvements for Non-Financial Risk Accountabilities Not Being Clear…

711

Responsibility and Decision-making  – coverage/rating  −  8/100.00 rprox (APRA Information Paper 2019);35 –– [NFRAccFailOrg&ProcComplex] (−)  – Banks  – Non-Financial Risk Accountabilities  – “Accountabilities for Non-Financial Risks were Not always Clear”  – “Organisational and Process Complexity…Confusing Accountabilities” –– Reduction in Risk Management and Decision-making and Reporting – Reduction in Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making  – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);36 –– [NFRAccFailMultiForumsCms] (−)  – Banks  – Non-Financial Risk Accountabilities  – “Accountabilities for Non-Financial Risks were Not always Clear”  – Multiple Forums and Committees…Confusing Accountabilities” –– Reduction in Risk Management and Decision-making and Reporting – Reduction in Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making  – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);37 and –– [NFRAccFailMultiLeaders] (−)  – Banks  – Non-Financial Risk Accountabilities  – “Accountabilities for Non-Financial Risks were Not always Clear” – Multiple Accountable Leaders Rotating Across or Leaving Institution –– Reduction in Risk Management and Decision-making and Reporting – Reduction in Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);38 • “need to enhance consequence management…[through] the application of direct and proportionate consequences to hold individuals to account when issues emerge and are not promptly addressed”:39 –– [NFRAccFailConseqMan] (−)  – Banks  – Non-Financial Risk Accountabilities ––– Failure of Consequence Management for Individuals – Reduction in Risk Management and Decision-making and Reporting  – Reduction in Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making  – coverage/rating  −  8/100.00 rprox (APRA Information Paper 2019);40 and –– [NFRAccFailConseqManMultiDivFnsLvls] (−) – Banks – Non-Financial Risk Accountabilities – Failure of Consequence Management for Individuals “Between Divisions, Back and Front Office Functions, and Staff Levels” – Reduction in Risk Management and Decision-making and Reporting  –

 Ibid.  Ibid. 37  Ibid. 38  Ibid. p 18. 39  Ibid. 40  Ibid. 35 36

712

20  The BEAR – Bank Executive Accountability Regime – And APRA’S…

Reduction in Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making  – coverage/rating  −  8/100.00 rprox (APRA Information Paper 2019).41 The APRA Information Paper 2019 also found “remuneration and risk misaligned”42 with the following “high level” observations: • some institutions recognised a need for stronger board oversight and challenge of remuneration outcomes; • risk information provided to the board remuneration committee for remuneration purposes appeared to be at a high level without a clear link to the institution’s broader approach to risk management; • while non-financial metrics were commonly included in scorecards, it appeared that a disproportionate focus was placed on the achievement of financial metrics; • the level of input by the risk function and the board risk committee (or equivalent) into the risk assessment component in scorecards remained limited for most institutions; and • guidelines for the use of adjustment tools such as malus and clawback need development.43

 Ibid.  Ibid. 43  Ibid, p 19. 41 42

Chapter 21

APRA Revised Draft Prudential Standard CPS 511 Remuneration

Abstract  To conclude this Part 4 on remuneration, Chap. 21 examines the APRA revised draft Prudential Standard CPS 511 Remuneration of November 2020. The examination begins with the APRA remuneration framework including the role of the Board in the oversight of the remuneration framework and review of the same. We then examine variable remuneration design, variable remuneration outcomes, variable remuneration of specified roles, deferral and clawback. The chapter concludes with APRA remuneration policy and other requirements of CPS 511. Keywords  APRA · Australian Prudential Regulation Authority · CPS 511 Remuneration · Remuneration framework · Role of the board · Variable remuneration design · Variable remuneration outcomes · Specified roles · Deferral · Clawback · Remuneration policy To conclude this Stage 2 examination of remuneration in Part 4, at the time of writing APRA has released a Revised Draft Prudential Standard CPS 511 Remuneration1 for APRA-regulated entities.

 Australian Prudential Regulation Authority, Revised Draft Prudential Standard CPS 511 Remuneration, November 2020, accessed 19 November 2020, available at: https://www.apra. gov.au/sites/default/files/%5Bdate%3Acustom%3AY%5D-%5Bdate%3Acustom%3Am%5D/ RevisedDraftPrudentialStandardCPS511Remuneration-­C lean-­N ovember2020.pdf (“CPS 511”). For earlier versions of CPS 511, see Australian Prudential Regulation Authority, Draft Prudential Standard CPS 511 Remuneration, Draft July 2019 available at https://www.apra.gov. au/sites/default/files/draft_prudential_standard_cps_511_remuneration_v2.pdf. See also: 1

• Consultation on Remuneration Requirements for all APRA-regulated entities, accessed 22 September 2019, available at https://www.apra.gov.au/consultation-remunerationrequirements-­all-apra-regulated-entities; and

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_21

713

714

21  APRA Revised Draft Prudential Standard CPS 511 Remuneration

As noted in Chap. 12, in the application of its Revised Draft, APRA now distinguishes between two classes of APRA-regulated entities: • paragraphs 1–60 apply to any “significant financial institution”; and • paragraphs 1–18 and 61–74 apply to any “non-SFI”.2 For commencement, the Revised Draft applies: • for an ADI that is a significant financial institution (whether or not the ADI is a member of any group) or a group headed by an ADI or authorised NOHC that is a significant financial institution, on 1 January 2023.3 In this Stage 2 Key Code and Advanced Handbook, the governance variables presented from CPS 511 will be limited to those for significant financial institutions and not Non-SFIs. Under s 18(s), a significant financial institution  – means an APRA-regulated entity that is either: (i) of a certain size as may be specified by APRA from time to time; or (ii) determined as such by APRA having regard to matters such as complexity in its operations or remuneration practices, or its membership of a group.4

• Discussion paper: Strengthening prudential requirements for remuneration July 2019, accessed 22 September 2019, available at https://www.apra.gov.au/sites/default/files/ discussion_paper_strengthening_prudential_requirements_for_remuneration_july_ 2019_v1.pdf. Recent pronouncements from APRA in January 2020 state that this draft will be finalised in the first half of 2020 with an expected effective date of July 2021. See: • Australian Prudential Regulation Authority, Information Paper, APRA’s Policy Priorities, January 2020, accessed 17 February 2020, available at https://www.apra.gov.au/apras-policy-­ priorities, section 2.1.2 Remuneration and Attachment B: Timelines; and • Australian Prudential Regulation Authority, Information Paper, APRA’s Supervision Priorities, January 2020, accessed 17 February 2020, available at https://www.apra.gov.au/apras-­ supervision-­priorities, section 2.3.3 Remuneration. In addition to finalisation of APRA’s Draft Prudential Standard 511 Remuneration, APRA has announced that it intends to consult on revised versions of Prudential Standard CPS 510 Governance, Prudential Standard CPS 220 Risk Management and Prudential Standard 520 Fit and Proper in the second half of 2020 with expected effective dates of 2022. See the above Information Paper, APRA’s Policy Priorities, section 2.1.1 Governance and risk management, section 2.1.3 Accountability and Attachment B: Timelines. 2  Ibid, CPS 511, section 4, pp 3–4. 3  Ibid, section 9(a), p 4. 4  Ibid, section 18(s)(i) and (ii), p 8.

21.1  APRA Remuneration Framework

715

21.1 APRA Remuneration Framework For establishing the Remuneration Framework of the APRA-regulated entity, there are a number of new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 15 with a coverage/rating of +7/87.50 rprox (except as noted): • [511RemFrameAlignPromoteSupport] (+)  – Banks  – 511RemFrame  – Remuneration Framework of APRA-regulated Entity – Entity Must Maintain a Remuneration Framework – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511) including: –– “aligns with the entity’s business plan, strategic objectives and risk management framework”; –– “promotes effective management of both financial and non-financial risks, sustainable performance and the entity’s long-term soundness”; –– “for an RSE licensee, promotes performing its duties and exercising its powers in the best financial interests of beneficiaries”; and –– “supports the prevention and mitigation of conduct risk.”6 • [511RemFrameDocPolicy] (+)  – Banks  – 511RemFrame  – Remuneration Framework of APRA-regulated Entity – Remuneration Framework Must Include Documented Remuneration Policy – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511),7 including at a minimum: –– “how the Remuneration Framework addresses paragraph 19 of [CPS 511]”; –– “at a high level, the structure and terms of remuneration arrangements that apply to a person who is”: • “employed directly by the APRA-regulated entity”; • “retained directly by the APRA-regulated entity under contract”; and  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 6  CPS 511, above n 1, section 19, p 9. 7  Ibid, section 20, p 9. 5

716

21  APRA Revised Draft Prudential Standard CPS 511 Remuneration

• “employed by, or is a contractor of a body corporate (including a service company) that is a related body corporate or connected entity, of the APRA-regulated entity”; –– “the process to identify and address inconsistencies with paragraph 19 of [CPS 511] that may result from the remuneration arrangements of a service provider that is not a related body corporate or connected entity of the APRA-­ regulated entity”; and –– “the systems and processes that support the implementation of the entity’s remuneration arrangements, including those that cover the assessment and management of performance, conduct and consequences”.8

21.2 APRA Role of the Board in the Remuneration Framework For the role of the Board in the oversight of the Remuneration Framework of the APRA-regulated entity, there are a number new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of +7/87.50 rprox (except as noted): • [511BrdRoleOsightRemFrame&Application] (+)  – Banks  – 511BrdRole  – Remuneration Framework of APRA-regulated Entity  – Board Oversight of Remuneration Framework and its Effective Application – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511);9 • [511BrdRoleOsightApproveRemPolicy20] (+)  – Banks  – 511BrdRole  – Remuneration Framework of APRA-regulated Entity  – Board Oversight and Approval of Remuneration Policy Under Paragraph 20 of CPS 511 – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511);10 • [511BrdRoleEstabCC] (+) – Banks – 511BrdRole – Remuneration Framework of APRA-regulated Entity  – Board Establishment of Board Compensation/ Remuneration Committee – Enhancement of Level of Risk-Taking in Alignment

 Ibid.  Ibid, section 21, p 9. 10  Ibid, section 22, p 10. 8 9

21.3  APRA Review of the Remuneration Framework

717

with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511),11 including which: –– “oversees the design, operation and monitoring of the remuneration framework”; –– “is appropriately composed to enable it to exercise competent and independent judgment when fulfilling requirements under” this variable; and –– “has the powers necessary to perform its functions”.12 APRA’s requirements in the Revised Draft Prudential Standard CPS 511 Remuneration for the Board Compensation/Remuneration Committee are set out in Sect. 12.6 of Chap. 12.

21.3 APRA Review of the Remuneration Framework For the review of the Remuneration Framework of the APRA-regulated entity, there are a number of new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of +7/87.50 rprox (except as noted): • [511RemFrameAnnualReview] (+) – Banks – 511RemFrame – Remuneration Framework of APRA-regulated Entity – At Least Annual Review of Remuneration Framework for Compliance with CPS 511  – Enhancement of Level of Risk-­ Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511);13 • [511RemFrameComprehenReview3Years] (+)  – Banks  – 511RemFrame  – Remuneration Framework of APRA-regulated Entity – Comprehensive Review of Effectiveness of Remuneration Framework by Operationally Independent, Appropriately Experienced and Competent Persons at Least Every 3  Years  – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511);14 • [511RemFrameReviewReportsToCC] (+)  – Banks  – 511RemFrame  – Remuneration Framework of APRA-regulated Entity  – Results of Annual and 3-Year Reviews Documented and Reported to Compensation/Remuneration Committee in Timely Manner  – Enhancement of Level of Risk-Taking in

 Ibid, sections 23, p 10.  Ibid, sections 23(a)–(c), p 10. 13  Ibid, section 31, p 11. 14  Ibid, section 32, p 11. 11 12

718

21  APRA Revised Draft Prudential Standard CPS 511 Remuneration

Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511),15 including: –– “Compensation/Remuneration Committee must take appropriate and timely action to ensure the findings of these reviews are adequately considered and addressed”;16 • [511RemFrameRequirementsFor3YearReviews] (+)  – Banks  – 511RemFrame  – Review of Remuneration Framework of APRA-regulated Entity – Requirements for 3-Yearly Comprehensive Review – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511),17 including assessment of: –– “compliance of the remuneration framework with paragraph 19 of [CPS 511] (Remuneration Framework)”; –– “whether the remuneration framework and its elements are operating as intended”; –– “whether design is appropriate and fit for purpose”; and –– “the alignment of remuneration outcomes with the performance and risk outcomes achieved”.18 • [511RemFrameMatChangeSizeMixComplex] (+) – Banks – 511RemFrame – Remuneration Framework of APRA-regulated Entity – Material Change in Size, Business Mix and Complexity of Operations Identified Outside 3-Yearly Comprehensive Review  – Entity to Consider and Address Need to Amend or Review the Remuneration Framework – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511).19

21.4 APRA Variable Remuneration Design For the design of variable remuneration arrangements, there are a number of new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of +7/87.50 rprox (except as noted): • [511RemDesignArrangements] (+)  – Banks  – 511RemDesign  – Design of Variable Remuneration  – Design of Variable Remuneration to Align with  Ibid, section 33, p 11.  Ibid. 17  Ibid, section 34, p 11. 18  Ibid, sections 34(a)–(d), p 11. 19  Ibid, section 35, p 11. 15 16

21.4  APRA Variable Remuneration Design

719

Remuneration Objectives – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511),20 including incorporation of: –– “financial and non-financial risks that could materially impact the entity’s risk profile, sustainable performance, long-term soundness, and in addition for an RSE licensee, those risks that could materially impact on performing its duties and exercising its powers in the best financial interests of beneficiaries”; –– “payout and vesting schedules that are commensurate with the possible range of risk and performance outcomes and that are sensitive to the time horizon of risk”; –– “appropriate remuneration adjustment tools, that include but are not limited to overriding board discretion at each decision point, in-period adjustments, malus and where appropriate clawback, which are supported by a downward-­ adjustments process: • with clearly identified triggers to make a downward-adjustment; • that determines the appropriate adjustment tools to use; and • that determines the amount of downward-adjustment, to nil if appropriate”.21 • [511RemDesignMatWeightNonFinMeas] (+)  – Banks  – 511RemDesign  – Design of Variable Remuneration  – Material Weighting to Non-Financial Measures for Performance-Related Variable Remuneration  – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511);22 • [511RemDesignAdjustmentRisk&ConductOuts] (+)  – Banks  – 511RemDesign  – Design of Variable Remuneration  – Adjustment of Variable Remuneration “Potentially to Nil, for Adverse Risk and Conduct Outcomes, Based on Clearly Defined Risk Criteria” – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511);23 • [511RemDesignCriteriaApplicationMalus38] (+) – Banks – 511RemDesign – Design of Variable Remuneration – Specific Criteria for Application of Malus to Unvested Variable Remuneration  – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511)24 including at least: –– “misconduct leading to significant adverse outcomes”; –– “a significant failure of financial or non-financial risk management”;

 Ibid, section 36, pp 11–12.  Ibid, section 36(a) – (e), pp 11–12. 22  Ibid, section 37(a), p 12. 23  Ibid, section 37(b), p 12. 24  Ibid, section 38, p 12. 20 21

720

21  APRA Revised Draft Prudential Standard CPS 511 Remuneration

–– “a significant failure or breach of accountability, fitness and propriety, or compliance obligations”; –– “a significant error or a significant misstatement of criteria on which the variable remuneration determination was based”; and –– “significant adverse outcomes for customers, beneficiaries or counterparties”.25 • [511RemDesignReasStepsToReduceUnvestVarRem38] (+)  – Banks  – 511RemDesign  – Design of Variable Remuneration  – Reasonable Steps to Reduce Any Unvested Variable Remuneration for Circumstances in Paragraph 38 (Criteria for Malus of Unvested Variable Remuneration) – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511)26 including: –– “variable remuneration must not vest until the investigation is closed”.27 • [511RemDesignStepsAssessMitigateConflicts] (+) – Banks – 511RemDesign – Design of Variable Remuneration – “Appropriate Steps to Assess and Mitigate Conflicts of Interest in the Design of its Remuneration Arrangements”  – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511)28 including: –– service contracts;29 and • [511RemDesignNoAccelerationOfVestingVarRem] (+)  – Banks  – 511RemDesign – Design of Variable Remuneration – No Acceleration of Vesting of Unvested Variable Remuneration for a Person in a “Specified Role” No Longer Employed or Engaged by Entity  – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511),30 including: –– “specific exceptions” limited to – “death, serious incapacity, serious disability, serious illness or partial vesting of only the amount required to enable the person to cover taxation obligations arising from the deferred variable remuneration at termination”;31 and –– “If that person is eligible for any unvested variable remuneration, it must be subject to the same vesting conditions as those for a person employed or engaged by the entity”.32

 Ibid, section 38(a) – (e), p 12.  Ibid, section 39, p 12. 27  Ibid. 28  Ibid, section 40, p 13. 29  Ibid. 30  Ibid, section 41, p 13. 31  Ibid, section 41, footnote 12, p 13. 32  Ibid, section 41, p 13. 25 26

21.5  APRA Variable Remuneration Outcomes

721

21.5 APRA Variable Remuneration Outcomes For the design of variable remuneration arrangements, there are a number of new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of +7/87.50 rprox (except as noted): • [511RemOutsPerform&RiskAlign] (+)  – Banks  – 511RemOuts  – Variable Remuneration Outcomes – Variable Remuneration Outcomes to be Aligned with Performance and Risk Outcomes  – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511);33 • [511RemOutsReflectRemAdjustTools36(c)] (+)  – Banks  – 511RemOuts  – Variable Remuneration Outcomes  – Reflect Appropriate Application of Remuneration Adjustment Tools in Variable Remuneration Outcomes from CPS511 Para 36(c) – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511);34 • [511RemOutsCondsPay&VestVarRem] (+) – Banks – 511RemOuts – Variable Remuneration Outcomes  – Conditions for Entity to Pay or Vest Variable Remuneration to a Person – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511),35 including payment or vesting only if it: –– “supports the entity’s compliance with paragraph 19 of [CPS 511]” (Remuneration Framework); and –– “is justified on the basis of the effectiveness of risk management of the entity and the relevant business unit”; and –– “is justified on the basis of the performance of the person, the relevant business unit and the entity”;36 and • [511RemOutsPerfManSystCodeConductConseqMan] (+)  – Banks  – 511RemOuts  – Variable Remuneration Outcomes  – Variable Remuneration Outcomes Must be Linked to and Supported by Entity’s Performance Management System, Code of Conduct and Consequence Management Processes  – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511).37

 Ibid, section 42(a), p 13.  Ibid, section 42(b), p 13. 35  Ibid, section 43, p 13. 36  Ibid, sections 43(a)–(c), p 13. 37  Ibid, section 44, p 13. 33 34

722

21  APRA Revised Draft Prudential Standard CPS 511 Remuneration

21.6 APRA Variable Remuneration of Specified Roles In CPS 511: • “specified role – means a person who is a senior manager, executive director, material risk-taker (including highly-paid material risk-takers) and risk and financial control personnel”.38 For the design, implementation, oversight and assessment of variable remuneration arrangements of all persons in specified roles, there are a number of new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of +7/87.50 rprox (except as noted): • [511SpecRolePrudManVarRemunSpecRole] (+)  – Banks  – 511SpecRole  – Specified Roles  – Entity Must Prudently Manage the Variable Remuneration Arrangements of All Specified Roles – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511);39 • [511SpecRoleCCGuideSnrManLvlTimeRiskAdjust] (+)  – Banks  – 511SpecRole  – Specified Roles  – Compensation/Remuneration Committee to Give Clear Guidance to Senior Management on its Expectations in Determining the Appropriate Level and Timing of Risk Adjustments to Variable Remuneration Outcomes for Specified Roles  – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511);40 • [511SpecRoleCCAsseess&RecToBrdAnnuallyVarRem47] (+)  – Banks  – 511SpecRole  – Specified Roles  – Compensation/Remuneration Committee to Recommend Annually to Board on Remuneration Arrangements and Variable Remuneration Outcomes for Specified Roles – Enhancement of Level of Risk-­ Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511),41 including: –– “individually for senior managers and executive directors”; –– “on a cohort basis for highly-paid material risk-takers, other material risk-­ takers and risk and financial control personnel”;42 • [511SpecRoleCCObtainInfoDetermination] (+)  – Banks  – 511SpecRole  – Specified Roles – Compensation/Remuneration Committee to Obtain Sufficient

 Ibid, section 18(t), p 8.  Ibid, section 45, p 13. 40  Ibid, section 46, p 13. 41  Ibid, section 47, p 14. 42  Ibid, sections 47(a) and (b), p 14. 38 39

21.6  APRA Variable Remuneration of Specified Roles

723

Information to Enable Remunerations Outcomes to be Commensurate with Performance and Risk Outcomes  – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511)43 including: –– “determine whether the variable remuneration arrangement, individually and on a cohort basis”: • “is appropriate to meet its intended purpose and expected remuneration outcomes”; and • “supports the entity’s compliance with paragraph 19 of [CPS 511]” (Remuneration Framework);44 • [511SpecRoleBrdApproveVarRemOutcomes] (+)  – Banks  – 511SpecRole  – Specified Roles – Board or Oversight Function to Approve Variable Remuneration Outcomes for Persons in Specified Roles – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511)45 including: –– “individually for senior managers and executive directors”; and –– “on a cohort basis for highly-paid material risk-takers, other material risk-­ takers and risk and financial control personnel”;46 • [511SpecRoleVarRemRisk&FinContPersonsIndep] (+)  – Banks  – 511SpecRole – Specified Roles – Variable Remuneration Arrangements for Risk and Financial Control Personnel  – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511),47 including: –– “reflect the independence and authority of those personnel in carrying out their functions”; –– “reflect the purpose of their functions”; and –– “not be unduly influenced by the performance of the business activities they control”.48

 Ibid, section 48(a), p 14.  Ibid, sections 48(b)(i) and (ii), p14. 45  Ibid, section 49, p 14. 46  Ibid, sections 49(a) and (b), p 14 47  Ibid, section 50, p 14. 48  Ibid, sections 50(a) – (c), p 14. 43 44

724

21  APRA Revised Draft Prudential Standard CPS 511 Remuneration

21.7 APRA Variable Remuneration Deferral and Clawback For the design, implementation and oversight of deferral and clawback of variable remuneration arrangements, there are a number of new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating +7/87.50 rprox (except as noted): APRA Deferral • [511Defer&ClawDeferVestingVarRem] (+)  – Banks  – 511Defer&Claw  – Deferral and Clawback of Variable Remuneration  – Deferral of Vesting of ­Variable Remuneration  – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511),49 including: –– for a CEO – defer at least 60% of Total Variable Remuneration for 6 years with vesting of this 60% only after 4 years on pro-rata basis; –– for a Senior Manager and Executive Director (not CEO) – defer at least 40% of Total Variable Remuneration for 5 years with vesting of this 40% only after 4 years on pro-rata basis; and –– for a highly-paid material risk-taker who is not a senior manager – defer at least 40% of Total Variable Remuneration for 4 years with vesting of this 40% only after 2 years on pro-rata basis;50 • [511Defer&ClawDeferralPeriodRequirements] (+)  – Banks  – 511Defer&Claw – Deferral and Clawback of Variable Remuneration – Deferral Period Requirements – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511),51 including: –– “the deferral period must include the period over which performance is assessed, only where the measures of performance are forward-looking”; and –– “the deferral period must also include any required: • service, • retention and • holding periods”;52 • [511Defer&ClawDeferVarRemunMin$50K] (+) – Banks – 511Defer&Claw – Deferral and Clawback of Variable Remuneration – Minimum Remuneration for Deferral Requirements to Apply is AUD $50,000 per Financial Year  –

 Ibid, section 51, pp 14–15.  Ibid, sections 51(a) – (c), p15. 51  Ibid, section 52, p 15. 52  Ibid. 49 50

21.7  APRA Variable Remuneration Deferral and Clawback

725

Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511);53 APRA Clawback • [511Defer&ClawSnrManExecDir&MRTClawback54] (+)  – Banks  – 511Defer&Claw – Deferral and Clawback of Variable Remuneration – Clawback Required for Variable Remuneration for Senior Managers, Executive Directors and Highly Paid Material Risk-Takers in Circumstances of Para 55 – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511)54 including the features: –– “a period of at least two years from the date of payment or vesting of variable remuneration within which clawback may apply”; and –– “the application of clawback whether or not the employment or engagement of the person has ceased”.55 • [511Defer&ClawCriteriaForClawback55] (+)  – Banks  – 511Defer&Claw  – Deferral and Clawback of Variable Remuneration – Criteria for Application of Clawback  – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511),56 including: –– “misconduct leading to material adverse outcomes”; –– “a material failure of financial or non-financial risk management”; –– “a material failure or breach of accountability, fitness and propriety, or compliance obligations”; –– “a material error or a material misstatement of criteria on which the variable remuneration determination was based”; and –– “material adverse outcomes for customers, beneficiaries or counterparties”.57 • [511Defer&ClawReasStepsToApplyClawback56] (+)  – Banks  – 511Defer&Claw  – Deferral and Clawback of Variable Remuneration  – Entity Must Take Reasonable Steps to Appropriately Apply Clawback at Minimum for Criteria in Para 55 – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511),58 including: –– “in circumstances involving a person under investigation for criteria specified in paragraph 55, variable remuneration must not vest until the investigation is closed.”59

 Ibid, section 53, p 15.  Ibid, section 54, p 15. 55  Ibid, sections 54(a) – (b), p 15. 56  Ibid, section 55, p 15. 57  Ibid, sections 55(a) – (e), p 15. 58  Ibid, section 56, pp 15–16. 59  Ibid. 53 54

726

21  APRA Revised Draft Prudential Standard CPS 511 Remuneration

21.8 APRA Remuneration Policy APRA’s standard for remuneration policy appears in APRA’s Prudential Standard CPS 510 Governance of July 201960 – not CPS 511. For the design, implementation and oversight of remuneration policy, there are a number of new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of +7/87.50 rprox (except as noted): • [510RemPolDocRemPolObjectStruct] (+)  – Banks  – 510RemPol  – Remuneration Policy – Must Maintain Documented Remuneration Policy with Remuneration Objectives and Structure – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 510),61 including: –– performance-based components of remuneration; • [510RemPolBrdApproval] (+) – Banks – 510RemPol – Remuneration Policy – Board Must Approve Remuneration Policy  – Enhancement of Level of Risk-­ Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 510);62 • [510RemPolTypesRemunArrangements] (+)  – Banks  – 510RemPol  – Remuneration Policy – Types of Remuneration Arrangements Captured by CPS 510 – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 510),63 including: –– “measures of performance”; –– “the mix of forms of remuneration (such as fixed and variable components, and cash and equity-related benefits)”; –– “the timing of eligibility to receive payments”; and –– “all forms of remuneration are captured by this Prudential Standard [CPS 510], regardless of where, or from whom, the remuneration is sourced”;64 • [510RemPolRemPerformcObjectsLTSound&RMF] (+)  – Banks  – 510RemPol  – Remuneration Policy  – Objectives of Remuneration Policy’s Performance-­based Remuneration  – Enhancement of Level of Risk-Taking in

 Australian Prudential Regulation Authority, Prudential Standard CPS 510 Governance, July 2019, accessed 22 September 2019, available at: https://www.legislation.gov.au/Details/ F2019L00662/Download (‘CPS 510’). 61  Ibid, section 51, p 13. 62  Ibid, section 52, p 13. 63  Ibid, section 53, p 13. 64  Ibid. 60

21.8  APRA Remuneration Policy

727

Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 510),65 including: –– “the institution’s long-term financial soundness”; and –– “the risk management framework [RMF] of the institution”.66 • [510RemPolPerformcAlignRisk&Adjustments] (+) – Banks – 510RemPol – Remuneration Policy  – Performance-based Remuneration Must Align Prudent Risk-taking and Adjustments  – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 510),67 including: –– “the outcomes of business activities”; –– “the risks related to the business activities taking account, where relevant, of the cost of the associated capital”; and –– “the time necessary for the outcomes of those business activities to be reliably measured”;68 • [510RemPolBrdAdjustPerformcRemunDownZero] (+)  – Banks  – 510RemPol – Remuneration Policy – Board to Make Adjustments to Performancebased Remuneration Downwards to Zero if Appropriate – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 510),69 necessary to: –– “protect the financial soundness of the institution”; or –– “respond to significant unexpected or unintended consequences that were not foreseen by the institution’s Board Remuneration Committee…”;70 • [510RemPolMinPersonsCoveredByPolicy] (+)  – Banks  – 510RemPol  – Remuneration Policy – Minimum Persons Covered by the Remuneration Policy – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/ rating +7/87.50 rprox (APRA CPS 510),71 including: –– “each responsible person, as that term is defined in Prudential Standard CPS 520 Fit and Proper (CPS 52072), excluding: • non-executive directors; • auditors”;  Ibid, section 54, p 13.  Ibid. 67  Ibid, section 55, p 13. 68  Ibid, sections 55(a)–(c), p 13. 69  Ibid, section 56, p 14. 70  Ibid, sections 56(a) and (b), p 14. 71  Ibid, section 57, p 14. 72  Australian Prudential Regulation Authority, Prudential Standard CPS 520 Fit and Proper, July 2019, accessed 1 October 2019, available at: https://www.legislation.gov.au/Details/F2018L01390/ Download (‘CPS 520’). 65 66

728

21  APRA Revised Draft Prudential Standard CPS 511 Remuneration

–– “persons whose primary role is risk management, compliance, internal audit, financial control or actuarial control (collectively ‘risk and financial control personnel’)”; and –– “all other persons for whom a significant portion of total remuneration is based on performance and whose activities, individually or collectively, may affect the financial soundness of the institution”;73 • [510RemPolCoverServiceContractsNon-related] (+) – Banks – 510RemPol – Remuneration Policy – Remuneration Policy to Cover Service Contracts of Non-­ related Body Corporate of Institution – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 510):74 –– including service contracts if: • “the primary role of the body is to provide risk management, compliance, internal audit, financial control or actuarial control services to the institution”;75 or • “the services provided by the body, either individually or collectively with like services provided by other bodies, may affect the financial soundness of the institution and, under the services contract with the APRA-regulated institution, a significant portion of the total payment to the body is based on performance”;76 –– excluding service contracts if: • “the institution’s risk management framework explicitly addresses the structure of payments to bodies of the relevant kind and the risk that payment incentives can give rise to inappropriate behaviour”;77 and • “oversight of this risk has been delegated to a Board Committee of the APRA-regulated institution, the senior officer outside Australia or the Compliance Committee, as relevant”;78 • [510RemPolAPRADetermineCoverIndivClass] (+) – Banks – 510RemPol – Remuneration Policy – APRA May Determine an Individual or Class of Person to be Covered by the Remuneration Policy  – Enhancement of Level of Risk-­ Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 510);79

 CPS 510, above n 94, sections 57(a)–(c), p 14.  Ibid, section 58, p 15. 75  Ibid, section 58(a), p 15. 76  Ibid, section 58(b), p 15. 77  Ibid, section 58(c), p 15. 78  Ibid, section 58(d), p 15. 79  Ibid, section 59, p 15. 73 74

21.9  APRA Other Requirements of CPS 511

729

• [510RemPolProhibitFit&ProperEquityHedging] (+) – Banks – 510RemPol – Remuneration Policy  – Remuneration Policy Must Prohibit Fit and Proper Persons under CPS 520 Who Receive Equity from Hedging Exposure  – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 510),80 including: –– specify actions for breach of this variable; • [510RemPolRisk&FinControlPersonsIndep] (+)  – Banks  – 510RemPol  – Remuneration Policy  – Remuneration Policy Must Ensure that Remuneration and Performance-based Components of Risk and Financial Control Personnel Do Not Compromise Independence – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 510);81 • [510RemPolBrdApprovedGroupRemPol] (+)  – Banks  – 510RemPol  – Remuneration Policy  – Institution May Adopt Group Remuneration Policy Approved by the Board – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 510);82 • [510RemPolRemunPolicyRMF] (+)  – Banks  – 510RemPol  – Remuneration Policy – Remuneration Policy to Form Part of Institution’s RMF – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 510);83 and • [510RemPolRemunPolicyProvideAPRA] (+)  – Banks  – 510RemPol  – Remuneration Policy  – Remuneration Policy to be Provided to APRA on Request – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 510).84

21.9 APRA Other Requirements of CPS 511 For the design, implementation and oversight of other requirements under CPS 51185, there are a number of new governance variables, each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating +7/87.50 rprox (except as noted):  Ibid, section 60, p 15.  Ibid, section 61, p 15. 82  Ibid, section 62, p 15. 83  Ibid, section 63, p 16. 84  Ibid, section 63, p 16. 85  CPS 511, above n 1. 80 81

730

21  APRA Revised Draft Prudential Standard CPS 511 Remuneration

Entity Which is Part of Group, or Corporate Group (Private Health Insurers), Can Use Group Compensation/Remuneration Committee • [511OtherReqEntityInGroupUseGroupCC&RemPolConds] (+)  – Banks  – 511OtherReq – Other Requirements of CPS 511 – Conditions for Entity which is Part of a Group, or Corporate Group in the Case of Private Health Insurer, to use Group Compensation/Remuneration Committee and Group Remuneration Policy – Enhancement of Level of Risk-Taking in Alignment with Shareholders – coverage/rating +7/87.50 rprox (APRA CPS 511)86 provided that: –– to use a group Compensation/Remuneration Committee: • “the requirements set out in this [CPS 511] are met”; • “all members of the group [Compensation/Remuneration] Committee are non-executive directors of the Head of the group in the context of an ADI, general insurer or life company”: –– “in the case of a private health insurer, all members of the group [Compensation/Remuneration] Committee must also be non-executive directors of the Head of the corporate group”; and • “the Board of the entity has free and unfettered access to the group [Compensation/Remuneration] Committee”;87 and –– to adopt and apply a group remuneration policy if it: • “meets the requirements of this [CPS 511]”; • “has been approved by the Board or relevant oversight function”; and • “gives appropriate regard to the entity’s business activities, its specific requirements and its remuneration framework”;88 • [511OtherReqAlternativeCCArrangeConds] (+)  – Banks  – 511OtherReq  – Other Requirements of CPS 511 – Conditions for Entity to Apply to APRA for Approval of Alternative Compensation/Remuneration Committee Arrangements that Meet Objectives of CPS 511  – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511)89 including: –– “APRA may approve alternative arrangements for the entity if satisfied that those arrangements will, in APRA’s opinion, achieve the objectives of this [CPS 511]”;90

 Ibid, section 57, p 16.  Ibid, sections 57(a)(i) – (iii), p 16. 88  Ibid, sections 57(b)(i) – (iii), p 16. 89  Ibid, section 58, p 16. 90  Ibid. 86 87

21.9  APRA Other Requirements of CPS 511

731

• [511OtherReqNoMethodsUndermineCPS511&59] (+)  – Banks  – 511OtherReq – Other Requirements of CPS 511 – Entity Not to Pay Remuneration Through Vehicles/Methods That Undermine CPS 511 – Enhancement of Level of Risk-Taking in Alignment with Shareholders  – coverage/rating +7/87.50 rprox (APRA CPS 511)91 including: –– Entity/other person cannot indemnify or insure a relevant person against consequence of: • breaching an obligation under CPS 511; or • applying in-period adjustment, malus or clawback under CPS 511;92 and –– Entity must prevent “hedging by any person in a specified role who receives equity or equity-linked deferred variable remuneration, of their economic exposure to the resultant equity price risk” including:93 • Entity must have a prohibition on hedging in its remuneration policy, contractual or other documentation and define and document the process and actions for breach of prohibition;94 –– but para 59 does not apply to a liability for legal costs.95

 Ibid, section 59, pp 16–17.  Ibid, sections 59(a)(i) – (ii), pp 16–17. 93  Ibid, section 59(b), p 17. 94  Ibid. 95  Ibid, section 69, p 17. 91 92

Part V

Governance of Banks in the GFC and Beyond Key Field No. 5 (Part 5): Boards and Committees, Independence, Expertise and Bank and Risk Culture

Chapter 22

Governance of Banks in the GFC and Beyond Key Field No. 5 (Part 5): Boards and Committees, Independence, Expertise and Bank and Risk Culture Abstract  Part 5 of the Key Code and Advanced Handbook begins with this Chap. 22 and explains the approach to boards, committees, independence, expertise and bank and risk culture from the GFC to the Australian Banking Royal Commission Inquiry into banking misconduct. This begins with a summary of the responsibilities of the Board, the ASX board charter for listed entities and ASX appointment of directors. We then move to APRA-regulated institutions, the Head of a group, the use of group policies and functions to be approved and the ‘duty of care’, ‘duty of loyalty’ and oversight of management specifically for risk. Chapter 22 concludes with a review of the [BrdIndMon] (+) variable from Stage 1 – Board Independent: Executive Director Proportion – Monitoring Effect. Keywords  Boards and committees · Independence · Expertise · Bank and risk culture · Summary of responsibilities of the board · ASX board charter · ASX appointment of directors · Group policies · Review of [BrdIndMon] (+) variable

22.1 Approach to Boards, Committees, Independence, Expertise and Bank and Risk Culture from the GFC to the Australian Banking Royal Commission Inquiry into Banking Misconduct We again begin with a familiar theme from Stage 11 – the responsibilities of the board. But this time the responsibilities are geared to banking and financial firms – a summary of the responsibilities of the board as pronounced by the Basel Committee on Banking Supervision (BCBS). 1  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’).

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_22

735

736

22  Governance of Banks in the GFC and Beyond Key Field No. 5 (Part 5): Boards…

A large number of banking-specific variables in this Part 5 go to enhancing risk management and monitoring – i.e., Risk Management, Monitoring & Audit Factor No 5. As a large number of new variables pertain to non-executive directors (or ‘NEDs’), the ‘independence’ ingredient of NEDs is used as a building block for these variables. Thus, in Sect. 22.3, there is a brief review of the [BrdIndMon] (+) variable from Stage 1  – Board Independent: Executive Director Proportion  – Monitoring Effect  – coverage/rating +7/87.50 rprox  – in section 7.3.2.1.2 of Stage 1.2 The examination proper identifies in overview the governance failings of boards of directors in Sect. 23.1 of Chap. 23. An important element is the ‘challenge’ step in major risk and strategic issues. There follows an examination of board size, composition and qualification of directors including task ‘overload’ and new governance variables for non-executive director induction, training, development programs and ‘dedicated support’ for financial industry awareness. An examination of the functioning of the board, monitoring and evaluation of performance ushers in new variables for challenging and testing strategy and risks by NEDs. Chapter 24 examines the functioning of the board and monitoring and evaluation of performance. In Chap. 25, a number of governmental and market participant reports examine board diversity, including gender diversity, which give rise to a number of variables with ‘interim’ status pending the future completion of research in a future Board Diversity Key Field. Commencing in Chap. 26, there is a detailed examination of independence, competence and the ‘fit and proper person’ tests of supervisory regulators and authorities. Independence may be associated with less bank-specific knowledge. Thus, a number of negative direction (−) variables are introduced to reflect these deficiencies. There follows a number of variables reflecting the OECD’s recommendations for independence, bank-specific skills, competence and professional qualities. Chapter 27 commences an examination of failures in risk modelling and rating securitised products, both significant themes for the relational approach examination of the GFC.  Section 27.3 examines leverage and off-balance-sheet entities including aspects of ‘hidden leverage’. Chapter 28 introduces the examination of ownership, governance structure and government ‘bailout’. This includes the (high) level of leverage, bank size, independence and institutional ownership.

For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 2  See discussion in section 7.3.2–7.3.2.1.2 of Stage 1, ibid, pp 206–211.

22.1  Approach to Boards, Committees, Independence, Expertise and Bank and Risk…

737

The composition and role of the board is examined in Chap. 29 including enhancing challenge, debate and testing and an examination of board culture and ‘tone at the top’ with related governance variables. New governance variables are also introduced for codes of conduct, ethics, conflicts of interest and the FSB Framework for Assessing Risk Culture.3 Chapter 30 examines the NAB Self-Assessment 20184 and the Westpac Review Team 20185 on governance, accountability and culture. Chapter 31 continues on to the NAB and Westpac recommendations and commentary on culture. Chapter 32 examines the APRA Information Paper 20196 on culture. Chapter 33 examines financial and bank-specific expertise or a lack thereof leading to inadequate risk management and internal controls. There is a determination of the ‘mix’ or ‘balance’ of financial and non-financial industry knowledge for effective challenge as a precursor to revisit the development, training and support of NEDs introduced earlier, NED mentoring and  – not previously examined in the relational approach – the ‘senior independent director’. The GFC for banks has also focused attention on the role, responsibilities and time commitment of the Chairperson which is undertaken in Chap. 34 including the conditions and criteria for an effective Chairperson. We return to the size and composition of the board in Chap. 35 to examine the proportion of executive and non-executive directors on the board and evaluation/ review of the board and committees. The board committees themselves are examined in Chap. 36. Chapter 37 examines the complexity of bank structures and off-balance-sheet entities and how these can affect the quality of decision-making by NEDs. Section 37.7 concludes the discussion in Part 5 with an examination of bank disclosure and transparency and structured products.

 Financial Stability Board, Guidance on Supervisory Interaction with Financial Institutions on Risk Culture, A Framework for Assessing Risk Culture of 7 April 2014, accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/140407.pdf (‘FSBCult’). 4  National Australia Bank, NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/content/dam/ nabrwd/documents/reports/corporate/nab-self-assessment-2018.pdf (‘NAB Self-­ Assessment 2018’). 5  Westpac Banking Corporation, Review Team, Governance, Accountability and Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-Assessment_Report_.pdf (‘Westpac Review Team 2018’). 6  Australian Prudential Regulation Authority (APRA), Information Paper, Self-Assessments of Governance, Accountability and Culture, 22 May 2019, accessed 5 June 2019, available at https:// www.apra.gov.au/sites/default/files/information_paper_self-­assessment_of_governance_accountability_and_culture.pdf, (APRA Information Paper 2019’). 3

738

22  Governance of Banks in the GFC and Beyond Key Field No. 5 (Part 5): Boards…

22.2 Summary of Responsibilities of the Board ASX Board Charter for Listed Entities The ASX Corporate Governance Council’s Fourth Edition of the Corporate Governance Principles and Recommendations of February 20197 set out the requirements for the board’s charter and responsibilities in Recommendation 1.1: A listed entity should have and disclose a board charter setting out: (a) the respective roles and responsibilities of its board and management; and (b) those matters expressly reserved to the board and those delegated to management.8

Except where noted, the relational approach for Australian banks here will be to craft a number of governance variables for the roles and responsibilities of the board, enhancement in board effectiveness, risk management and internal monitoring and (reflexive) enhancement in the quality of decision-making based on the relational effect path of [BrdSkills] (+)9 variable in the same positive (+) direction giving rise to a coverage/rating of +7/87.50 rprox. Thus, like the [BrdSkills] (+) variable and in the same positive (+) direction, these board role and responsibility, effectiveness, risk management and internal monitoring variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 110). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the operational, risk management or risk-taking decisions of bank directors, the CEO, executives or lower-level managers. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of +7/87.50 rprox for the following operational, risk management and monitoring variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2) above: • [2019ASXBrdChartRoles&Resps] (+)  – 2019ASXBrd  – Board  – Charter of Board Roles and Responsibilities – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-­making – coverage/rating +7/87.50 rprox (2019ASX); and

 Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition, February 2019, accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-principles-and-recommendationsfourth-­edn.pdf (‘2019ASX’). 8  Ibid, Rec 1.1, p 6. 9  See discussion in section 7.3.1.2.1 of Stage 1, above n 1, pp 198–199. 10  See discussion in section 2.6.2 of Stage 1, above n 1, pp 41–43. 7

22.2  Summary of Responsibilities of the Board

739

• [2019ASXBrdChartReserve&Delegate] (+) – 2019ASXBrd – Board – Charter of Matters Reserved to Board and Delegated to Management – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating +7/87.50 rprox (2019ASX). For the content of these variables, the ASX commentary is that board charters should contain responsibilities including: • demonstrating leadership; • defining the entity’s purpose and setting its strategic objectives; • approving the entity’s statement of values and code of conduct to underpin the desired culture within the entity; • appointing the chair and, if the entity has one, the deputy chair and/or the “senior independent director”; • appointing and replacing the CEO; • approving the appointment and replacement of other senior executives and the company secretary; • overseeing management in its implementation of the entity’s strategic objectives, instilling of the entity’s values and performance generally; • approving operating budgets and major capital expenditure; • overseeing the integrity of the entity’s accounting and corporate reporting systems, including the external audit; • overseeing the entity’s process for making timely and balanced disclosure of all material information concerning the entity that a reasonable person would expect to have a material effect on the price or value of the entity’s securities; • satisfying itself that the entity has in place an appropriate risk management framework (for both financial and non- financial risks) and setting the risk appetite within which the board expects management to operate; • satisfying itself that an appropriate framework exists for relevant information to be reported by management to the board; • whenever required, challenging management and holding it to account; • satisfying itself that the entity’s remuneration policies are aligned with the entity’s purpose, values, strategic objectives and risk appetite; and • monitoring the effectiveness of the entity’s governance practices.11

Based on the relational effect path of the [BrdSkills] (+)12 variable in the same positive (+) direction giving rise to a coverage/rating of +7/87.50 rprox are the following charter requirements suggested by the ASX commentary: • [2019ASXBrdChartDeputyChair] (+)  – 2019ASXBrd  – Board  – Charter to Contain Roles and Responsibilities of Deputy Chair13 – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating +7/87.50 rprox (2019ASX);

 2019ASX, above n 7, p 6.  See discussion in section 7.3.1.2.1 of Stage 1, above n 1, pp 198–199. 13  2019ASX, above n 7, p 7. 11 12

740

22  Governance of Banks in the GFC and Beyond Key Field No. 5 (Part 5): Boards…

• [2019ASXBrdChartSID] (+)  – 2019ASXBrd  – Board  – Charter to Contain Roles and Responsibilities of Senior Independent Director14 – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating +7/87.50 rprox (2019ASX); and • [2019ASXBrdChartIndepAdvice] (+)  – 2019ASXBrd  – Board  – Charter to Contain Policy for Directors to Obtain Independent Advice at Expense of Entity15  – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating +7/87.50 rprox (2019ASX); ASX Appointment of Directors Based on the relational effect path of the [BrdSkills] (+) variable in the same positive (+) direction giving rise to a coverage/rating of +7/87.50 rprox are the following director appointment requirements suggested by the ASX Recommendations 1.2 and 1.3: • [2019ASXBrdAppointChecks] (+)  – 2019ASXBrd  – Board  – Entity to Undertake Appropriate Checks Before Appointing Director16 – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating +7/87.50 rprox (2019ASX); • [2019ASXBrdElectInfo] (+)  – 2019ASXBrd  – Board  – Entity to Provide Security Holders with All Information to Elect or Re-elect Directors17  – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating +7/87.50 rprox (2019ASX); • [2019ASXBrdContractTermsDir&Exec] (+)  – 2019ASXBrd  – Board  – Written Agreements with Directors and Senior Executives with Terms of Appointment18 – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating +7/87.50 rprox (2019ASX) including: –– letter of appointment for NEDs; and –– service contract for executive directors and senior executives;

 Ibid.  Ibid. 16  Ibid, Rec 1.2(a). 17  Ibid, Rec 1.2(b). 18  Ibid, Rec 1.3. 14 15

22.2  Summary of Responsibilities of the Board

741

–– for agreements with NEDs:19 • • • • • • •

disclosure of interests; compliance with key corporate policies; seeking board approval before accepting new role; policy when NEDs can seek independent advice at expense of Entity; indemnity and insurance arrangements; access to corporate information; and confidentiality obligations;

• [2019ASXBrdSecAccountToChair] (+)  – 2019ASXBrd  – Board  – Secretary Directly Accountable to Board Through Chairperson20 – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating +7/87.50 rprox (2019ASX). APRA-Regulated Institutions APRA’s Prudential Standard CPS 510 Governance of July 201921 “sets out the minimum requirements that an APRA-regulated institution and the Head of a group must meet in the interests of promoting strong and effective governance.”22 Head of a Group There are also additional requirements on the “Head of a group”.23 Except where noted, the relational approach for Australian banks here will be to craft a number of governance variables for the enhancement in board effectiveness, risk management and internal monitoring and (reflexive) enhancement in the quality of decision-making based on the relational effect path of the [BrdSkills] (+)24 variable in the same positive (+) direction giving rise to a coverage/rating of +7/87.50 rprox. Thus, like the [BrdSkills] (+) variable and in the same positive (+) direction, these board effectiveness, risk management and internal monitoring variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 125). Similarly to the [BrdSkills] (+) variable,  Ibid, Commentary to Rec 1.3, p 8.  Ibid, Rec 1.4. 21  Australian Prudential Regulation Authority, Prudential Standard CPS 510 Governance, July 2019, accessed 22 September 2019, available at: https://www.legislation.gov.au/Details/ F2019L00662/Download (‘CPS 510’). In addition to finalisation of APRA’s Draft Prudential Standard 511 Remuneration, APRA has announced that it intends to consult on revised versions of Prudential Standard CPS 510 Governance, Prudential Standard CPS 220 Risk Management and Prudential Standard 520 Fit and Proper in the second half of 2020 with expected effective dates of 2022. See Australian Prudential Regulation Authority, Information Paper, APRA’s Policy Priorities, section 2.1.1 Governance and risk management, section 2.1.3 Accountability and Attachment B: Timelines. 22  CPS 510, ibid, section 10, p 7. 23  Ibid, sections 11–15, pp 7 – 8. 24  See discussion in section 7.3.1.2.1 of Stage 1, above n 1, pp 198–199. 25  See discussion in section 2.6.2 of Stage 1, above n 1, pp 41–43. 19 20

742

22  Governance of Banks in the GFC and Beyond Key Field No. 5 (Part 5): Boards…

compliance with corporate governance and legal requirements on the bank  – an obligation which remains constant by force of law – is not affected by the operational, risk management or risk-taking decisions of bank directors, the CEO, executives or lower-level managers. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of +7/87.50 rprox for the following operational, risk management and monitoring variables in the Bank Combined Coverage and Relational Proximity Table (Table10.2) above: • [510HeadGovArrangements] (+) – Banks – CPS 510Head – Head of Group – Maintenance of Governance Arrangements for the Group  – Enhancement in Quality of Group Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating +7/87.50 rprox (APRA CPS 510);26 • [510HeadBrdGrpRequirements] (+)  – Banks  – CPS 510Head  – Head of Group  – Maintenance of Group Policies, Functions and Committees  – ­Enhancement in Quality of Group Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating +7/87.50 rprox (APRA CPS 510), including: –– –– –– –– ––

board-approved group remuneration policy;27 group internal audit function;28 group Board Compensation/Remuneration Committee;29 group Board Audit Committee;30 and Board Risk Committee (BRC) to provide objective non-executive oversight of the group Risk Management Framework (RMF);31

• [510HeadBrdGrpDirSnrManSkills] (+)  – Banks  – CPS 510Head  – Head of Group – Ensuring Directors and Senior Management have Full Range of Skills – Enhancement in Quality of Group Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating +7/87.50 rprox (APRA CPS 510): –– “The Board of a Head of a group must ensure that directors and senior management of the group, collectively, have the full range of skills needed for the effective oversight and prudent management, respectively, of the group.”32 Use of Group Policies and Functions to be Approved • [510HeadGrpPolicies&FnsBrdApproved] (+)  – Banks  – CPS 510Head  – Board of APRA-regulated Institution to Approve Use of Group Policies and  CPS 510, above n 21, section 11, p 7.  Ibid, section 12(a), p 7. 28  Ibid, section 12(b), p 7. 29  Ibid, section 13(a), p 7. 30  Ibid, section 13(b), p 7. 31  Ibid, section 13(c), p 7. 32  Ibid, section 14, pp 7–8. 26 27

22.2  Summary of Responsibilities of the Board

743

Functions – Enhancement in Quality of Group Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating +7/87.50 rprox (APRA CPS 510),33 including: –– “must ensure that these policies and functions give appropriate regard to the APRA-regulated institution’s business and its specific requirements”.34 The ‘Duty of Care’, ‘Duty of Loyalty’ and Oversight of Management Specifically for Risk The Basel Committee on Banking Supervision (BCBS) in its July 2015 Guidelines requires that the board perform their “duty of care” and “duty of loyalty to the bank under applicable national laws and supervisory standards”.35 This requires bank boards to: • actively engage in the affairs of the bank and keep up with material changes in the bank’s business and the external environment as well as act in a timely manner to protect the long-term interests of the bank; • oversee the development of and approve the bank’s business objectives and strategy and monitor their implementation; • play a lead role in establishing the bank’s corporate culture and values; • oversee [and be satisfied with] implementation of the bank’s governance framework and periodically review that it remains appropriate in the light of material changes to the bank’s size, complexity, geographical footprint, business strategy, markets and regulatory requirements; • Establish, along with senior management and the CRO, the bank’s risk appetite, taking into account the competitive and regulatory landscape and the bank’s long-term interests, risk exposure and ability to manage risk effectively; • oversee the bank’s adherence to the RAS [risk appetite statement], risk policy and risk limits; • approve the approach and oversee the implementation of key policies pertaining to the bank’s capital adequacy assessment process, capital and liquidity plans, compliance policies and obligations, and the internal control system; • require that the bank maintain a robust finance function responsible for accounting and financial data; • approve the annual financial statements and require a periodic independent review of critical areas; • approve the selection and oversee the performance of the CEO, key members of senior management and heads of the control functions; • oversee the bank’s approach to compensation, including monitoring and reviewing executive compensation and assessing whether it is aligned with the bank’s risk culture and risk appetite; and • oversee the integrity, independence and effectiveness of the bank’s policies and procedures for whistleblowing.36

 Ibid, section 42, p 11.  Ibid. 35   Bank for International Settlements, Basel Committee on Banking Supervision (BCBS), Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (“BCBS Guidelines 2015”), Para 25, p 8. 36  Ibid, Para 26, pp 8–9. 33 34

744

22  Governance of Banks in the GFC and Beyond Key Field No. 5 (Part 5): Boards…

The board’s oversight of senior management is explained further by the BCBS which expresses the oversight function specifically for banks to: • monitor that senior management’s actions are consistent with the strategy and policies approved by the board, including the risk appetite; • meet regularly with senior management; • question and critically review explanations and information provided by senior management; • set appropriate performance and remuneration standards for senior management consistent with the long-term strategic objectives and the financial soundness of the bank; • assess whether senior management’s collective knowledge and expertise remain appropriate given the nature of the business and the bank’s risk profile; and • be actively engaged in succession plans for the CEO and other key positions, as appropriate, and ensure that appropriate succession plans are in place for senior management positions.37

Thus the BCBS emphasizes a number of monitoring/oversight functions by reference to risk principles which are examined in this Stage 2 for Australian major banks. In this respect, a number of bank-specific functions are specifically examined by reference to a number of governmental and market participant reports which are emphasized in the analysis in this Stage 2 including: • the board’s responsibilities in relation to executive compensation and incentives, including long-term objectives and soundness/sustainability of the bank, was examined in Part 4; • the time commitment of non-executive directors (NEDs) is examined in Sect. 23.5; • the review, testing and challenge of business objectives and strategy – by non-­ executive directors – is examined in Sects. 24.1, 24.2, 29.1 and 33.3 below; • independence, competence and ‘fit and proper person’ tests are examined in section Chap. 26 including the OECD findings on independence and competence in Sect. 26.3 and the governance variables arising therefrom in Sects. 26.3, 26.4 and 26.5; • establishment of the bank’s and board’s corporate and risk culture, values, code of conduct/ethics and conflicts policy are examined in Sect. 29.2 below; • an evaluation statement of the skills and experience of the board is examined in Sect. 35.4 below; • establishment with senior management and the CRO of the bank’s risk appetite is discussed in Part 6; • monitoring and oversight by reference to the risk appetite (and risk appetite statement (RAS), risk policy and risk limits) and capacity to manage risk are discussed in Part 6; and • oversight of the internal control system is discussed in Part 6.

37

 Ibid, Para 46, p 12 (emphasis added).

22.3  Review of the [BrdIndMon] (+) Variable from Stage 1 – Board Independent…

745

The review by the relational approach of board functions for Australian major banks commences in the next section with the monitoring function of non-executive directors for banks and non-banks alike from Stage 1.

22.3 Review of the [BrdIndMon] (+) Variable from Stage 1 – Board Independent: Executive Director Proportion – Monitoring Effect As noted in the introduction in Sect. 22.1, a significant number of banking-specific variables in this Part 5 go to enhancing risk management and monitoring – i.e., Risk Management, Monitoring & Audit Factor No 5. As a large number of new variables pertain to non-executive directors (or ‘NEDs’), the ‘independence’ ingredient of NEDs is used as a building block for these variables. Thus, here in Sect. 22.3, there is a brief review of the [BrdIndMon] (+) variable from Stage 1 – Board Independent: Executive Director Proportion  – Monitoring Effect  – coverage/rating +7/87.50 rprox – in section 7.3.2.1.2 of Stage 1.38 The summary of the responsibilities of the board above is underlined by the board’s monitoring, review and oversight functions. In this Sect. 22.3, the relational approach reviews the [BrdIndMon] (+) variable – Board Independent: Executive Director Proportion – Monitoring Effect. In section 7.3.2.1.2 of Stage 1, the relational approach sets out the relational effect path for the [BrdIndMon] (+) variable. This variable displays an enhancement of the monitoring and oversight function on account of the presence of the ‘independence’ ingredient of independent directors: The behaviour of the [BrdIndMon] (+) variable is identical to the [BrdSkills] (+) variable [section 7.3.1.2.1]. In this case, however, the effect of this governance variable is predicted to be significant on Reporting Factor No 1, [Risk Management,] Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of the substantial guidance in governance codes in Chapter 6 relating to director independence. Director independence was found in that chapter to be a core variable/feature of global/ cross-border and national governance codes [section 6.8.1]. Thus, like the [BrdSkills] (+) variable, the [BrdIndMon] (+) variable affects all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 [of Stage 1] above). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the company – an obligation which remains constant by force of law  – is not affected by the independence element of the board. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/ rating of +7/87.50 rprox in the Coverage Table (Table 3.1) and the Relational Proximity Table (Table 3.2).39

Thus, the approach of some of this Part 5 will be to model monitoring, review and oversight variables on the [BrdIndMon] (+) variable, coverage/rating +7/87.50

38 39

 See discussion in section 7.3.2–7.3.2.1.2 of Stage 1, above n 1, pp 206–211.  See discussion in section 7.3.2.1.2 of Stage 1, above n 1, p 211.

746

22  Governance of Banks in the GFC and Beyond Key Field No. 5 (Part 5): Boards…

rprox. Thus a number of variables – through the same governance factors numbers 1, 5, 7 and 8 – will be hypothesized to enhance the monitoring, review and oversight functions. Thus, the relational effect paths of these variables are hypothesized to be identical to the [BrdIndMon] (+) variable giving rise to a coverage/rating for these variables of +7/87.50  in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

Chapter 23

Board Characteristics for Australian Major Banks

Abstract  Chapter 23 examines the board characteristics for Australian major banks including board and senior management requirements. This begins with an overview of the governance failings of boards of directors including board of director, executive and management turnover, governance variable failings, the ‘challenge’ step in major risk and strategic issues, the board’s role in risk management and board diversity. For board size, composition and qualification, we look to Turnbull and Pirson and the Walker Review 2009 recommendations including a governance variable for board size and information and task ‘overload’  – the [BankBrdInfoTask] (+/−) variable. We then consider governance variables for non-executive director (NED) induction, training, development programs, ‘dedicated support’ and financial industry awareness and conclude with the time commitment of NEDs. Keywords  Board characteristics · Governance failings · Challenge step · Risk management · Board diversity · Board size · Board composition · Board qualification · Non-executive directors – NEDs · Governance variables for NEDs · Time commitment of NEDs

Governance arrangements for APRA-regulated institutions are provided for by APRA’s Prudential Standard CPS 510 Governance of July 2019.1

1  Australian Prudential Regulation Authority, Prudential Standard CPS 510 Governance, July 2019, accessed 22 September 2019, available at: https://www.legislation.gov.au/Details/F2019L00662/Download (‘CPS 510’), sections 16–22, p 8.

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_23

747

748

23  Board Characteristics for Australian Major Banks

Board and Senior Management Requirements Except where noted, the relational approach here will be to craft a number of governance variables for the enhancement in board effectiveness, risk management and internal monitoring and (reflexive) enhancement in the quality of decision-making based on the relational effect path of the [BrdSkills] (+)2 variable in the same positive (+) direction, giving rise to a coverage/rating of +7/87.50 rprox. Thus, like the [BrdSkills] (+) variable and in the same positive direction, these board effectiveness, risk management and internal monitoring variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 13). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank  – an obligation which remains constant by force of law – is not affected by the operational, risk management or risk-taking decisions of bank directors, the CEO, executives or lower-level managers. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of +7/87.50 rprox for the following operational, risk management and monitoring variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2) above: • [510BrdBoard&SnrManRequirements] (+) – Banks – CPS 510Brd – Board – Board and Senior Management Requirements – Enhancement in Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating + 7/87.50 rprox (APRA CPS 510) including: –– Board is ultimately responsible for oversight of the sound and prudent management of that institution;4 –– a formal charter that sets out the roles and responsibilities of the Board;5 –– Board may delegate authority to management to act on behalf of the Board with respect to certain matters: • “this delegation of authority must be clearly set out and documented”; • “the Board must have mechanisms in place for monitoring the exercise of delegated authority”; and

 Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in section 7.3.1.2.1 of Stage 1, pp 198–199. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 3  See discussion in section 2.6.2 of Stage 1, ibid., pp 41–43. 4  CPS 510, above n 1, section 16, p 8. 5  Ibid, section 17, p 8. 2

23.1  Overview – Governance Failings of Boards of Directors

749

• “the Board cannot abrogate its responsibility for oversight of the functions delegated to management”;6 –– “Board must ensure that directors and senior management of the institution collectively have the full range of skills…knowledge and experience to ­understand the risks of the institution, including its legal and prudential obligations, and to ensure that the institution is managed in an appropriate way taking into account these risks”;7 –– senior management must be ordinarily resident in Australia;8 –– must be available to meet with APRA on request;9 and –– Auditor and the Appointed Actuary have the opportunity to raise matters directly with the Board.10

23.1 Overview – Governance Failings of Boards of Directors Board of Director, Executive and Management Turnover For Cheffins, who examines companies removed from the S&P 500, most of these companies did not experience ‘out-of-the ordinary board turnover’11 nor did these boards exacerbate the effects of the crisis.12 Managerial turnover in these companies, including CEOs, operated as predicted in times of poor performance13 but at a much higher rate than normal for underperforming companies.14 Governance Variable Failings A wide variety of governance variable failings are identified in governmental and market participant reviews of the conduct of boards of directors in the GFC and beyond to the Australian Banking Royal Commission Inquiry into banking misconduct. This section of the analysis identifies some of the major failures to set the scene for the analysis throughout other sections of this Part 5. The overall impression is not merely the number of failings but also their wide-ranging nature. The Walker Review 2009 goes to the heart of the GFC for board characteristics highlighting on behalf of boards a failure to ‘challenge’ the executive on major risk

 Ibid, section 18, p 8.  Ibid, section 19, p 8. 8  Ibid, section 20, p 8. 9  Ibid, section 21, p 8. 10  Ibid, section 22, p 8. 11  Brian R Cheffins, “Did Corporate Governance ‘Fail’ During the 2008 Stock Market Meltdown? The Case of the S&P 500” ECGI - Law Working Paper No. 124/2009, (1 May 2009), accessed 13 June 2017 at SSRN: http://ssrn.com/abstract=1396126, 24. 12  Ibid. 13  Ibid, 27 (footnote omitted). 14  Ibid, 28. 6 7

750

23  Board Characteristics for Australian Major Banks

and strategic issues, an increased time commitment required from non-executive directors (NEDs) and greater financial experience and expertise: The essential “challenge” step in the sequence appears to have been missed in many board situations and needs to be unequivocally clearly recognised and embedded for the future. The most critical need is for an environment in which effective challenge of the executive is expected and achieved in the boardroom before decisions are taken on major risk and strategic issues. For this to be achieved will require close attention to board composition to ensure the right mix of both financial industry capability and critical perspective from high-­ level experience in other major business. It will also require a materially increased time commitment from the NED group on the board overall for which a combination of financial industry experience and independence of mind will be much more relevant than a combination of lesser experience and formal independence.15

The Review also called for boards to have a greater role in risk management: [B]oard-level engagement in risk oversight should be materially increased, with particular attention to the monitoring of risk and discussion leading to decisions on the entity’s risk appetite and tolerance.16

The EC, too, considered boards of banks and financial institutions failed to identify, understand and control risks:17 • members of boards of directors, in particular non-executive directors, devoted neither sufficient resources nor time to the fulfilment of their duties. Furthermore, several studies have clearly demonstrated that, faced with a chief executive officer who is omnipresent and in some cases authoritarian, non-executive directors felt unable to raise objections to, or even question, the proposed guidelines or conclusions due to a lack of technical expertise and/or confidence; • members of boards of directors did not come from sufficiently diverse backgrounds. The Commission, like several national authorities, notes a lack of diversity and balance in terms of gender, social, cultural and educational background; • boards of directors, in particular the chair[person], did not carry out a serious performance appraisal either of their individual members or of the board of directors as a whole; • boards of directors were unable or unwilling to ensure that the risk management framework and risk appetite of their financial institutions were appropriate; [and] • boards of directors proved unable to recognise the systemic nature of certain risks and thus to provide sufficient information upstream to their supervisory authorities. Furthermore, even where effective dialogue existed, corporate governance issues were rarely on the agenda.18

 David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), Executive summary and recommendations, p 12. 16  Ibid. 17  European Commission, Green Paper, Corporate Governance in Financial Institutions and Remuneration Policies, COM(2010) 284 final, Brussels, 2 June 2010, accessed 23 March 2017 at http://www.ecgi.org/commission/documents/green_paper_com2010_284_en.pdf (‘EC Green Paper 2010’), sect. 3.3, p 6. 18  Ibid, section 3.3, pp 6–7. 15

23.1  Overview – Governance Failings of Boards of Directors

751

For APRA, there were a number of findings in the operation of the board19 that reduce effectiveness: • The Board and its Committees exhibited a high level of trust and confidence in management driven by recent financial success and a collective belief that CBA is well-­ intentioned, conservative by nature and customer-centric. The Panel’s view is that these factors contributed to a level of complacency and a ‘dulling of the senses’ within the Board and its Committees to signals that might have otherwise alerted them to a deterioration in the risk profile, and a movement outside of the risk appetite of the Group. • CBA’s Board has historically deferred to the CEO for internal and external communications to ensure a single consistent voice in terms of strategy, priorities and values. For that reason, the Board did not have a highly visible presence, and the lack of apparent urgency by the Board and its Committees in dealing with non-financial risks may have imparted a tone of inaction to the rest of the organisation. This has likely deprioritised the importance of maintaining rigorous risk management practices in non-financial risks as compared to the pursuit of financial performance and other risk objectives.20

The following sections of this overview Sect. 23.1 identify and separate the major themes in this overview to direct the reader to the relevant analysis. ‘Challenge’ Step in Major Risk and Strategic Issues – Underlying Considerations Questions of the ‘challenge’ step in major risk and strategic issues directly raise considerations relevant to the oversight, monitoring and evaluation of the CEO, executives and management of the bank. As suggested by the Walker Review 2009, EC and APRA above, part of this issue lies in: • the size, composition and qualification of the board discussed in Sect. 23.2; • the functioning of the board and the monitoring and evaluation of performance of directors and the board as a whole in Chap. 24; • rigour and urgency by the board, gaps in reporting and metrics and over-reliance on key individuals which reduce board effectiveness are also examined in Chap. 24; • competence and banking/financial industry expertise reviewed in Chap. 26 and Sects. 26.3–26.5 affected the ability and confidence of NEDs to challenge ‘strong’ CEOs; • increased time commitment from NEDs examined in Sects. 23.2 and 23.5; and • governance variables examining the time, qualifications, role and election of the chairperson examined in Chap. 34.

 Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (APRA Final Report), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-Report_30042018.pdf, section 2.2.1, pp 13–15. 20  Ibid, pp 13–14. 19

752

23  Board Characteristics for Australian Major Banks

Board’s Role in Risk Management The role of the board – and failings – in overseeing risk and in setting the risk framework and risk appetite of the bank is identified above by both the Walker Review 2009 and the EC.  The identification, assessment/measurement, control/management and reporting of risk is examined in the entirety of Part 6. Board Diversity The EC noted above a “lack of diversity and balance in terms of gender, social, cultural and educational background”.21 This is examined in Chap. 25 below. Bank Supervisory Authorities The role of supervisory authorities and regulators is stated in Sect. 37.10 – bank supervisors and regulatory guidance – to be beyond the scope of this Key Code and Advanced Handbook.

23.2 Board Size, Composition and Qualification Turnbull and Pirson For Turnbull and Pirson, the size of the board means there is “limited ability of a few directors to control a large number of subordinates”.22 For the authors, directors and CEOs “are subjected to information overload which leads to poor decision making”.23 Indeed, the authors posit that boards are subject to “information and task overload”:24 Currently, unitary boards are asked to 1) provide long term strategic advice, 2) shape corporate policy while 3) monitoring and evaluating short term business and executive performance, and 4) being accountable to regulators and shareholders.25

And Turnbull and Pirson query whether this is remedied by the committee system on the grounds that the same people are involved in both the board and the committees without reduction in the amount of information: U.S. and U.K. corporations with unitary boards typically decompose decision making into only three committees, such as those concerned with auditing, remuneration or nomination. Using subcommittees does not remove conflicts, group loyalty or alleviate the information overload, as the same individuals are involved in the overall governing board as well.26

 EC Green Paper 2010, above n 17, section 3.3, pp 6–7.   Shann Turnbull and Michael Pirson, “The Future of Corporate Governance: Network Governance  – A Lesson from the Financial Crisis”, Fordham University Schools of Business Research Paper No. 2010–010, (15 March 2010), accessed 5 April 2017 at SSRN: http://ssrn.com/ abstract=1570924, 3. 23  Ibid, 4. 24  Ibid, 8. 25  Ibid. 26  Ibid. 21 22

23.3  Board Size and Information and Task ‘Overload’

753

Walker Review 2009 Recommendations On board size, composition and qualification, the Walker Review 2009 made recommendations in relation to: • induction, training and development of non-executive directors;27 • “dedicated support” for non-executive directors for information and advice in addition to the normal board process;28 • increasing the overall time commitment of non-executive directors;29 and • development programs for financial industry awareness of non-executive directors on risk strategy.30

23.3 Board Size and Information and Task ‘Overload’ The existing [BrdCmSize] (+/−) variable – Board and Committee Size – coverage/ rating +/−6/75.00 rprox – is examined in sections 8.2–8.2.2.2 of Stage 1.31 In those sections, the relational approach examined the determinants of optimum board size and the inconclusive nature of the relationship between board size and firm operating performance and firm value – there were conflicting results for board size and firm performance and firm value.32 [BankBrdInfoTask] (+/−) Variable – Banks – Board Size and Information and Task ‘Overload’ – Coverage/Rating +/−6/75.00 rprox – Relational Effect Path This variable is based on Pirson and Turnbull’s above finding that the board size of many banks was too small for the volume of management-generated information for review by the board and the number and width of tasks assigned to it. For Pirson and Turnbull, this reduces the quality of board decision-making and thus has a negative aspect. But Stage 1 examined arguments that, above an ‘optimal’ board size, there was a perceived negative relationship between board size and board effectiveness, the difficulty lying in determining that point.33 Thus, the [BrdCmSize] (+/−) variable – Board and Committee Size in section 8.2.2.2 of Stage 134 – has a dual direction marker depending upon that optimal number of directors. The analysis suggests that, again, a dual direction marker is assigned this time to the [BankBrdInfoTask] (+/−) variable to reflect this optimum point. Thus, the

 Walker Review 2009, above n 15, Recommendation 1, p 14.  Ibid, Recommendation 2, p 14. 29  Ibid, Recommendation 3, p 14. 30  Ibid, Recommendation 4, p 14. 31  See discussion in section 8.28.2.2.2 of Stage 1, above n 2, pp 223–229. 32  See discussion in section 8.2.2.1 of Stage 1, above n 2, pp 225–226. 33  See discussion in section 8.2.2.2 of Stage 1, above n 2, pp 227–228. 34  Ibid. 27 28

754

23  Board Characteristics for Australian Major Banks

relational effect path for [BankBrdInfoTask] (+/−) is identical to that for [BrdCmSize] (+/−) which also commences with the effectiveness of decision-­ making (Decision-making Factor No. 7). For the reasons given in section 8.2.2.2 of Stage 1, Responsibility Factor No. 8 and Stakeholders Factor No 6 are excluded.35 This gives rise to a coverage/rating of +/− 6/75.00 rprox for the [BankBrdInfoTask] (+/−) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

23.4 Governance Variables for NED Induction, Training, Development Programs, ‘Dedicated Support’ and Financial Industry Awareness – Coverage/ Rating + 7/87.50 rprox – Relational Effect Paths The recommendations of the Walker Review 2009 give rise to five governance variables, all tied to the independent nature of the bank’s NEDs: • [BankNEDInduct] (+) variable – banks – induction of non-executive directors – enhancement of monitoring effect, coverage/rating + 7/87.50 rprox; • [BankNEDTrain] (+) variable – banks – training of non-executive directors – enhancement of monitoring effect, coverage/rating + 7/87.50 rprox; • [BankNEDDevelopProg] (+) variable  – banks  – development programs for non-executive directors  – enhancement of monitoring effect, coverage/rating + 7/87.50 rprox; • [BankNEDSupport] (+) variable  – banks  – ‘dedicated support’ for non-­ executive directors for information and advice in addition to the normal board process – enhancement of monitoring effect, coverage/rating + 7/87.50 rprox; and • [BankNEDFinAwareProg] (+) variable  – banks  – development programs for financial industry awareness of non-executive directors on risk strategy and management – enhancement of monitoring effect, coverage/rating + 7/87.50 rprox. In section 7.3.2.1.2 of Stage 1 and Sect. 22.3 of Chap. 22 above, the relational approach sets out the relational effect path for the [BrdIndMon] (+) variable, coverage/rating + 7/87.50 rprox. Like the [BrdIndMon] (+) variable, the above variables hypothesise an enhanced monitoring effect based on the independence ingredient of the NEDs. Thus, the independent ingredient of NEDs is hypothesized to improve the quality of monitoring of management and thus reduce agency costs.36 Similarly, an improvement in the quality of monitoring of management by NEDs undertaking induction, training, on-going development programs, ‘dedicated support’ and financial industry awareness programs is hypothesized to increase the capacity of bank NEDs to challenge and test strategy formulated by the CEO, executives and management. 35 36

 Ibid.  See discussion in section 7.3.2 of Stage 1, above n 2, pp 206–207.

23.5  Time commitment of Non-executive Directors – Coverage/Rating + 7/87.50…

755

Thus, the relational effect path of these variables is hypothesized to be identical to the [BrdIndMon] (+) variable giving rise to a coverage/rating for these variables of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

23.5 Time commitment of Non-executive Directors – Coverage/Rating + 7/87.50 rprox Increased time commitment from NEDs was identified in Sect. 23.2. Time commitment of NEDs in relation to the audit, compensation/remuneration and Board Risk Committee (BRC) is examined in Sect. 33.5. An increase in the time commitment of NEDs in general requires an additional variable which represents an enhancement in the monitoring effect  – Risk Management, Monitoring and Audit Factor No 5 – on account of additional time in review. Alternatively, there is an enhancement in the quality of decision-making again on account of additional time in review: • [BankNEDTime] (+) variable  – banks  – non-executive directors  – additional time (in general) spent in review – enhancement of monitoring effect, coverage/ rating + 7/87.50 rprox. Due to enhancement of the ‘independence’ ingredient through additional time in review, this variable has an identical relational effect path to the [BrdIndMon] (+)37 variable – Board Independent: Executive Director Proportion – Monitoring Effect, coverage/rating + 7/87.50 (relational effect path in section 7.3.2.1.2 of Stage 1). This gives rise to a coverage/rating for the [BankNEDTime] (+) variable of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

37

 See discussion in section 7.3.2.1.2 of Stage 1, above n 2, p 211.

Chapter 24

Functioning of the Board and Monitoring and Evaluation of Performance

Abstract  Chapter 24 of this Stage 2 Key Code and Advanced Handbook for the governance of Australian major banks examines the functioning of the board and the monitoring and evaluation of its performance. We begin with recommendations and observations by the Walker Review 2009 and APRA. We then construct the [BankNEDTestStrat] (+) variable for challenging and testing strategy by non-executive directors and the [BankNEDTestRisk] (+) variable for challenging and testing risk by NEDs. We continue by listing the sections of the Key Code and Advanced Handbook which consider the time, qualifications, role and annual election of the chairperson and the role of the ‘senior independent director’, the performance evaluation of the board and the evaluation statement of the skills and experience of the board. Chapter 24 concludes with the APRA Final Report failings in board effectiveness, risk management, internal monitoring and decision-making and the APRA Final Report failings in reporting to the board. Keywords  Board monitoring and evaluation of performance · Challenging and testing strategy by NEDs · Challenging and testing risk by NEDs · Chairperson · Senior Independent Director · Performance evaluation · Evaluation statement of skills and experience · APRA final report failings

The Walker Review 2009 and APRA Recommendations were made by the Walker Review 2009 on the functioning of the board and evaluation of performance, including in relation to: • challenging and testing of executive strategy by non-executive directors;1

 David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), Recommendation 6, p 15.

1

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_24

757

758

24  Functioning of the Board and Monitoring and Evaluation of Performance

• the time commitment of the chairperson, being two-thirds to the firm, and having priority over other business commitments;2 • for the chairperson’s qualifications, both increasing financial industry experience and a “track record of successful leadership” in a significant board position;3 • the role of the chairperson;4 • annual election of the chairperson;5 • the role of the “senior independent director”;6 • performance evaluation of the board every second or third year;7 and • an evaluation statement of the skills and experience of the board to address and challenge key risks and decisions, including “an indication of the nature and extent of communication with major shareholders” and confirmation that their views were taken into account.8 For APRA, a “number of consistent themes” included: • there was insufficient rigour and urgency by the Board and its Committees around holding management to account in ensuring that risks were mitigated and issues closed in a timely manner; • gaps in reporting and metrics hampered the effectiveness of the Board and its Committees; and • a heavy reliance on the authority of key individuals likely weakened the Committee construct and the benefits that it provides.9

APRA also observed: • gaps in communication between Committees despite overlapping membership; • instances of a lack of candour from management in messaging to the Board and its Committees; • over-confidence in the effectiveness of the Board and its Committees, and lack of genuine benchmarking; and • immature oversight of the CBA’s risk culture.10

These are examined below in the following sections of this Chap. 24.

 Ibid, Recommendation 7, p 15.  Ibid, Recommendation 8, p 15. 4  Ibid, Recommendation 9, p 16. 5  Ibid, Recommendation 10, p 16. 6  Ibid, Recommendation 11, p 16. 7  Ibid, Recommendation 12, p 16. 8  Ibid, Recommendation 13, p 16–17. 9  Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (‘APRA Final Report’), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-Report_30042018.pdf, p 14. 10  Ibid. 2 3

24.2  [BankNEDTestRisk] (+) Variable – Banks – Challenging and Testing Risk…

759

24.1 [BankNEDTestStrat] (+) Variable – Banks – Challenging and Testing Strategy by Non-executive Directors – Enhancement of Monitoring Effect – Coverage/Rating + 7/87.50 rprox – Relational Effect Path In section 7.3.2.1.2 of Stage 111 and Sect. 22.3 of Chap. 23 above, the relational approach sets out the relational effect path for the [BrdIndMon] (+) variable, coverage/rating  +  7/87.50 rprox. Like the [BrdIndMon] (+) variable, the [BankNEDTestStrat] (+) variable hypothesises an enhanced monitoring effect based on the independence ingredient of the NEDs. Thus, the independent ingredient of NEDs is hypothesized to improve the quality of monitoring of management and thus reduce agency costs.12 Such an improvement in the quality of monitoring of management is hypothesized to increase the capacity of bank NEDs to challenge and test strategy formulated by the CEO, executives and management. Thus, the relational effect path of the [BankNEDTestStrat] (+) variable is hypothesized to be identical to the [BrdIndMon] (+) variable giving rise to a coverage/rating for the [BankNEDTestStrat] (+) variable of +7/87.50  in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Also related is the role of non-executive directors in testing risk decisions formulated by the CEO, executives and management considered next.

24.2 [BankNEDTestRisk] (+) Variable – Banks – Challenging and Testing Risk by Non-executive Directors – Enhancement of Monitoring Effect – Coverage/ Rating + 7/87.50 rprox – Relational Effect Path Again, in section 7.3.2.1.2 of Stage 1 and Sect. 22.3 of Chap. 23 above, the relational approach sets out the relational effect path for the [BrdIndMon] (+) variable, coverage/rating  +  7/87.50 rprox. Like the [BrdIndMon] (+) variable, the [BankNEDTestRisk] (+) variable hypothesises an enhanced monitoring effect on risk decisions based on the independence ingredient of the NEDs. Thus – in this case relating to risk decisions  – the independence ingredient of non-executive  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 12  See discussion in section 7.3.2 of Stage 1, ibid., pp 206–207. 11

760

24  Functioning of the Board and Monitoring and Evaluation of Performance

directors is hypothesized to improve the quality of monitoring of management and thus reduce agency costs.13 Such an improvement in the quality of monitoring of management is hypothesized to increase the capacity of bank NEDs to challenge and test risk decisions formulated by the CEO, executives and management. Thus, the relational effect path of the [BankNEDTestRisk] (+) variable is hypothesized to be identical to the [BrdIndMon] (+) variable giving rise to a coverage/rating for the [BankNEDTestRisk] (+) variable of +7/87.50  in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

24.3 Time, Qualifications, Role and Annual Election of Chairperson Governance variables examining the time, qualifications, role and election of the Chairperson are examined in Chap. 34 below.

24.4 Role of the ‘Senior Independent Director’ This is examined in Sect. 33.7 below.

24.5 Performance Evaluation of the Board Performance evaluation of the board every second or third year is examined in Sect. 35.3.

24.6 Evaluation Statement of the Skills and Experience of the Board This is examined in Sect. 35.4.

13

 Ibid.

24.8  APRA Final Report Failings in Board Effectiveness, Risk Management, Internal…

761

24.7 Regulatory Authorization Processes to Approve Non-­executive Directors Beyond Scope of Book However, the Walker Review 2009s discussion of the regulatory authorisation processes to approve non-executive directors of banks and financial institutions will be excluded.14

24.8 APRA Final Report Failings in Board Effectiveness, Risk Management, Internal Monitoring and Decision-Making Except where noted, the relational approach here will be to craft a number of governance variables for the reduction/failings in board effectiveness, risk management and internal monitoring and (reflexive) reduction in the quality of decision-making based on the relational effect path of [BrdSkills] (+)15 variable except in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox. Thus, like the [BrdSkills] (+) variable but in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox, these board effectiveness, risk management and internal monitoring failings variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 116). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the operational, risk management or risk-taking decisions of bank directors, the CEO, executives or lower-level managers. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of −7/87.50 rprox for the following operational, risk management and monitoring failings variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • [BankBrdCmFailRigUrge] (−) – Banks – Board and Committee – Insufficient Rigour and Urgency by Board and Committees – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-­making – coverage/rating − 7/87.50 rprox (APRA Final Report); • [BankBrdCmReportMetricGaps] (−) – Banks – Board and Committee – Gaps in Reporting and Metrics  – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating − 7/87.50 rprox (APRA Final Report);

 Walker Review 2009, above n 1, Paras 3.24–3.27, pp 49–51.  See discussion in section 7.3.1.2.1 of Stage 1, above n 11, pp 198–199. 16  See discussion in section 2.6.2 of Stage 1, above n 11, pp 41–43. 14 15

762

24  Functioning of the Board and Monitoring and Evaluation of Performance

• [BankBrdCmKeyIndiv] (−) – Banks – Board and Committee – Over-reliance on Authority of Key Individuals – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating − 7/87.50 rprox (APRA Final Report); • [BankBrdCmCommsGap] (−)  – Banks  – Board and Committee  – Gaps in Communication of Board and Committees – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-­ making – coverage/rating − 7/87.50 rprox (APRA Final Report); • [BankBrdCmLackCandour] (−) – Banks – Board and Committee – Lack of Candour from Management to Board and Committees – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 7/87.50 rprox (APRA Final Report); • [BankBrdCmConfid&Bench] (−)  – Banks  – Board and Committee  – Over-­ confidence in Board and Committees and Lack of Genuine Benchmarking  – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating  −  7/87.50 rprox (APRA Final Report); and • [BankBrdCmImmatureRisk] (−) – Banks – Board and Committee – Immature Oversight of Risk Function  – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating − 7/87.50 rprox (APRA Final Report). APRA observed that the board is permitted to place trust in its executives but that this needed to be tested and validated by appropriate metrics and challenge by expert and experienced directors: One of the challenges facing all Boards is ensuring strong oversight of senior management whilst still preserving an appropriate separation from managerial responsibilities. The Panel accepts that a Board must have a high degree of trust in the executives that it has appointed. However, the degree of trust needs to be continually tested and validated through appropriate metrics and constructive challenge by Directors who collectively must have appropriate levels of expertise and experience.17

24.9 APRA Final Report Failings in Reporting to the Board For APRA, the above failings in the effectiveness of the board and committees was accompanied by weaknesses in reporting, in particular in relation to risk: The ability of the Board to effectively challenge senior management is influenced by the style of the Chair and the expertise of Directors, but it also relies critically on Boards being provided with comprehensive reporting that clearly highlights matters warranting specific attention…

17

 APRA Final Report, above n 9, p 14.

24.9  APRA Final Report Failings in Reporting to the Board

763

The Regulatory and Operational Risk report provided to the Board is dominated by responses to regulatory matters and the top issues being dealt with. However, the report has very limited detail on the risk profile of the organisation, the trajectory of risks or on new and emerging risks.18

Identifying, reporting, escalation and disclosure of risks and reduction in information flow to the board is examined in sections 38.4–38.23 of Chap. 38 of Part VI.

18

 Ibid, p 15.

Chapter 25

Diversity

Abstract  Chapter 25 of this Stage 2 Key Code and Advanced Handbook for the governance of Australian major banks outlines the Stage 2 approach to diversity. It begins with considerations relating to diversity by the EC Green Paper 2010 and the EC Second Green Paper 2011. This continues with the construction of ‘interim’ variables for board diversity. This includes general non-executive director variables for diversity and then gender diversity for non-executive directors. We conclude by examining the ASX diversity policy. Keywords  Diversity · EC Green Paper 2010 · EC second green paper 2011 · Governance variables for board diversity · NED variables for diversity · Gender diversity for NEDs · ASX diversity policy

EC Green Paper 2010 The EC Green Paper 20101 raised similar concerns to the Walker Review 2009 around: • • • • •

the balance between independence and skill to effectively monitor management;2 the management of conflicts of interest of board members and within the bank.3 the role of the chairperson;4 diversity in the composition of the board;5 limiting the number of outside positions of board members;6 and

 European Commission, Green Paper, Corporate Governance in Financial Institutions and Remuneration Policies, COM(2010) 284 final, Brussels, 2 June 2010, accessed 23 March 2017 at http://www.ecgi.org/commission/documents/green_paper_com2010_284_en.pdf (‘EC Green Paper 2010’). 2  Ibid, section 5.1, p 11. 3  Ibid. 4  Ibid. 5  Ibid. 6  Ibid. 1

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_25

765

766

25 Diversity

• the board’s role in supervising risk including a Board Risk Committee.7 EC Second Green Paper 2011 Following this, the EC Second Green Paper 20118 further considered the composition of the board in relation to diversity: • selection of non-executive directors on the basis of “merit, professional qualifications, experience, the personal qualities of the candidate, independence and diversity”;9 • diversity of values, view and competencies giving rise to a “wider pool of resources and expertise” to address ‘groupthink’, more discussion, monitoring and challenge;10 • professional diversity to ensure the board understands “the complexities of global markets, the company’s financial objectives and the impact of the business on different stakeholders including employees”;11 and • international diversity.12 Gender diversity drew more extended commentary about the merits of tackling ‘groupthink’, leadership style, board meeting attendance, collective intelligence and firm performance: Gender diversity can contribute to tackling group-think. There is also evidence that women have different leadership styles, attend more board meetings and have a positive impact on the collective intelligence of a group. Studies suggest there is a positive correlation between the percentage of women in boards and corporate performance, though for certain the overall impact of women on firm performance is more nuanced. Although these studies do not prove any causality, the correlation highlights the business case for gender balance in management and corporate decision-making.13

Thus the discussion of diversity raises a number of variables discussed in the following Sect. 25.1.

 Ibid, p 12.  European Commission, Green Paper, The EU Corporate Governance Framework, COM(2011) 164 final, Brussels, 5 April 2011, accessed 24 March 2017 at http://ec.europa.eu/internal_market/ company/docs/modern/com2011-164_en.pdf (‘EC Second Green Paper 2011’). 9  Ibid, Para 1.1, p 5 (footnote omitted). 10  Ibid. 11  Ibid, Para 1.1.1, p 6. 12  Ibid, Para 1.1.2, p 6. 13  Ibid, Para 1.1.3, p 7. 7 8

25.1  Interim Variables for Board Diversity

767

25.1 Interim Variables for Board Diversity The relational approach will in future dedicate an entire proposed new Key Field – Board Diversity – to the composition and conditions for effective board diversity and their empirical results. However, given the importance of this topic as indicated by the Walker Review 2009, EC Green Paper 2010 and EC Second Green Paper 2011, a number of ‘interim’ variables – not settled or confirmed at this time – will be proposed by the relational approach pending the future completion of the Board Diversity Key Field. Interim governance variables are identified by an asterix (*) in the description of the variable. General Non-executive Director Variables for Diversity The following Stage 2 governance variables are based on the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 114 and Sect. 22.3 of Chap. 22 above, coverage/ rating + 7/87.50 rprox: • [NEDDivQualExper*] (+) variable – banks – non-executive directors – diversity in selection of merit, professional qualifications and experience – enhancement in monitoring and challenge effect, coverage/rating + 7/87.50 rprox; • [NEDDivInd*] (+) variable  – banks  – non-executive directors  – diversity in independence – enhancement in monitoring and challenge effect, coverage/rating + 7/87.50 rprox; • [NEDDivValueViewComp*] (+) variable – banks – non-executive directors – diversity in personal qualities, values, view and competencies – enhancement in monitoring and challenge effect, coverage/rating + 7/87.50 rprox; and • [NEDDivInternat*] (+) variable  – banks  – non-executive directors  – international diversity – enhancement in monitoring and challenge effect, coverage/rating + 7/87.50 rprox. Again, in section 7.3.2.1.2 of Stage 1 and Sect. 22.3 of Chap. 22 above, the relational approach sets out the relational effect path for the [BrdIndMon] (+) variable, coverage/rating + 7/87.50 rprox. The [BrdIndMon] (+) variable hypothesises an enhanced monitoring effect based on the independence ingredient of the NEDs. Thus, the independent ingredient of NEDs is hypothesized to improve the quality of monitoring of management and thus reduce agency costs.15 The effect of the [BrdIndMon] (+) governance variable is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making

 Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 15  See discussion in section 7.3.2 of Stage 1, ibid., pp 206–207. 14

768

25 Diversity

Factor No 7 and Responsibility Factor No 8 on account of the substantial guidance in governance codes in Chapter 6 of Stage 1 relating to director independence. Director independence was found in section 6.8.1 of Chapter 6 of Stage 1 to be a ‘core’ variable/feature of global/cross-border and national governance codes. Similarly, an improvement or enhancement in the type of diversity represented by each of these variables is hypothesized – through the same governance factor numbers – Nos 1, 5, 7 and 8 – to increase the capacity of bank NEDs to address ‘groupthink’, enhance discussion and deliberation and to monitor and challenge the CEO, executives and management. Thus, the relational effect paths of these variables – interim (*) at this time – are hypothesized to be identical to the [BrdIndMon] (+) variable giving rise to a coverage/rating for these variables of +7/87.50  in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Gender Diversity for Non-executive Directors The EC’s discussion on gender diversity was more detailed with the beneficial effects going beyond monitoring and challenge, again as an interim (*) variable pending completion of the proposed Board Diversity Key Field. The following Stage 2 governance variable is also based on the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1 and Sect. 22.3 of Chap. 22 above, coverage/rating + 7/87.50 rprox: • [NEDDivGender*] (+) variable  – banks  – non-executive directors  – gender diversity – enhancement of tackling groupthink, leadership style, board meeting attendance, collective intelligence and firm performance, coverage/rating + 7/87.50 rprox. Similar to the ‘general’ diversity variables above, and based on the findings of the EC, an improvement or enhancement in gender diversity represented by the [NEDDivGender*] (+) variable is hypothesized  – through the same governance factor numbers  – Nos 1, 5, 7 and 8  – to increase the capacity of bank NEDs to address ‘groupthink’, enhance leadership style, enhance board meeting attendance, collective intelligence and firm performance. Thus, the relational effect path of the [NEDDivGender*] (+) variable is hypothesized to be identical to the [BrdIndMon] (+) variable giving rise to a coverage/ rating for this variable of +7/87.50 in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). As noted above, the relational effect paths of the ‘NED diversity’ variables will remain in ‘interim’ status pending the future completion of the research in the proposed Board Diversity Key Field.

25.1  Interim Variables for Board Diversity

769

ASX Diversity Policy For ASX Listed Entities, the governance variables for diversity extend beyond NEDs to the board, senior executives and workforce generally.16 The following governance variables extend beyond NEDs and so do not depend on any independence ingredient of NEDs and so do not follow the relational effect path of the [BrdIndMon] (+) variable. Instead, they are based on the relational effect path of the [BrdSkills] (+)17 variable in the same positive (+) direction giving rise to a coverage/rating of +7/87.50 rprox for the following diversity requirements suggested by ASX Recommendation 1.5 and commentary: • [2019ASXDiversityPolicy*] (+) – 2019ASXDiversity – Board – Entity to Have and Disclose Diversity Policy for Board, Senior Executives and Workforce Generally18  – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating + 7/87.50 rprox (2019ASX) including: –– through board or committee set out measurable objectives for achieving gender diversity; –– disclosure in each reporting period of: • measurable objectives; • progress towards objectives; • either: –– respective proportions of men and women; or –– ‘Gender Equality Indicators’ under the Workplace Gender Equality Act; –– suggested content in Box 1.5;19 –– for S&P/ASX 300 Index, board composition of not less than 30% of each gender within specified time period; • [2019ASXDiversityTargets*] (+)  – 2019ASXDiversity  – Board  – Achieving Specific Numerical Targets for Gender20  – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating + 7/87.50 rprox (2019ASX) including: –– board, senior executives and workforce generally;

 Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition, February 2019, accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-principles-and-recommendationsfourth-­edn.pdf (‘2019ASX’), Rec 1.5, p 9. 17  See discussion in section 7.3.1.2.1 of Stage 1, above n 14, pp 198–199. 18  2019ASX, above n 16, Rec 1.5, p 9. 19  Ibid, Commentary to Rec 1.5, p 10. 20  Ibid, Commentary to Rec 1.5, p 9. 16

770

25 Diversity

–– key operational roles to create a ‘diverse pipeline of talent’ for future succession to senior executive roles; and –– ‘Gender Equality Indicators’; • [2019ASXDiversityScorecard*] (+) – 2019ASXDiversity – Board – KPIs for Senior Executives on Gender Participation Linked to Remuneration including Balanced Scorecard21 – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-­ making – coverage/rating + 7/87.50 rprox (2019ASX); • [2019ASXDiversitySuccession*] (+)  – 2019ASXDiversity  – Board  – Gender Diversity on Succession Planning22 – Enhancement in Roles and R ­ esponsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating + 7/87.50 rprox (2019ASX); • [2019ASXDiversityBench*] (+)  – 2019ASXDiversity  – Board  – Gender Diversity Benchmarks with Peers23 – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-­making – coverage/rating + 7/87.50 rprox (2019ASX); and • [2019ASXDiversityPayAudits*] (+)  – 2019ASXDiversity  – Board  – Gender Diversity Pay Audits and Emerging Themes or Actions24 – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating + 7/87.50 rprox (2019ASX). This equates to a coverage/rating of +7/87.50 rprox for the ASX diversity policy variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

 Ibid.  Ibid, p 10. 23  Ibid. 24  Ibid. 21 22

Chapter 26

Skills, Independence, Competence and ‘Fit and Proper Person’ Tests

Abstract  In Chapter 26 of the Stage 2 Key Code and Advanced Handbook for the governance of Australian major banks, we examine skills, independence, competence and the ‘fit and proper person’ tests. This begins with the requirements for ASX listed entities including the independence test and the ASX listed entities disclosure and factors of independence. We present the existing governance variables based on the independence ingredient and find that independence may be associated with less bank-specific knowledge. We apply this to bank-specific variables exhibiting a deficiency in banking industry knowledge and competence with a coverage/rating of −4/50.00 rprox. We also find that ‘pro-shareholder boards’ performed worse during the crisis. We turn then to the OECD findings on independence and competence and construct a governance variable based on the OECD recommendations for independence and bank-specific skills, competence and professional qualities with a coverage/rating of +7/87.50 rprox  – the [NEDBankSkillsMon] (+) variable. We continue with governance variables based on the OECD recommendations on separation of the CEO and Chairperson roles and governance variables based on the OECD recommendations on the ‘fit and proper person’ test by supervisory authorities. Governance variables are constructed for APRA’s Prudential Standard 520 Fit and Proper including governance variables for fit and proper policy, additional requirements for Head of a group, responsible persons and senior managers. We examine the criteria for fit and proper persons and the process for assessing fit and proper persons. There is a whistleblowing provision for the fit and proper policy. A responsible person who is not fit and proper is not to hold a position including the information to be provided to APRA. We conclude with governance variables based on the OECD recommendations on continuing training. Keywords  Skills · Independence · Competence · Fit and proper persons · Existing governance variables for independence · Separation of CEO and Chairperson roles · APRA Prudential Standard 520 Fit and Proper · Process for assessing fit and proper person · Whistleblowing

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_26

771

772

26  Skills, Independence, Competence and ‘Fit and Proper Person’ Tests

ASX Listed Entities For ASX listed entities,1 the following governance variable extends beyond NEDs and so does not depend on any independence ingredient of NEDs and so does not follow the relational effect path of the [BrdIndMon] (+) variable. Instead, it is based on the relational effect path of the [BrdSkills] (+)2 variable in the same positive (+) direction giving rise to a coverage/rating of +7/87.50 rprox for the following skills requirements suggested by ASX Recommendation 2.2 and commentary: • [2019ASXBrdSkillsMatrix] (+) – 2019ASXBrd – Board – Have and Disclose Board Skills Matrix the Board Has or Looking to Achieve3 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making  – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating + 7/87.50 rprox (2019ASX) including: –– identification of skills gaps; –– assisting succession planning; and –– regular review for existing and emerging business and governance issues.4 Independence Test Independence arrangements for APRA-regulated institutions are provided for by APRA’s Prudential Standard CPS 510 Governance, sections 23–24.5 Due to enhancement of the ‘independence’ ingredient through the independence requirements, this variable has an identical relational effect path to the [BrdIndMon] (+)6 variable  – Board Independent: Executive Director Proportion  – Monitoring Effect, coverage/rating + 7/87.50 rprox (relational effect path in section 7.3.2.1.2 of Stage 1). This gives rise to a coverage/rating for these independence variables of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above):

 Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition, February 2019, accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-principles-and-recommendationsfourth-­edn.pdf (‘2019ASX’). 2  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in section 7.3.1.2.1 of Stage 1, pp 198–199. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 3  2019ASX, above n 1, Rec 2.2, p 13. 4  Ibid, Commentary to Rec 2.2, p 13. 5  Australian Prudential Regulation Authority, Prudential Standard CPS 510 Governance, July 2019, accessed 22 September 2019, available at: https://www.legislation.gov.au/Details/ F2019L00662/Download (‘CPS 510’), sections 23–24, p 9. 6  See discussion in section 7.3.2.1.2 of Stage 1, above n 2, p 211. 1

26  Skills, Independence, Competence and ‘Fit and Proper Person’ Tests

773

• [510IndepDirDefinition] (+)  – CPS 510Indep  – Definition for Independent Director – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox (APRA CPS 510) being: –– “a non-executive director who is free from any business or other association – including those arising out of a substantial shareholding, involvement in past management or as a supplier, customer or adviser – that could materially interfere with the exercise of their independent judgement. The circumstances that will not meet this test of independence include, but are not limited to, those set out in Attachment A [of CPS 510]”7; and

• [510NEDDefinition] (+)  – CPS 510NED  – Definition for Non-Executive Director – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox (APRA CPS 510) being: –– “a director who is not a member of the APRA-regulated institution’s management. Nonexecutive directors may include Board members or senior managers of the parent company of the locally incorporated APRA-regulated institution or of the parent company’s subsidiaries, but not executives of the APRA-regulated institution or its subsidiaries.”8

ASX Listed Entities Disclosure and Factors of Independence The ASX Principles and Recommendations Fourth Edition9 provides in Recommendation 2.3 that: A listed entity should disclose: (a) the names of the directors considered by the board to be independent directors; (b) if a director has an interest, position or relationship of the type described in Box 2.3 but the board is of the opinion that it does not compromise the independence of the director, the nature of the interest, position or relationship in question and an explanation of why the board is of that opinion; and (c) the length of service of each director.10

Similar to CPS 510, due to enhancement of the ‘independence’ ingredient through the independence requirements, the following variables have an identical relational effect path to the [BrdIndMon] (+) variable  – Board Independent: Executive Director Proportion – Monitoring Effect, coverage/rating + 7/87.50 rprox (relational effect path in section 7.3.2.1.2 of Stage 1). This gives rise to a coverage/ rating for these independence variables of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • [2019ASXNEDIndepDirDisclose&Factors] (+) – 2019ASXNED – Disclosure and Factors for Independent Directors11  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox (2019ASX) including:

 CPS 510, above n 5, section 23, p 9.  Ibid, section 25, p 9. 9  2019ASX, above n 1, p 13. 10  Ibid, Rec 2.3, p 13. 11  Ibid. 7 8

774

26  Skills, Independence, Competence and ‘Fit and Proper Person’ Tests

–– factors for assessing the independence of directors in Box 2.312; –– NED to inform board or Nomination and Governance Committee of changes in NED’s interests, positions or relationships13; and –– board or Nomination and Governance Committee to regularly assess independence of each NED annually or at time of election and re-election to the board or change in interests14; • [2019ASXNEDBrdMajorityIndep] (+)  – 2019ASXNED  – Board to be Composed of a Majority of Independent Directors15 – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox (2019ASX); and • [2019ASXNEDChairNotCEO] (+)  – 2019ASXNED  – Board Chair to be a NED and Not the Same Person as CEO16 – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox (2019ASX). For listed entities, the following governance variables extend beyond NEDs and so do not depend on any independence ingredient of NEDs and so do not follow the relational effect path of the [BrdIndMon] (+) variable. Instead, it is based on the relational effect path of the [BrdSkills] (+)17 variable in the same positive (+) direction giving rise to a coverage/rating of +7/87.50 rprox for the following induction requirements suggested by ASX Recommendation 2.6 and commentary: • [2019ASXBrdDirInduction] (+)  – 2019ASXBrd  – Board  – Listed Entity to Have Program for Inducting New Directors18 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-­making – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating + 7/87.50 rprox (2019ASX) including: –– legal framework that governs the entity and legal duties and responsibilities as a director19; • accounting skills and knowledge and responsibilities for the entity’s financial statements20; • [2019ASXBrdReviewProfDev] (+)  – 2019ASXBrd  – Board  – Program for Periodic Review of Need for Existing Directors to Undertake Professional Development21  – Enhancement in Risk Management and Internal Monitoring

 Ibid, Box 2.3, p 14.  Ibid, Commentary to Rec 2.3, p 14. 14  Ibid. 15  Ibid, Rec 2.4, p 15. 16  Ibid, Rec 2.5, p 15. 17  See discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp 198–199. 18  2019ASX, above n 1, Rec 2.6, p 15. 19  Ibid, Commentary to Rec 2.6, p 15. 20  Ibid. 21  Ibid, Rec 2.6, p 15. 12 13

26.1  Existing Governance Variables Based on the Independence Ingredient

775

Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating + 7/87.50 rprox (2019ASX) including: –– assessment whether “directors as a group have the skills, knowledge and experience to deal with new and emerging business and governance issues”22; and –– professional development for any gaps which are identified23; and –– “that directors receive briefings on material developments in laws, regulations and accounting standards relevant to the entity”.24

26.1 Existing Governance Variables Based on the Independence Ingredient As can be seen already in this Part 5, a major theme in the GFC relating to the structure and composition of boards is the role of independent directors. In Stage 1, non-executive director independence was reflected in five principal variables: • [AudIndInfo] (−) – Audit Committee – Independence – Information Flow and Decision Quality ‘Trade-off’, −4/50.00 rprox25; • [AudIndMon] (+)  – Audit Committee  – Independence  – Monitoring Effect, +7/87.50 rprox26; • [BrdIndInfo] (−) – Board Independent Director: Executive Director Proportion – Information Flow and Decision Quality ‘Trade-off’, −4/50.00 rprox27; • [BrdIndMon] (+) – Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox28; and • [OutBrdPos] (−)  – Outside Board Positions of Independent Directors, −6/75.00 rprox.29 How do these variables behave or fail for banks and financial firms in the GFC and beyond to the Australian Banking Royal Commission Inquiry into banking misconduct? The discussion in this chapter sees the creation of new bank-specific governance variables which  – while bank-specific  – are consistent with the existing variables.  Ibid, Commentary to Rec 2.6, p 15.  Ibid. 24  Ibid. 25  See discussion in section 8.4.3 of Stage 1, above n 2, pp 242–244. 26  Ibid. 27  See discussion in section 7.3.2.1.3 of Stage 1, above n 2, pp 212–215. 28  See discussion in section 7.3.2.1.1–7.3.2.1.2 of Stage 1, above n 2, pp 208–212. 29  See discussion in sections 8.2.3–8.2.3.1 of Stage 1, above n 2, pp 229–232. 22 23

776

26  Skills, Independence, Competence and ‘Fit and Proper Person’ Tests

26.2 Independence May Be Associated with Less Bank-Specific Knowledge As noted in Chap. 16 of this Stage 2 Key Code and Advanced Handbook,30 Adams undertakes a review of financial firm governance in the financial crisis.31 Among the variables examined, Adams compares board independence, size and number of outside board positions of directors.32 The author describes the literature as suggesting better governance in firms is associated with more independence, smaller boards and fewer outside positions: [B]oards that are more independent, i.e. they contain more directors without social or business connections to management, should be more effective (see Adams, Hermalin and Weisbach, 2009, for a survey of the board literature). Smaller boards should be more effective because decision-making costs are lower in smaller groups. Because directors may become too busy when they hold more outside directorships, the literature argues that boards are more effective when directors hold fewer outside directorships.33

Yet Adams found that US Government bailout funds went to firms with more independent boards, larger boards, more outside directorships and greater incentive pay for CEOs: [B]anks with TARP funds have more independent boards, larger boards, more outside directorships and greater incentive pay for CEOs. Some of these results are consistent with the idea that TARP banks have worse governance. In particular, the fact that TARP banks had higher performance pay for CEOs is consistent with the idea that performance pay may have led executives of banks to take on too much risk. The coefficient on the number of directorships is also consistent with potentially worse governance since taking on too many directorships can lead directors to become too unfocussed.34

For Adams, the “more plausible” explanation of the independence variable was due to two principal factors. First, that independent directors – to avoid conflicts of interest – are generally not employed by other banks and thus have less in-depth knowledge of the internal workings of banks. Second, they are thus less likely to understand the complex securitisation process and therefore to assess the risks or monitor the CEO: An independent director, by definition, is a director who has not worked for the bank and has no business dealings with the bank. Because of potential conflicts of interests, independent directors are generally not employees of other financial firms. What this means is that independent directors are less likely to have an in-depth knowledge of the internal workings  See discussion in section 16.1 above.  Renee B Adams, “Governance and the Financial Crisis” (May 4, 2009). ECGI - Finance Working Paper No. 248/2009, (4 May 2009), accessed 13 June 2017 at SSRN: http://ssrn.com/ abstract=1398583 32  Ibid, 7. 33  Ibid. The author cites R Adams, B Hermalin and M Weisbach, “The Role of Boards of Directors in Corporate Governance: A Conceptual Framework and Survey”, forthcoming, Journal of Economic Literature, 2009. 34  Adams, above n 31, 13. 30 31

26.2  Independence May Be Associated with Less Bank-Specific Knowledge

777

of the banks on whose boards they sit. They are also less likely to have the financial expertise to understand the complexity of the securitization processes banks were engaging in or to assess the associated risks banks were taking on. Thus, although board independence is generally seen to be a good thing, in the case of banks, greater independence may be a bad thing because a more independent board will not have sufficient expertise to monitor the actions of the CEO.35

Application – Bank-Specific Variables Exhibiting Deficiency in Banking Industry Knowledge and Competence – Coverage/Rating − 4/50.00 rprox Thus, Adams’ observations give rise to two new bank-specific governance variables in this Stage 2 reflecting that author’s view of a deficiency on the part of independent directors of the internal workings of banks and the securitisation process: • [NEDBankWorksInfo] (−) – Banks – Non-Executive Directors – Deficiency in Knowledge of Internal Workings of Banks  – Reduction in Decision-making Quality, coverage/rating − 4/50.00 rprox; and • [NEDBankSecurznInfo] (−) – Banks – Non-Executive Directors – Deficiency in Knowledge of Securitization Process of Bank Financial Products – Reduction in Decision-making Quality, coverage/rating − 4/50.00 rprox. These two governance variables are based on a deficiency of knowledge which is hypothesized to reduce the decision-making quality of non-executive directors. Thus, these variables are hypothesized to have an identical behaviour and relational effect path to the [BrdIndInfo] (−) variable examined in section 7.3.2.1.3 of Stage 1, coverage/rating − 4/50.00 rprox. As noted there: Contrary to the above studies as to the beneficial effects of greater independence among board members on the quality of board monitoring, there may well be drawbacks for the firm in terms of information flow. This comes from two sources. First, as Adams explains, while the board can improve the quality of its advice to management if it receives more detailed and transparent information, this may consequently enable the board to revise downward its opinion of particular managers leading, eventually, to a reduction in ‘firm specific’ information flow to the board.36 The degree of independence of the board is also a factor in the ‘trade-off’ for Adams and Ferreira. The authors consider that ‘independent boards monitor more intensively’ with the result that ‘the CEO will not communicate firm specific information to a board which is too independent’.37 Second, for Professor Hill, independent directors may lack the depth of understanding of the company’s business or operations that inside directors bring.38 This is explained

 Ibid.  Renee B Adams, ‘The Dual Role of Corporate Boards as Advisors and Monitors of Management: Theory and Evidence’, previously titled ‘The Dual Role of Corporate Boards as Advisors and Monitors of Management’, accessed 3 March 2015 at SSRN: http://ssrn.com/abstract=241581, 2. 37  Renee B Adams and Daniel Ferreira, ‘A Theory of Friendly Boards’ (2007) 62(1) Journal of Finance 217–50, available at SSRN: http://ssrn.com/abstract=866625, 2. 38  Jennifer G Hill, ‘Regulatory Responses to Global Corporate Scandals’ (2005) 23 Wisconsin International Law Journal 367, accessed 3 March 2015 at SSRN: http://ssrn.com/ abstract=886104, 389. 35 36

778

26  Skills, Independence, Competence and ‘Fit and Proper Person’ Tests

below by Duchin, Matsusaka and Ozbas as a form of ‘inferior information’ or information asymmetry of independent directors compared to inside directors.39 What are the consequences for the [BrdIndInfo] (−) variable in light of the trade-off on information-flow to the board and Hill’s risk of deficiency in knowledge? The implication is that the relational effect path for the [BrdIndInfo] (−) variable is not predicted to be merely the same as the preceding path for [BrdIndMon] (+) but with a negative direction. The negative zone of effect of this governance variable is much narrower than its positive counterpart. Primarily and significantly, the reviewed studies show that the important Decision-making Factor No 7 is negatively affected. But this negative effect is likely to extend to a significant degree only to the board component of the three-level decision-­ making hierarchy of the board, CEO and management contemplated by Decision-making Factor No 7. In other words, the decision-making quality of the CEO and management are not affected by limitations on the information supplied to the board and deficiencies in the knowledge of independent directors. Thus, the relational effect path for [BrdIndInfo] (−) is shown in Figure 7.3.40

In the case of the [NEDBankWorksInfo] (−) variable and the [NEDBankSecurznInfo] (−) variable, both with a coverage/rating of −4/50.00 rprox, again a deficiency of knowledge on the part of non-executive directors – this time on the internal workings of banks and the securitization process  – causes a similar reduction in the quality or effectiveness of the Decision-making Factor No 7. In other words, the internal workings of banks and the securitization process are treated as a type of ‘firm-specific’ information flow to the board which is reduced or disrupted. Thus the relational effect paths of the [NEDBankWorksInfo] (−) variable and the [NEDBankSecurznInfo] (−) variable are hypothesized to have an identical relational effect path to the [BrdIndInfo] (−) variable examined in section 7.3.2.1.3 of Stage 1. This gives rise to a coverage/rating for these variables of −4/50.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). ‘Pro-Shareholder Boards’ Performed Worse During the Crisis Chapter 16 of this Stage 2 examined incentives – principally equity and options for the directors, CEO and management – based on shareholder value-maximisation in banks and financial firms and the effect of those incentives on risk-taking. There in sect. 16.1, Adams undertakes a review of financial firm governance in the financial crisis.41 And examines whether variable performance pay for executives caused them to take on greater risk.42 Adams there finds that “the fact that TARP banks had higher performance pay for CEOs is consistent with the idea that performance pay may have led executives of banks to take on too much risk”.43 Fahlenbrach and Stulz

 Ran Duchin, John G Matsusaka and Oguzhan Ozbas, ‘When Are Outside Directors Effective?’, USC CLEO Research Paper No C07–13 (February 2008), accessed 3 March 2015 at SSRN: http:// ssrn.com/abstract=1026488, 1. 40  See discussion in section 7.3.2.1.3 of Stage 1, above n 2, pp 212–214. 41  Renee Adams, “Governance and the Financial Crisis” (Eur. Corp. Governance Inst., Finance Working Paper No. 284/2009, 2009), available at http://ssrn.com/abstract=1398583 42  Ibid, 7. 43  Ibid, 13. 39

26.3  OECD Findings on Independence and Competence

779

examined in sect. 16.1 above whether bank CEO incentives – as a method to align the interests of bank CEOs with shareholders – caused worse firm performance in the crisis.44 Returning to that theme here, Beltratti and Stulz also find that banks with “pro-­ shareholder boards” which sought to maximize shareholder value performed worse during the crisis consistent with the findings of Adams above45: Strikingly, banks with more pro-shareholder boards performed worse during the crisis. Such a result does not mean that good governance is bad. Rather, it is consistent with the view that banks that were pushed by their boards to maximize shareholder wealth before the crisis took risks that were understood to create shareholder wealth, but were costly ex post because of outcomes that were not expected when the risks were taken. Our result is consistent with the result of Adams (2009) that in the U.S. banks that received TARP funds had more independent boards.46

Instead, Beltratti and Stulz find that the best performed banks during the crisis were those which had higher ‘Tier 1’ capital ratios and more deposits before the crisis.47

26.3 OECD Findings on Independence and Competence The OECD Key Findings 2009 also made recommendations on board practices on the link between independence and competence: The objective should be to facilitate the creation of competent boards that are capable of objective and independent judgement. While there is no inherent conflict between ­independence and competence, it is important to keep in mind that formal independence should sometimes be a necessary, but never a sufficient, condition for board membership.48

The OECD Key Findings 2009 emphasised a number of main themes:  Rüdiger Fahlenbrach and René M Stulz, “Bank CEO Incentives and the Credit Crisis”, Journal of Financial Economics (JFE), Forthcoming; Charles A Dice Center Working Paper No. 2009-13; Fisher College of Business Working Paper No. 2009-03-13; Swiss Finance Institute Research Paper No. 09-27; ECGI - Finance Working Paper No. 256/2009, (12 August 2010), accessed 5 April 2017 at SSRN: http://ssrn.com/abstract=1439859, 25. 45  Andrea Beltratti and René M Stulz, “Why Did Some Banks Perform Better during the Credit Crisis? A Cross-Country Study of the Impact of Governance and Regulation”, Fisher College of Business Working Paper No. 2009–03-012, (13 July 2009), accessed 6 April 2017 at SSRN: http:// ssrn.com/abstract=1433502 46  Ibid, 3. The authors cite Adams, Renée, 2009, Governance and the financial crisis, unpublished paper, University of Queensland, Brisbane, Australia. 47  Ibid. 48  OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis: Key Findings and Main Messages June 2009, approved for publication 29 May 2009, accessed 13 June 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/43056196. pdf, (‘OECD Key Findings 2009’), Board practices, pp 9–10. 44

780

26  Skills, Independence, Competence and ‘Fit and Proper Person’ Tests

• boards had not exercised independent judgment and so were not an effective monitor of management; • but there was “no necessary trade-off between independence and competence”; • boards were in the capture of management with few individual directors voted out except by block shareholders; • the CEO should be separated from the Chairperson role; and • that “[i]n the banking sector, there is a good public policy case for strengthening risk reporting lines to the board and for extending the “fit and proper person” test to cover the skills and independence of a potential board member”.49 Somewhat overlapping, other OECD Key Findings 2009 also included: • that boards should develop policies for identifying skill composition, professional qualities and continuing training; and • that “fit and proper person tests” should include technical and professional competence, governance and risk management.50 Many of these recommendations were repeated or re-emphasised in the OECD 2010 Conclusions and Practices: • The objective should be to facilitate the creation of competent boards that are capable of objective and independent judgement. While there is no inherent conflict between independence and competence, it is important to keep in mind that formal independence should sometimes be a necessary, but never a sufficient, condition for board membership. • It should be considered good practice that shareholders can nominate board members and have a significant role in their appointment through instruments which take into account the specific features of the ownership structure of a company. • It should also be considered good practice that the functions of Chief Executive Officer and Chair of the Board of Directors in unitary boards are separated… • … • It should be considered good practice that boards develop specific policy for the identification of the best skill composition of the board, possibly indicating the professional qualities whose presence may favour an effective board. • …“fit and proper person tests”…could be extended to technical and professional competence of potential members, including general governance and risk management skills. • The test for those particular companies might also consider the independence and objectivity of boards. To meet concerns about board independence, the test might also consider the time that board members have served under the same CEO or Chair.51

The OECD 2010 Conclusions and Practices emphasized the “fit and proper person tests” should include technical and professional competence, general governance and risk-management skills:

 Ibid, p 46.  Ibid, pp 9–10. 51  OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis, Conclusions and emerging good practices to enhance implementation of the Principles, accessed 13 June 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/44679170. pdf, (‘OECD 2010 Conclusions and Practices’), Box 3. Key Findings and Main Messages: Board Practices, p 17. 49 50

26.3  OECD Findings on Independence and Competence

781

In companies and industries where “fit and proper person tests” are applied by regulators for public policy reasons so that board membership is not solely a shareholder decision, the criteria for the test should be extended from probity requirements to technical and professional competence of potential members, including general governance and risk management skills. The supervisory authorities should disclose their procedures and criteria, and where candidates are rejected, provide written explanations to the board of the proposing company.52

The OECD 2010 Conclusions and Practices also suggested that “fit and proper person tests” should limit the terms of directors on the board – particularly under the same CEO and Chair – to ensure “independent objective behaviour”: Ensuring appropriate board composition and independent objective behaviour is particularly important in banking. The fit and proper powers could also be extended to a controversial area: term limit on board membership. Age per se is not the issue here but rather length of time on the board, especially under the same CEO or chair that can lead to lack of independence. In the UK, the code sets a limit of 9 years if the director is to be considered independent while in Netherlands and France it is 12 years.53

The variables which arise from the OCED’s various pronouncements are examined in the following discussion in this Sect. 26.3. The processes for the nomination and appointment of directors by shareholders through instruments reflecting ownership structure are beyond the scope of the Bank and GFC Studies Key Field No 5 and will be examined in a proposed future Key Field on Shareholder Empowerment and Institutional Shareholders. Governance Variable Based on OECD Recommendations for Independence and Bank-Specific Skills, Competence and Professional Qualities – Coverage/ Rating + 7/87.50 Rprox The OECD recommendations on independence and skills/competencies raise the existing [BrdIndMon] (+) variable  – Board Independent Director: Executive Director Proportion – Monitoring Effect – in section 7.3.2.1.2 of Stage 154 with a coverage/rating of +7/87.50 rprox (which in turn is identical to the [BrdSkills] (+) variable – Board – Director Skills ‘Mix’ – in section 7.3.1.2.1 of Stage 1,55 coverage/rating + 7/87.50 rprox). These remain operative and unchanged. Instead, the approach will be to add a governance variable based on an enhancement of the monitoring of the CEO, executives and management based on banking-­ industry-­specific knowledge, skills/competencies and professional qualities. It is hypothesized that enhancement in the monitoring function will reduce the effect of ‘board capture’ by management. [NEDBankSkillsMon] (+) variable – banks – non-executive directors – policies and standards on bank-specific competencies, skills and professional quali-

 Ibid, Para 54, p 20.  Ibid, Para 57, p 21. 54  See discussion in section 7.3.2.1.2 of Stage 1, above n 2, pp 211–212. 55  See discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp 198–201. 52 53

782

26  Skills, Independence, Competence and ‘Fit and Proper Person’ Tests

ties – enhancement of monitoring and skills effects – coverage/rating + 7/87.50 rprox – relational effect path The behaviour of the [NEDBankSkillsMon] (+) variable is hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/ rating + 7/87.50 rprox (which in turn is identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, coverage/rating + 7/87.50 rprox). In this case, the independence ingredient of NEDs in the [BrdIndMon] (+) variable remains operative. And, in addition to independence, the enhancement of the monitoring of the CEO, executives and management is based on banking-industry-specific knowledge and skills being enhanced in the [BrdSkills] (+) variable. Thus, the effect of the [NEDBankSkillsMon] (+) governance variable is a ‘strong-form’ version of both the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1 and the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 on account of independence in combination with banking-industry-specific knowledge and skills. Thus, the effect of the [NEDBankSkillsMon] (+) variable is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of both independence and this banking-industry-specific knowledge and skills. Thus, like the [BrdIndMon] (+) variable, coverage/rating + 7/87.50 rprox and the [BrdSkills] (+) variable, coverage/rating  +  7/87.50 rprox, the [NEDBankSkillsMon] (+) governance variable affects all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 1). Similarly to the [BrdIndMon] (+) variable and the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the independence element or the skill-level element of the board. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of +7/87.50 rprox for the [NEDBankSkillsMon] (+) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Governance Variables Based on OECD Recommendations56 on Separation of the CEO and Chairperson Roles These are examined in section Chap. 34 relating to the time, qualifications, role and election of the Chairperson. Governance Variables Based on OECD Recommendations on the ‘fit and proper person’ Test by Supervisory Authorities The various OECD recommendations for the ‘fit and proper person’ test point to a requirement that it encompass – and that supervisory authorities disclose the criteria for - the following additional attributes:

 See discussion in this section 26.3 citing OECD Key Findings 2009, above n 48, p 46 and OECD 2010 Conclusions and Practices, above n 51, p 17. 56

26.3  OECD Findings on Independence and Competence

• • • • •

783

skills and independence of board members; technical and professional competence; governance; risk management; and to meet concerns about board independence and objectivity - a time limit based on the length of time that board members have served under the same CEO or Chair.57

[NEDFit&ProperTest] (+) variable – banks – non-executive directors – supervisory authority policies and standards on ‘fit and proper person’ test  – enhancement of monitoring and skills effects  – coverage/rating  +  7/87.50 rprox– relational effect path The enhancement in the monitoring of the CEO, executives and management is based on a ‘fit and proper person’ test by supervisory authorities which encompasses the above elements recommended by the OECD. Indeed, many of these elements are represented in the preceding [NEDBankSkillsMon] (+) variable in this Sect. 26.3 above, coverage/rating + 7/87.50 rprox. There, the enhancement of the monitoring of the CEO, executives and management is based on independence in combination with banking-industry-specific knowledge and skills. Accordingly, the relational effect path for the [NEDFit&ProperTest] (+) variable is hypothesized to be identical to the [NEDBankSkillsMon] (+) variable in this Sect. 26.3 above. This, in turn, is hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1 and the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, both with a coverage/rating of +7/87.50 rprox. This equates to a coverage/rating of +7/87.50 rprox for the [NEDFit&ProperTest] (+) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

26.4 APRA’s Prudential Standard 520 Fit and Proper – Fit and Proper Person Variables – Coverage/ Rating + 7/87.50 rprox ‘Fit and Proper Person’ requirements for APRA-regulated institutions are provided for by APRA’s Prudential Standard CPS 520 Fit and Proper which commenced on 1 July 2019.58  OECD Key Findings 2009, above n 48, pp 10 and 45–46.  Australian Prudential Regulation Authority, Prudential Standard CPS 520 Fit and Proper, July 2019, accessed 1 October 2019, available at: https://www.legislation.gov.au/Details/F2018L01390/ Download (‘CPS 520’), section 5, p  5. In addition to finalisation of APRA’s Draft Prudential Standard 511 Remuneration, APRA has announced that it intends to consult on revised versions of Prudential Standard CPS 510 Governance, Prudential Standard CPS 220 Risk Management and Prudential Standard 520 Fit and Proper in the second half of 2020 with expected effective dates 57 58

784

26  Skills, Independence, Competence and ‘Fit and Proper Person’ Tests

The behaviour of the fit and proper person variables is hypothesized to be identical the [BrdSkills] (+)59 variable and in the same positive (+) direction, coverage/rating + 7/87.50 rprox. Again, for the integrity of the relational approach, this variable is not hypothesized to be identical to the [BrdIndMon] (+)60 variable in section 7.3.2.1.2 of Stage 1 – Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox. In the [BrdIndMon] (+) variable, the enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient of non-executive directors. Thus, the effect of the [BrdIndMon] (+) variable is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of the independence of non-executive directors. Here, there is no independence element. Like a version of the [BrdSkills] (+) variable, coverage/rating + 7/87.50 rprox, there is an hypothesised enhancement in risk management and therefore internal monitoring. Thus, the effect of the fit and proper person governance variables is predicted to be significant on the spine of the relational effect path  – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, a reduction in risk-taking can be seen as an enhancement in the quality of decision-making reflected in a positive effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Thus, like the [BrdSkills] (+) variable and in the same positive (+) direction, coverage/rating + 7/87.50 rprox, the fit and proper person variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 161). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the risk-taking decisions of bank directors, the CEO, executives or lower-level managers. Compliance Factor No 2 thus remains constant for these variables. This equates to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the following fit and proper person variables: Fit and Proper Policy • [520FitPropManageRisksNotFitProp] (+)  – 520FitProp  – Fit and Proper Persons – Institution Must Manage the Risks which Responsible Person Positions that are Not Fit and Proper Pose to the Institution’s Business and Financial of 2022. See Australian Prudential Regulation Authority, Information Paper, APRA’s Policy Priorities, section 2.1.1 Governance and risk management, section 2.1.3 Accountability and Attachment B: Timelines. 59  See discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp 198–199. 60  Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox. 61  See discussion in section 2.6.2 of Stage 1, above n 2, pp 41–43.

26.4  APRA’s Prudential Standard 520 Fit and Proper – Fit and Proper Pers…

•

•

•

•

•

785

Standing – Enhancement in Risk Management, Monitoring and Decision-­quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)62; [520FitPropFit&ProperPolicy] (+)  – 520FitProp  – Fit and Proper Persons  – Institution Must Have a Documented Fit and Proper Policy for Responsible Persons – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)63; [520FitPropFit&ProperPolicyBrdApprove] (+) – 520FitProp – Fit and Proper Persons – Board Must Approve Fit and Proper Policy – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)64; [520FitPropFit&ProperPolicyReasSteps] (+)  – 520FitProp  – Fit and Proper Persons – Institution Must Take Reasonable Steps to Ensure Each Responsible Person is Aware/Understands the Fit and Proper Policy – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)65; [520FitPropFit&ProperPolicyRMF] (+)  – 520FitProp  – Fit and Proper Persons – Fit and Proper Policy Must Form Part of Institution’s Risk Management Framework  – Enhancement in Risk Management, Monitoring and Decision-­ quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)66; [520FitPropBrdGroupFit&ProperPolicy] (+) – 520FitProp – Fit and Proper Persons – Institution May Adopt a Group Fit and Proper Policy if Approved by the Board  – Enhancement in Risk Management, Monitoring and Decision-­ quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)67;

Additional Requirements for Head of a Group • [520FitPropHeadGroupFit&ProperPolicy] (+) – 520FitProp – Fit and Proper Persons  – Head of a Group Must Maintain a Group Fit and Proper Policy  – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/ rating + 7/87.50 rprox (APRA CPS 520)68; • [520FitPropHeadNon-RegFit&ProperPolicy] (+)  – 520FitProp  – Fit and Proper Persons – Head of a Group Must Ensure Fit and Proper Policy to Apply to Persons in a Non-APRA Regulated Institution Which Affects Whole/ Substantial Part of Group – Enhancement in Risk Management, Monitoring and Decision-­quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)69; • [520FitPropHeadNotifyAPRAGroupRespPerson] (+) – 520FitProp – Fit and Proper Persons  – Head of a Group Must Notify APRA of Each Responsible  CPS 520, above n 58, section 12, pp 6–7.  Ibid, p 7. 64  Ibid, section 13, p 7. 65  Ibid, section 14, p 7. 66  Ibid, section 15, p 7. 67  Ibid, section 16, p 7. 68  Ibid, section 17, p 7. 69  Ibid, section 18, p 7. 62 63

786

26  Skills, Independence, Competence and ‘Fit and Proper Person’ Tests

Person Across the Group – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)70; Responsible Persons • [520FitPropDefintionRespPerson] (+) – 520FitProp – Fit and Proper Persons – Definition of Responsible Person  – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520),71 including: –– “for an ADI (other than a foreign ADI) or an authorised banking NOHC, a person defined in Attachment A [of CPS 520]”,72 including: • • • •

a director; a senior manager of the institution; an appointed auditor; “a person who performs activities for a subsidiary of the APRA-regulated institution where those activities could materially affect the whole, or a substantial part, of the business of the APRA-regulated institution or its financial standing, either directly or indirectly”73; and

–– “for the purposes of a group, a person whose activities may materially affect, either directly or indirectly, the whole, or a substantial part, of the business or financial status of the group”74; • [520FitPropDefnRespPersonExtended] (+)  – 520FitProp  – Fit and Proper Persons – Definition of Responsible Person Need Not Be An Employee Including Consultant, Contractor or Employee of Another Entity – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)75; • [520FitPropAPRADetermineRespPerson] (+) – 520FitProp – Fit and Proper Persons – APRA May Determine Person is a Responsible Person if in a Significant Role in Management or Control or Materially Impacts Prudential Matters  – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/ rating + 7/87.50 rprox (APRA CPS 520)76; • [520FitPropAPRADetermineNOTRespPerson] (+)  – 520FitProp  – Fit and Proper Persons – APRA May Determine Person is NOT a Responsible Person if Not in Significant Role in Management or Control Nor Materially Impacts

 Ibid, section 19, p 7.  Ibid, section 19, p 7. 72  Ibid, section 20(a), p 7. 73  Ibid, Attachment A, p 18. 74  Ibid, section 20(g), p 8. 75  Ibid, section 21, p 8. 76  Ibid, section 22, p 8. 70 71

26.4  APRA’s Prudential Standard 520 Fit and Proper – Fit and Proper Pers…

787

Prudential Matters  – Enhancement in Risk Management, Monitoring and Decision-­quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)77; Senior Managers • [520FitPropDefnSeniorManager] (+) – 520FitProp – Fit and Proper Persons – Definition of Senior Manager – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating  +  7/87.50 rprox (APRA CPS 520),78 including: –– “makes, or participates in making, decisions that affect the whole, or a substantial part, of the business of the institution”; –– “has the capacity to affect significantly the institution’s financial standing”; –– “may materially affect the whole, or a substantial part, of the business of the institution or its financial standing through their responsibility for: • enforcing policies and implementing strategies approved by the Board of the APRA-regulated institution; • the development and implementation of systems used to identify, assess, manage or monitor risks in relation to the business of the institution; or • monitoring the appropriateness, adequacy and effectiveness of risk management systems”79; • [520FitPropDefnSnrManNotIncludeDirector] (+)  – 520FitProp  – Fit and Proper Persons  – Definition of Senior Manager Carrying Out Responsibilities Does Not Include Those Responsibilities Carried Out By A Director  – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/ rating + 7/87.50 rprox (APRA CPS 520)80; Criteria for Fit and Proper Person • [520FitPropDefine&DocCompetencies] (+)  – 520FitProp  – Fit and Proper Persons  – Institution Must Define and Document Competencies Required for Each Responsible Person Position  – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating  +  7/87.50 rprox (APRA CPS 520)81; • [520FitPropCriteriaRespPersonPosition] (+)  – 520FitProp  – Fit and Proper Persons  – Institution Must Define and Document Criteria Required for Each Responsible Person Position – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating  +  7/87.50 rprox (APRA CPS 520),82 including whether:

 Ibid, section 23, p 8.  Ibid, section 25, pp 8–9. 79  Ibid, sections 259(a)-(c), pp 8–9 80  Ibid, section 26, pp 8–9. 81  Ibid, section 29, p 10. 82  Ibid, section 30, p 10. 77 78

788

26  Skills, Independence, Competence and ‘Fit and Proper Person’ Tests

–– “it would be prudent for an APRA-regulated institution to conclude that the person possesses the competence, character, diligence, honesty, integrity and judgement to perform properly the duties of the responsible person position”; –– “the person is not disqualified under an applicable Prudential Act or the PHIPS Act from holding the position”; –– the person either: • “has no conflict of interest in performing the duties of the responsible person position”; or • “if the person has a conflict of interest, it would be prudent for an APRA-­ regulated institution to conclude that the conflict will not create a material risk that the person will fail to perform properly the duties of the position”83; Additional criteria applying to auditors is excluded.84 Additional criteria applying to Appointed Actuaries is excluded.85 Process for Assessing Fit and Proper Person • [520FitPropFit&ProperPolicyIncludeProcess] (+)  – 520FitProp  – Fit and Proper Persons  – Fit and Proper Policy to Include Process of Assessment  – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/ rating + 7/87.50 rprox (APRA CPS 520),86 including: –– –– –– ––

who will conduct assessments; information to be obtained; matters to be considered; and decision-making process87;

• [520FitPropFit&ProperPolicySpecifyActionsNotFitProp] (+) – 520FitProp – Fit and Proper Persons – Fit and Proper Policy to Specify the Actions to be Taken Where Person Assessed as NOT Fit and Proper  – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)88; • [520FitPropFit&ProperPolicyCandidatesDir] (+)  – 520FitProp  – Fit and Proper Persons – Fit and Proper Policy to Be Provided to Candidates for Director and Others Before Assessment of their Fitness and Propriety – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)89;

 Ibid, sections 30(a)–(c), p 10.  See ibid., sections 31–33, pp 10–12. 85  See ibid., sections 34–37, pp 12–13. 86  Ibid, section 29, p 10. 87  Ibid, section 38, p 13. 88  Ibid, section 39, p 13. 89  Ibid, section 40, p 14. 83 84

26.4  APRA’s Prudential Standard 520 Fit and Proper – Fit and Proper Pers…

789

• [520FitPropFit&ProperPolicyCompleteAssess] (+)  – 520FitProp  – Fit and Proper Persons  – Fit and Proper Policy Assessment to be Completed Prior to Person Holding a Responsible Person Position  - Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)90; • [520FitPropFit&ProperPolicyIntAppointNoAssess] (+)  – 520FitProp  – Fit and Proper Persons  – Person May Have Interim Appointment to Responsible Person Position Without Full Assessment for 90 Days if Reasonable Steps Taken to Assess Person – Enhancement in Risk Management, Monitoring and Decision-­ quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)91; • [520FitPropFit&ProperPolicyAnnualAssess] (+)  – 520FitProp  – Fit and Proper Persons – Fit and Proper Person Policy to Have Annual Assessments for Each Responsible Person Position  – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating  +  7/87.50 rprox (APRA CPS 520)92; • [520FitPropReasEnquiriesCollectInfo] (+)  – 520FitProp  – Fit and Proper Persons  – Fit and Proper Person Assessment Must Make All Reasonable Enquiries Including Collecting Sensitive Information Relevant to the Assessment  – Enhancement in Risk Management, Monitoring and Decisionquality, coverage/rating + 7/87.50 rprox (APRA CPS 520)93; • [520FitPropSubseqAwareInfoNOTFitProp] (+) – 520FitProp – Fit and Proper Persons –– Institution Subsequently Aware of Information that Person May Not be Fit and Proper Must Make All Reasonable Enquiries Including Collecting Sensitive Information to Prudently Conclude No Concern – If Concern Exists, Full Assessment to be Conducted  - Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating  +  7/87.50 rprox (APRA CPS 520)94; • [520FitPropFit&ProperPolicyInfoProvisions] (+)  – 520FitProp  – Fit and Proper Persons – Fit and Proper Policy to Have Provisions Encouraging/Enabling Disclosure of Information and Giving/Obtaining Consents for Collection/Use of Information by the Institution or APRA – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating  +  7/87.50 rprox (APRA CPS 520)95; • [520FitPropFit&ProperPolicyDocuments] (+) – 520FitProp – Fit and Proper Persons  – Fit and Proper Policy to Require Sufficient Documentation For

 Ibid, section 41, p 14.  Ibid, section 42, p 14. 92  Ibid, section 43, p 14. 93  Ibid, section 44, p 14. 94  Ibid, section 45, p 14. 95  Ibid, section 46, p 15. 90 91

790

26  Skills, Independence, Competence and ‘Fit and Proper Person’ Tests

Assessments to be Retained – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)96; Whistleblowing Provision for Fit and Proper Policy • [520FitPropWhistleProvInfoPersonAPRA] (+) – 520FitPropWhistle – Fit and Proper Persons  – Whistleblowing  – Fit and Proper Policy to Contain Whistleblowing Provisions for Information that a Responsible Person is Not Fit and Proper to Person Conducting Assessments or APRA – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)97; • [520FitPropWhistleProvNOTComplyAPRA] (+)  – 520FitPropWhistle  – Fit and Proper Persons  – Whistleblowing  – Fit and Proper Policy to Contain Provisions for Information to be Provided to APRA that an Institution Has Not Complied with CPS 520 – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)98; • [520FitPropWhistleCeaseRespPersonAPRA] (+)  – 520FitPropWhistle  – Fit and Proper Persons – Whistleblowing – Fit and Proper Policy to Contain Consent for Responsible Person Disclosing Information or Documents to APRA of Reasons for Resignation, Retirement or Removal  – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)99; • [520FitPropWhistleNoConstraintsAPRA] (+) – 520FitPropWhistle – Fit and Proper Persons – Whistleblowing – Institution/Subsidiaries NOT to Constrain, Restrict or Discourage Any Person Disclosing Information or Documents to APRA – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)100; • [520FitPropWhistleProvExplained] (+) – 520FitPropWhistle – Fit and Proper Persons – Whistleblowing – Fit and Proper Policy to Require Whistleblowing Provisions and Procedures Are Adequately Explained to Directors and Employees  – Enhancement in Risk Management, Monitoring and Decisionquality, coverage/rating + 7/87.50 rprox (APRA CPS 520)101; • [520FitPropWhistleNoDisclosureObligations] (+) – 520FitPropWhistle – Fit and Proper Persons  – Whistleblowing  – Institution NOT Required to Impose Obligations on Persons Making Disclosures - Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating  +  7/87.50 rprox (APRA CPS 520)102;

 Ibid, section 47, p 15.  Ibid, section 48, p 15. 98  Ibid, section 49, p 15. 99  Ibid, section 50, p 15. 100  Ibid, section 51, p 15. 101  Ibid, section 52, p 16. 102  Ibid, section 53, p 16. 96 97

26.4  APRA’s Prudential Standard 520 Fit and Proper – Fit and Proper Pers…

791

• [520FitPropWhistleReasStepsNoDetriment] (+)  – 520FitPropWhistle  – Fit and Proper Persons – Whistleblowing – Fit and Proper Policy to Require ALL Reasonable Steps to be Taken to Ensure Person Making Disclosures NOT subject to or Threatened with Detriment  – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating  +  7/87.50 rprox (APRA CPS 520)103; Responsible Person Who Is Not Fit and Proper Is Not to Hold Position • [520FitPropNotHoldReasPersonPosition] (+)  – 520FitProp  – Fit and Proper Persons – Person Not to be Appointed to or Hold Responsible Person Position if the Institution or Reasonable Person Would Assess Person as Not Fit and Proper Enhancement in Risk Management, Monitoring and Decision-quality, coverage/ rating + 7/87.50 rprox (APRA CPS 520)104; Information to Be Provided to APRA • [520FitPropInfoDetailsRespPersonAPRA] (+)  – 520FitPropInfo  – Fit and Proper Persons  – Details of Responsible Person to be Given to APRA  – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/ rating + 7/87.50 rprox (APRA CPS 520),105 including: –– –– –– –– ––

“the title of the responsible person’s position”; “the person’s full name”; “the person’s date of birth (for identification purposes only)”; “the person’s position and main responsibilities”; and “a statement of whether the person has been assessed under the Fit and Proper Policy”106;

• [520FitPropInfoEnsureInfoCorrect28Days] (+)  – 520FitPropInfo  – Fit and Proper Persons  – Information Provided to APRA to Remain Correct and Any Change or New Appointment Notified Within 28 Days – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)107; • [520FitPropInfoNotifyAPRANOTFitProp10BusDays] (+) – 520FitPropInfo – Fit and Proper Persons – Must Notify APRA Within 10 Business Days if Assess that Responsible Person is NOT Fit and Proper  – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520),108 including:

 Ibid.  Ibid, section 54, p 16. 105  Ibid, section 54, p 16. 106  Ibid, section 55, p 16. 107  Ibid, section 56, p 16. 108  Ibid, section 57, pp 16–17. 103 104

792

26  Skills, Independence, Competence and ‘Fit and Proper Person’ Tests

–– “if the person remains in the responsible person position, the notification must state the reason for this and the action that is being taken”109; • [520FitPropInfoFormAPRAWebsite] (+)  – 520FitPropInfo  – Fit and Proper Persons  – Information and Notifications to be Given to APRA by Form and Procedures on APRA Website – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating + 7/87.50 rprox (APRA CPS 520)110; • [520FitPropInfoReasStepsInfoAPRA] (+) – 520FitPropInfo – Fit and Proper Persons  – Institution to Take Reasonable Steps to Obtain Information/ Documentation Requested by APRA to Provide that Information to APRA for Assessment  - Enhancement in Risk Management, Monitoring and Decisionquality, coverage/rating + 7/87.50 rprox (APRA CPS 520),111 including: –– Fit and Proper Policy to be provided to APRA on request112; and • [520FitPropInfoAPRANotRequireSpentConvict] (+) – 520FitPropInfo – Fit and Proper Persons  – APRA Not to Require Disclosure of Spent Convictions Precluded Under Part VIIC Crimes Act 1914 – Enhancement in Risk Management, Monitoring and Decision-quality, coverage/rating  +  7/87.50 rprox (APRA CPS 520).113

26.5 Governance Variables Based on OECD Recommendations on Continuing Training The recommendations of the OECD on continuing training for non-executive directors are covered by the Walker Review 2009 variables whose relational effect paths are examined in Sect. 23.4 above: • [BankNEDInduct] (+) variable – banks – induction of non-executive directors – enhancement of monitoring effect, coverage/rating + 7/87.50 rprox; • [BankNEDTrain] (+) variable – banks – training of non-executive directors – enhancement of monitoring effect, coverage/rating + 7/87.50 rprox; • [BankNEDDevelopProg] (+) variable  – banks  – development programs for non-executive directors  – enhancement of monitoring effect, coverage/rating + 7/87.50 rprox; • [BankNEDSupport] (+) variable  – banks  – ‘dedicated support’ for non-­ executive directors for information and advice in addition to the normal board process – enhancement of monitoring effect, coverage/rating + 7/87.50 rprox; and  Ibid.  Ibid, section 58, p 17. 111  Ibid, section 59, p 17. 112  Ibid. 113  Ibid, section 60, p 17. 109 110

26.5  Governance Variables Based on OECD Recommendations on Continuing Training

793

• [BankNEDFinAwareProg] (+) variable  – banks  – development programs for financial industry awareness of non-executive directors on risk strategy  – enhancement of monitoring effect, coverage/rating + 7/87.50 rprox. As noted in Sect. 23.4 above, the relational effect paths of these variable are hypothesized to be identical to the [BrdIndMon] (+) variable giving rise to a coverage/rating for these variables of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

Chapter 27

Failures in Risk Modelling and Rating Securitized Products

Abstract  Chapter 27 of the Stage 2 Key Code and Advanced Handbook for the governance of Australian major banks examines failures in risk modelling and rating securitized products. This begins with variables for failures in risk models of securitized products – the [NEDRiskModelInfo] (−) variable – including failure to price risk accurately and the consequent reduction in risk management, monitoring and decision-making quality. Similarly, the [EDRiskModelPrice] (−) variable also covers risk modelling of securitized products including the failure to price risk accurately, this time for executive directors. Variables are then constructed based on credit ratings of securitised products for again NEDs and executive directors including conflicts of interest of ratings agencies. We conclude with variables for leverage and off-balance-sheet entities including ‘hidden leverage’ in financial statements and off-balance-sheet entities with the consequent reduction in risk management, monitoring and decision quality and the consequent reduction in the transparency and timing of reporting and internal and external monitoring. Keywords  Risk modelling · Ratings of securitised products · Risk management · Monitoring · Decision quality · Failure to price risk · Conflicts of interest · Hidden leverage · Off-balance-sheet entities Beltratti and Stulz examine firm characteristics that led to poor performance in the crisis.1 Among the factors for banks causing the worst returns during the crisis period was having the highest returns in 2006 which relied on risks from securitised products:

 Andrea Beltratti and René M Stulz, “Why Did Some Banks Perform Better during the Credit Crisis? A Cross-Country Study of the Impact of Governance and Regulation”, Fisher College of Business Working Paper No. 2009-03-012, (13 July 2009), accessed 6 April 2017 at SSRN: http:// ssrn.com/abstract=1433502 1

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_27

795

796

27  Failures in Risk Modelling and Rating Securitized Products

One striking result is that banks with the highest returns in 2006 had the worst returns during the crisis. More specifically, the banks in the worst quartile of performance during the crisis had an average return of −87.44% during the crisis but an average return of 33.07% in 2006. In contrast, the best-performing banks during the crisis had an average return of −16.58% but they had an average return of 7.80% in 2006. This evidence is most consistent with the Tsunami explanation for the crisis: the attributes that the market valued in 2006, for instance, a successful securitization line of business, exposed banks to risks that led them to perform poorly when the crisis hit. The market did not expect these attributes to be a source of weakness for banks and did not expect the banks with these attributes to perform poorly as of 2006.2

For Van Den Berghe, the financial crisis involved large failures in risk modelling, in particular pricing risk and the ratings given to securitised products which suffered from conflicts of interest among rating agencies: There have been quite fundamental failures in the assessment of risk, both by financial institutions and by those supervising them. Risk became mis-priced from several perspectives. Risk structures of securitised assets were approved and granted a good rating without tough scrutiny of the quality of the counter parties involved. Issuers seemed to shop around to get the best rating, while credit rating agencies were subject to conflicts of interest, rather than being able to express independent judgements.3

The author points to difficulties in the risk assessment of these products because of their “extreme complexity”, numerous layers and parties as well as failure by the assumptions underlying risk models to account for systemic risk: Proper risk assessment was very difficult and opaque for external and internal supervisors not in the least because of the extreme complexity of such structured products, their numerous layers and parties involved (there was little knowledge of either the size or the location of credit risks, not knowing whether risk had been really spread or simply re-concentrated in less visible parts of the system). But even worse, the risk models used by financial institutions and credit rating agencies assumed stable markets, hereby completely ignoring systemic risk (underestimation of correlations in the defaults that would occur during a downturn, e.g. the collateralized mortgage obligations assumed that the prices of real estate would not be subject to negative spiral effects).4

To cater for these deficiencies in risk modelling and rating securitised products identified by Van Den Berghe, the relational approach here proposes two new governance variables.

 Ibid, 2.  Lutgart A A Van Den Berghe, “To What Extent is the Financial Crisis a Governance Crisis? From Diagnosis to Possible Remedies”, (27 May 2009), accessed 4 April 2017 at SSRN: http://ssrn.com/ abstract=1410455, 15. 4  Ibid, 16. 2 3

27.1  Variables for Failures in Risk Models of Securitized Products

797

27.1 Variables for Failures in Risk Models of Securitized Products [NEDRiskModelInfo] (−) variable – banks – non-executive directors – risk modelling of securitized products – failure to price risk accurately – reduction in risk management, monitoring and decision quality – coverage/rating −4/50.00 rprox – relational effect path The failures in pricing risk forming part of risk modelling identified by Van Den Berghe in this Chap. 27  – and therefore the relational approach’s [NEDRiskModelInfo] (−) variable – are attributable to: • complexity/opaqueness of risk structures of securitized products; • failure to scrutinize the quality of a counterparty; • failure to assess the size and location of credit risk – whether risk was spread or re-concentrated; and • most significantly – failure to account for unstable markets in the underlying real estate market and therefore systemic risk. In Sect. 26.2 above, the relational approach introduced two governance variables based on a deficiency of knowledge (on the internal workings of banks and the securitisation process) which are hypothesized to reduce the decision-making quality of non-executive directors. Those variables were hypothesized to have an identical behaviour and relational effect path to the [BrdIndInfo] (−) variable, coverage/ rating − 4/50.00 rpox, examined in section 7.3.2.1.3 of Stage 1.5 The internal workings of banks and the securitisation process were treated as a type of ‘firm-specific’ information flow to the board which is reduced or disrupted. Here, the [NEDRiskModelInfo] (−) variable, coverage/rating − 4/50.00 rpox, is again based on a deficiency of knowledge of the elements identified by Van Den Berghe which affects the decision-making quality of non-executive directors. This causes a similar reduction in the quality or effectiveness of the Decision-making Factor No 7. In other words, the deficiencies in modelling are treated as a type of ‘firm-specific’ information flow to the board which is reduced or disrupted. Alternatively, there is a reduction in the quality of risk management and monitoring – Risk Management, Monitoring and Audit Factor No 5 – on account of the deficiency in information.

 Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in section 7.3.2.1.3 of Stage 1, pp 212–214. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 5

798

27  Failures in Risk Modelling and Rating Securitized Products

Thus, the relational effect path of the [NEDRiskModelInfo] (−) variable is hypothesized to be identical to the relational effect path of the [BrdIndInfo] (−) variable examined in section 7.3.2.1.3 of Stage 1, coverage/rating − 4/50.00 rpox. This gives rise to a coverage/rating for the [NEDRiskModelInfo] (−) variable of −4/50.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). [EDRiskModelPrice] (−) variable – banks – executive directors – risk modelling of securitized products  – failure to price risk accurately  – reduction in risk management, monitoring and decision quality  – coverage/rating  −  7/87.50 rprox – relational effect path The behaviour of the [EDRiskModelPrice] (−) is hypothesized to be identical the [BrdSkills] (+)6 variable except in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox. For the integrity of the relational approach, this variable is not hypothesized to be identical to a negative-direction version of the [BrdIndMon] (+)7 variable in section 7.3.2.1.2 of Stage 1  – Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox. In the [BrdIndMon] (+) variable, the enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient of non-executive directors. Thus, the effect of the [BrdIndMon] (+) variable is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 – again – on account of the independence of non-­ executive directors. Instead here, there is no independence element. Like a negative (−) direction version of the [BrdSkills] (+) variable, giving rise to a coverage/rating of −7/87.50 rprox, there is an hypothesised reduction in risk management and therefore internal monitoring. Thus, the effect of the [EDRiskModelPrice] (−) governance variable is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, an increase in risk-taking can be seen as a reduction in the quality of decision-making reflected in a negative effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Thus, like the [BrdSkills] (+) variable but in the negative (−) direction, the [EDRiskModelPrice] (−) variable affects all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 18). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law  – is not affected by the risk-taking decisions of bank directors, the CEO,

 See discussion in section 7.3.1.2.1 of Stage 1, above n 5, pp 198–199.  Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox. 8  See discussion in section 2.6.2 of Stage 1, above n 5, pp 41–43. 6 7

27.2  Variables Based on Credit Ratings of Securitised Products

799

executives or lower-level managers. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of −7/87.50 rprox for the [EDRiskModelPrice] (−) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

27.2 Variables Based on Credit Ratings of Securitised Products [NEDRatingsInfo] (−) variable – banks – non-executive directors – credit ratings of securitized products – conflicts of interest of ratings agencies – reduction in risk management, monitoring and decision quality – coverage/rating − 4/50.00 rprox – relational effect path Booth investigates, among other causes, the role of ratings agencies in the GFC9 and points to the fact that many institutions can buy only investment grade securities: [o]ne answer is that as a matter of law, regulation, or contract, many institutional investors (such as trusts, insurance companies, and pension plans) may invest only in investment grade securities. Although the idea is that such entities should follow conservative investment strategies, the effect is to lull them into a false sense of security. Moreover, an investment grade rating absolves an investment adviser from responsibility and eliminates the need to do the homework.10

For Yeoh, one of the causes of the crisis was gatekeeper failure of credit ratings agencies.11 Yeoh puts the failure of ratings agencies down to lack of competition, absence of the threat of liability, the SEC’s insistence on the use of ratings in the purchase of debt securities by institutional investors and the conflict of interests surrounding the agencies’ ‘issuer pays’ system.12 In relation to the securitised debt obligations which played such a part in the crisis, Yeoh is scathing of the ratings the agencies gave based on negotiation with the issuer, a practice driven by competitive pressures: Between 2002 and 2006, rating agencies like Moody’s more than doubled their revenues and stock prices by undertaking CDO bond ratings that were commonly heavily negotiated for big banks. It would appear that rating agencies probably compromised their ratings to  Richard A Booth, “Things Happen” (2009) Villanova Law Review, forthcoming, (September 2, 2009), accessed 13 June 2017 at SSRN: http://ssrn.com/abstract=1466941 10  Ibid, 15–16. See also Grant Kirkpatrick, The Corporate Governance Lessons from the Financial Crisis, Report of the OECD Steering Group on Corporate Governance, 11 February 2009, Financial Market Trends, Vol 2009/1, ISSN 1995-2864, accessed 27 March 2017 at http://search.oecd.org/ finance/financial-markets/42229620.pdf, (‘OECD Kirkpatrick Report 2009’), pp 24–25. 11  Peter Yeoh, “Causes of the global financial crisis: Learning from the competing insights” (2010) 7(1) International Journal of Disclosure & Governance 42–69, (13 August 2009), accessed 8 April 2017 at http://web.b.ebscohost.com.proxy.library.adelaide.edu.au, 52. 12  Ibid, 52–53. 9

800

27  Failures in Risk Modelling and Rating Securitized Products

stay in competition. It was entirely possible to develop a family of bonds in which eighty percent had triple-A and double-A ratings, despite some seventy percent of them being sub-­ prime. Additionally, default rates were anything but low, usually hovering between eight and nine percent between 2002 and 2003. This critical aspect was ignored by the ratings agencies….13

The [NEDRatingsInfo] (−) variable is again based on a deficiency of knowledge on the part of non-executive directors – this time of the underlying or actual/ real credit rating of securitised products identified by Van Den Berghe  – which affects the decision-making quality of non-executive directors. This causes a corresponding reduction in the quality or effectiveness of the Decision-making Factor No 7. Here, the deficiencies in the credit ratings are treated as a type of ‘firm-­ specific’ information flow to the board which is reduced or disrupted. Alternatively, there is a reduction in the quality of risk management and monitoring  – Risk Management, Monitoring and Audit Factor No 5 – on account of the deficiency in information. Thus, the relational effect path of the [NEDRatingsInfo] (−) variable is hypothesized to have an identical relational effect path to the [BrdIndInfo] (−) variable, coverage/rating of −4/50.00 rprox, examined in section 7.3.2.1.3 of Stage 1. This gives rise to a coverage/rating for the [NEDRatingsInfo] (−) variable of −4/50.00 in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). [EDRatingsGrade] (−) variable – banks – executive directors – credit ratings of securitized products – conflicts of interest of ratings agencies – reduction in risk management, monitoring and decision quality – coverage/rating − 7/87.50 rprox – relational effect path The behaviour of the [EDRatingsGrade] (−) is hypothesized to be identical the [BrdSkills] (+)14 variable except in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox. Again, for the integrity of the relational approach, this variable is not hypothesized to be identical to a negative-direction version of the [BrdIndMon] (+)15 variable in section 7.3.2.1.2 of Stage 1  – Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox. In the [BrdIndMon] (+) variable, the enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient of non-executive directors. Thus, the effect of the [BrdIndMon] (+) variable is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of the independence of non-­ executive directors. Here, like the [EDRiskModelPrice] (−) variable in Sect. 27.1 above, there is no independence element. Like a negative-direction version of the [BrdSkills] (+)

 Ibid, 59.  See discussion in section 7.3.1.2.1 of Stage 1, above n 5, pp 198–199. 15  Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox. 13 14

27.3  Leverage and off-Balance-Sheet Entities

801

variable, there is an hypothesised reduction in risk management and therefore internal monitoring. Thus, the effect of the [EDRatingsGrade] (−) governance variable is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, an increase in risk-taking can be seen as a reduction in the quality of decision-making reflected in a negative effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Thus, like the [BrdSkills] (+) variable but in the negative (−) direction, the [EDRatingsGrade] (−) variable affects all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 116). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law  – is not affected by the risk-taking decisions of bank directors, the CEO, executives or lower-level managers. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of −7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the [EDRatingsGrade] (−) variable.

27.3 Leverage and off-Balance-Sheet Entities For Sahlman, many firms which failed had “hidden leverage” which was very difficult to detect from the financial statements: All of the firms in financial services had what I call “hidden leverage” that is not captured in their apparent asset to liability ratio. At AIG, the company had businesses that originated subprime mortgages, businesses that insured individual loans, and a major business providing credit default swaps on pools of subprime mortgages. The company also had a major potential shift in financial health if counterparties demanded more collateral in response to a lower corporate rating. That is precisely what occurred – asset values and income shrank while liabilities rose. To see this hidden leverage would have required a detailed analysis of all the footnotes to the financial statements, not just the numbers as presented.17

For the author, hidden leverage was exacerbated by the use of off-balance-sheet activities and entities.18 This is further discussed in Chap. 37 below. Thus, the relational approach identifies two aspects or themes based on ‘hidden leverage’ identified by Sahlman:  See discussion in section 2.6.2 of Stage 1, above n 5, pp 41–43.  William Sahlman, “Management and the Financial Crisis (We Have Met the Enemy and He is Us …)” (October 28, 2009). Harvard Business School Entrepreneurial Management Working Paper No. 10-033. (28 October 2009), accessed 4 April 2017 at SSRN: http://ssrn.com/ abstract=1496526, 25 (footnote omitted). 18  Ibid. 16 17

802

27  Failures in Risk Modelling and Rating Securitized Products

[BankHiddenLev] (−) variable  – banks  – ‘hidden leverage’ in financial statements and off-balance-sheet entities – reduction in risk management, monitoring and decision quality  – coverage/rating  −  7/87.50 rprox  – relational effect path First, there is a deficiency of knowledge on the part of executive and non-­ executive directors of the true/actual leverage of the bank – known by the management – thus reducing the quality of decision-making of the board, in particular in relation to risk. The behaviour of the [BankHiddenLev] (−) variable is hypothesized to be identical the [BrdSkills] (+)19 variable except in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox. Like the [EDRiskModelPrice] (−) and [EDRatingsGrade] (−) variables in sections 27.1 and 27.2 above, this variable is not hypothesized to be identical to a negative-direction version of the [BrdIndMon] (+)20 variable in section 7.3.2.1.2 of Stage 1 – Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox. In the [BrdIndMon] (+) variable, the enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient of non-executive directors. Thus, the effect of the [BrdIndMon] (+) variable is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of the independence of non-executive directors, giving rise to a coverage/rating of +7/87.50 rprox. Instead here, there is no independence element. Like a negative (−) direction version of the [BrdSkills] (+) variable, there is an hypothesised reduction in risk management and therefore internal monitoring. Thus, the effect of the [BankHiddenLev] (−) governance variable is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-­ making Factor No 7 and Responsibility Factor No 8. Alternatively, an increase in risk-taking can be seen as a reduction in the quality of decision-making reflected in a negative effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Thus, like the [BrdSkills] (+) variable but in the negative (−) direction, the [BankHiddenLev] (−) variable affects all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 121). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law  – is not affected by the risk-taking decisions of bank directors, the CEO, executives or lower-level managers. Compliance Factor No 2 thus remains constant for this variable.

 See discussion in section 7.3.1.2.1 of Stage 1, above n 5, pp 198–199.  Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox. 21  See discussion in section 2.6.2 of Stage 1, above n 5, pp 41–43. 19 20

27.3  Leverage and off-Balance-Sheet Entities

803

This equates to a coverage/rating of −7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the [BankHiddenLev] (−) variable. [TransTimeHideLev] (−) variable – banks – ‘hidden leverage’ in financial statements and off-balance-sheet entities – reduction in transparency and timing of reporting and internal and external monitoring – coverage/rating − 8/100.00 rprox – relational effect path The second effect of ‘hidden leverage’ – of a failure by management to disclose the true/actual leverage of the bank – is the opposite effect of the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1,22 coverage/rating + 8/100.00 rprox. In that section, the [TransTimeMon] (+) variable hypothesizes an improvement in the quality and reliability of information which flows to the board and, therefore, the market. This, in turn, enhances the quality of external or market monitoring of the board with a predicted improvement in internal monitoring. There, Compliance Factor No 2 and the reflexive relationship between Reporting Factor No 1 and Risk Management, Monitoring & Audit Factor no 5 are the ‘sources’ of the positive influence represented in Figure 9.1 of Stage 1 for the [TransTimeMon] (+) variable, coverage/rating + 8/100.00 rprox. In the case here of the [TransTimeHideLev] (−) variable, there is an opposite/ negative (−) effect – there is a reduction in the quality and reliability of information which flows to the board from management. Thus, this also results in a reduction of the quality and reliability of information which flows to the market. This in turn reduces the quality of external or market monitoring of the board with a predicted reduction in internal monitoring. Thus the relational approach hypothesizes an effect opposite to the [TransTimeMon] (+) variable for the [TransTimeHideLev] (−) variable. This gives rise to a coverage/rating for the [TransTimeHideLev] (−) variable of −8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

22

 See discussion in section 9.1.2.1 of Stage 1, above n 5, pp 262–266.

Chapter 28

Ownership, Governance Structure and Government Bailout

Abstract  This Chapter 28 examines bank ownership, governance structure and government bailout. We identify that bank size and leverage is related to the probability of bailout. We examine the ‘maturity transformation’ of bank debt and the consequent reliance for banks on a continuous supply of liquidity. Further governance variables are constructed for the level of interconnectedness of banks (high) and its effects on risk-taking and the effects on risk-taking of both the level of systemic risk and increases in bank size. We find that a controlling shareholder is predictive of greater risk and bailout and we examine the relationship between stronger governance, market valuation and performance. We also examine a high level of bank governance and the consequent effects of risk-taking on bank performance (non-crisis periods) and bank value (again, non-­ crisis periods). We identify that more independent boards with high institutional ownership performed worse in the crisis. We review the existing board independence variables and a new variable for a high level of institutional ownership and its effects on risk-taking. We conclude with an examination of country-level governance. Keywords  Ownership · Government bailout · Bank size · High leverage · Maturity transformation · Interconnectedness of banks · Systemic risk · Owner-­ control · Relationship of strong governance · Market valuation and performance · Independent boards and institutional ownership

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_28

805

806

28  Ownership, Governance Structure and Government Bailout

28.1 Bank Size and Leverage Related to Probability of Bailout While shareholder activism will be examined in detail in a proposed future Key Field  – Shareholder Empowerment and Institutional Shareholders  – for Ferreira, Kershaw, Kirchmaier and Schuster,1 companies with more ‘insulated’ management from the effects of shareholder pressure or activism were less likely to be bailed out by governments, even in the presence of other governance variables including “the presence of large block holders, board independence, board experience, and compensation variables.”2 Yet, bank size and leverage was positively related to the probability of bailout: We find that larger banks are indeed more likely to be bailed out. The estimated slopes are roughly similar across the three size groups. Indeed, the results are basically identical in (unreported) regressions in which size is broken down into a different number of groups (either more or fewer groups). Leverage appears to be positively related to bailouts.3

28.2 [BankHighLevRisk] (−) – Banks – Level of Leverage (High) – Effects of Risk-Taking – Coverage/ Rating − 7/87.50 rprox – Relational Effect Path The high leverage of banks was introduced in sections 7.2 and 7.7 of Chap. 7 above. As noted there by Mülbert,4 “a bank’s profit increases directly in proportion with the volume of lending to creditors”.5 In addition, “an increase of the bank’s leverage will increase its probability of default, and depositors as well as other debtholders will demand a higher risk premium as compensation for the higher risk of insolvency”.6 Thus, in the relational approach, an increase in leverage is experienced or depicted as an increase in risk-taking.

 Daniel Ferreira, David Kershaw, Tom Kirchmaier, and Edmund-Phillip Schuster, “Shareholder Empowerment and Bank Bailouts” now called “Measuring Management Insulation from Shareholder Pressure”, ECGI – Finance Working Paper No. 345/2013; Asian Finance Association (AsFA) 2013 Conference, (5 February 2016), accessed 14 June 2017 at SSRN: http://ssrn.com/ abstract=2170392 2  Ibid, 17. 3  Ibid, 16. 4  Peter O Mülbert, “Corporate Governance of Banks after the Financial Crisis – Theory, Evidence, Reforms”, ECGI  – Law Working Paper No. 130/2009, (April 2010), accessed 8 April 2017 at SSRN: https://ssrn.com/abstract=1448118 5  Ibid, 10. 6  Ibid. 1

28.2  [BankHighLevRisk] (−) – Banks – Level of Leverage (High) – Effects…

807

The behaviour of the [BankHighLevRisk] (−) is hypothesized to be identical the [BrdSkills] (+)7 variable except in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox. For the integrity of the relational approach, this variable is not hypothesized to be identical to a negative-direction version of the [BrdIndMon] (+)8 variable in section 7.3.2.1.2 of Stage 1  – Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox. In the [BrdIndMon] (+) variable, the enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient of non-executive directors. Thus, the effect of the [BrdIndMon] (+) variable is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of the independence of non-executive directors. Again here, there is no independence element. Like a negative (−) direction version of the [BrdSkills] (+) variable, giving rise to a coverage/rating of −7/87.50 rprox, there is an hypothesised reduction in risk management and therefore internal monitoring. Thus, the effect of the [BankHighLevRisk] (−) governance variable is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, an increase in risk-taking can be seen as a reduction in the quality of decision-making reflected in a negative effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Thus, like the [BrdSkills] (+) variable but in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox, the [BankHighLevRisk] (−) variable affects all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 19). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law  – is not affected by the risk-taking decisions of bank directors, the CEO, executives or lower-level managers. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of −7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the [BankHighLevRisk] (−) variable.

 Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in section 7.3.1.2.1 of Stage 1, pp 198–199. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 8  Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox. 9  See discussion in section 2.6.2 of Stage 1, above n 7, pp 41–43. 7

808

28  Ownership, Governance Structure and Government Bailout

28.3 ‘Maturity Transformation’ of Bank Debt and a Continuous Supply of Liquidity In sections 7.2 and 7.7 of Chap. 7 above, the high leverage of banks was explained in part by the maturity of bank debt (banks borrow ‘short’ funds from customers and lend ‘long’ known as ‘maturity transformation’), which is highlighted by Mülbert.10 The author explains the banks’ consequent dependence on continuous access to liquidity which was cut-off for all banks during the crisis and required government intervention as well as revision of liquidity risk management practices.11 For Mülbert, this explains the high leverage of banks.12 In this Stage 2 of the relational approach for Australian major banks, these considerations give rise to two variables: • [BankDebtTransRisk] (−)  – Banks  – Maturity Transformation of Bank Debt -– Effects of risk-taking, coverage/rating − 7/87.50 rprox; and • [BankLiqRisk] (−) – Banks – Continuous Liquidity Requirement – Effects of Risk-taking, coverage/rating − 7/87.50 rprox. The behaviour of these two variables is hypothesized to be identical in behaviour to the [BankHighLevRisk] (−) variable in the preceding Sect. 28.2 which, in turn, is hypothesized to be identical to the [BrdSkills] (+)13 variable except in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox. This equates to a coverage/rating of −7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the [BankDebtTransRisk] (−) variable and the [BankLiqRisk] (−) variable.

28.4 [BankConnect] (−) – Banks – Level of Interconnectedness of Banks (High) – Effects of Risk-­Taking – Coverage/Rating − 7/87.50 rprox – Relational Effect Path Another aspect highlighted by Mülbert is the interconnectedness of banks. They are competitors but are also each others’ major business partners – including activities on the interbank, OTC derivates and foreign exchange markets  – giving rise to counterparty risk and, in addition, the risk that a bank’s problems will spread to other banks.14  Mülbert, above n 4. See discussion in section 7.2 of Chap. 7 of this Stage 2 above.  Ibid, 10 (footnote omitted). 12  Ibid. 13  See discussion in section 7.3.1.2.1 of Stage 1, above n 7, pp 198–199. 14  Mülbert, above n 4, 10. 10 11

28.5  [BankSystRisk] (−) – Banks – Level of Systemic Risk – Effects of Risk-Taking …

809

In this Stage 2 of the relational approach for Australian major banks, this consideration gives rise to a variable representing a high level of interconnectedness of banks: • [BankConnect] (−) – Banks – Level of Interconnectedness of Banks (High) – Effects of Risk-taking, coverage/rating − 7/87.50 rprox. The behaviour of the [BankConnect] (−) variable is hypothesized to be identical in behaviour to the [BankHighLevRisk] (−) variable Sect. 28.2 which, in turn, is hypothesized to be identical to the [BrdSkills] (+)15 variable except in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox. This equates to a coverage/rating of −7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the [BankConnect] (−) variable.

28.5 [BankSystRisk] (−) – Banks – Level of Systemic Risk – Effects of Risk-Taking – Coverage/Rating − 7/87.50 rprox – Relational Effect Path A discussion of the interconnectness of banks overlaps with a discussion of systemic risk. As noted in sections 7.3 and 7.4 of this Stage 2 for Australian major banks, a bank’s failure (which causes it to suspend lending activities) can cause other banks dependent on the first bank’s credit to fail as well as non-bank customers of the bank. The bankruptcy or failure of a financial institution may cause a reduction in available credit between the financial institutions themselves causing further bankruptcy/failure. As that discussion shows, this shortage of credit then spreads to non-­bank customers. In this Stage 2 of the relational approach, this consideration gives rise to a variable representing a high level of systemic risk of banks: • [BankSystRisk] (−) – Banks – Level of Systemic Risk (High) – Effects of Risk-­ taking, coverage/rating − 7/87.50 rprox. The behaviour of the [BankSystRisk] (−) variable is hypothesized to be identical in behaviour to the [BankHighLevRisk] (−) variable Sect. 28.2 which, in turn, is hypothesized to be identical to the [BrdSkills] (+)16 variable except in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox. This equates to a coverage/rating of −7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the [BankSystRisk] (−) variable. 15 16

 See discussion in section 7.3.1.2.1 of Stage 1, above n 7, pp 198–199.  See discussion in section 7.3.1.2.1 of Stage 1, above n 7, pp 198–199.

810

28  Ownership, Governance Structure and Government Bailout

28.6 [BankSizeRisk] (−) – Banks – Increases in Bank Size – Effects of Risk-Taking – Coverage/Rating − 7/87.50 rprox – Relational Effect Path Again in the Stage 2 relational approach for Australian major banks, an increase in bank size is experienced or depicted as an increase in risk-taking or a reduction in the quality of decision-making. Like the [BankHighLevRisk] (−) variable in Sect. 28.2 (which, in turn, is hypothesized to be identical to the [BrdSkills] (+)17 variable except in the negative (−) direction, giving rise to a coverage/rating of – 7/87.50 rprox), the [BankSizeRisk] (−) variable hypothesizes, as a result of increases in the size of the bank, an increase in risk-taking which reduces risk management and internal monitoring (Risk Management, Monitoring & Audit factor No 5) and/or the quality of decision-­ making (Decision-making Factor No 7). Thus, the relational effect path of the [BankSizeRisk] (−) variable also has a negative (−) direction marker and is hypothesized to be identical to that of [BankHighLevRisk] (−), again with Compliance Factor 2 remaining unaffected. This equates to a coverage/rating of −7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the [BankSizeRisk] (−) variable.

28.7 Controlling Shareholder Predictive of Greater Risk and Bailout Gropp and Köhler18 compared banks owned by a controlling shareholder as opposed to manager-controlled banks. The authors found that owner-controlled banks took more risks before the financial crisis and consequently had bigger losses but were also more likely to be bailed-out by the government: We also find that the probability of owner controlled banks to receive government assistance during the crisis is significantly higher than that of manager controlled banks.19

This effect is depicted in the next variable: [BankControlRisk] (−) – banks – level of owner-control (high) – effects of risk-­ taking coverage/rating − 7/87.50 rprox – relational effect path

 Ibid.  Reint Gropp and Matthias Köhler, “Bank Owners or Bank Managers: Who is Keen on Risk? Evidence from the Financial Crisis”, European Business School Research Paper No. 10-02, (23 February 2010), accessed 14 June 2017 at SSRN: http://ssrn.com/abstract=1555663 19  Ibid, 21–22. 17 18

28.8  Relationship Between Stronger Governance, Market Valuation and Performance

811

Gropp and Köhler’s observations suggest that, for the Stage 2 relational approach, an increase in owner-control is experienced or depicted as an increase in risk-taking or a decrease in the quality of decision-making. Like the [BankHighLevRisk] (−) variable in Sect. 28.2 above (which, in turn, is hypothesized to be identical to the [BrdSkills] (+)20 variable except in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox), the [BankControlRisk] (−) variable hypothesizes an increase in risk-taking which reduces risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) and/or the quality of decision-making (Decision-making Factor No 7). Thus, the relational effect path of the [BankControlRisk] (−) variable also has a negative (−) direction marker and is hypothesized to be identical to that of [BankHighLevRisk] (−), again with Compliance Factor 2 remaining unaffected. This equates to a coverage/rating of −7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the [BankControlRisk] (−) variable.

28.8 Relationship Between Stronger Governance, Market Valuation and Performance Vähämaa and Vähämaa investigate the relationship between bank governance and performance, market valuation and share prices.21 The authors hypothesized that stronger governance would result in higher profitability, higher market value and less negative share returns during the GFC but that, alternatively, it could also be associated with higher risk-taking and thus lower performance: Specifically, we posit that banks with stronger corporate governance mechanisms had (i) higher profitability, (ii) higher market valuations, and (iii) less negative stock returns amidst the crisis. Nevertheless, it is also possible that the link between good corporate governance and bank performance documented in the prior literature is related to higher levels of risk-­ taking, in which case strong governance may lead to poor performance during periods of market turmoil.22

First, for the authors, strong governance generally increases financial performance and market value: Overall, the results reported in Tables 3 and 4 demonstrate that corporate governance affects bank performance. Consistent with the prior literature, our findings indicate that strong governance generally improves financial performance and also has positive effects on market valuation.23

 See discussion in section 7.3.1.2.1 of Stage 1, above n 7, pp 198–199.  Emilia Vähämaa and Sami Vähämaa, “Did Good Corporate Governance Improve Bank Performance During the Financial Crisis?” (2012) 41 (1–2) Journal of Financial Services Research 19–35, (March 31, 2011) accessed 4 April 2017 at SSRN: http://ssrn.com/abstract=1740547 22  Ibid, 2. 23  Ibid, 12–13. 20 21

812

28  Ownership, Governance Structure and Government Bailout

However, this may not remain the same during a crisis period. While stronger governance during the GFC improved bank profitability, it also reduced the market value of banks: However, we find mixed evidence for our hypothesis that good corporate governance improved bank performance during the financial crisis. Although our findings suggest that banks with stronger corporate governance mechanisms were associated with significantly higher profitability during the financial crisis, our results also indicate that strong governance may have had negative effects on market valuations of banks amidst the crisis. Thus, inconsistent with the research hypothesis, our results suggest that strong corporate governance does not necessarily create shareholder value in the banking industry during periods of severe market stress.24

For the Stage 2 relational approach, the findings of Vähämaa and Vähämaa create two new governance variables based on risk-taking. Both variables operate outside crisis periods – one positive for an enhancement in bank performance and the other also positive for an increase in market value again outside the crisis. [BankGovPerform] (+) variable  – banks  – level of bank governance (high)  – effects of risk-taking on firm performance (non-crisis periods) – coverage/rating + 7/87.50 rprox – relational effect path and [BankGovValue] (+) variable – banks – level of bank governance (high) – effects of risk-taking on firm value (non-crisis periods) – coverage/rating + 7/87.50 rprox relational effect path The behaviour of the [BankGovPerform] (+) and [BankGovValue] (+) variables is hypothesized to be identical to the [BrdSkills] (+)25 variable and in the same positive (+) direction, giving rise to a coverage/rating of +7/87.50 rprox. In this case, a ‘high’ governance level is depicted as an hypothesised reduction in risk-­ taking or increase in risk management and therefore internal monitoring and the effect of these governance variables is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, ‘high’ governance equates to an enhancement in the quality of decision-making through less risk-taking reflected in a positive effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Thus, like the [BrdSkills] (+) variable and in the same direction giving rise to a coverage/rating of +7/87.50 rprox, the [BankGovPerform] (+) and [BankGovValue] (+) variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 126). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the  Ibid.  See discussion in section 7.3.1.2.1 of Stage 1, above n 7, pp 198–199. 26  See discussion in section 2.6.2 of Stage 1, above n 7, pp 41–43. 24 25

28.9  More Independent Boards with High Institutional Ownership Performed Worse…

813

risk-taking, risk management, monitoring or decision-making quality of bank directors, the CEO, executives or lower-level managers. Compliance Factor No 2 thus remains constant for these variables. This equates to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for each of the [BankGovPerform] (+) and [BankGovValue] (+) variables.

28.9 More Independent Boards with High Institutional Ownership Performed Worse in the Crisis Erkens, Hung and Matos investigate the effects of board independence and institutional ownership on stock returns in the GFC.27 The authors conclude that firms with higher institutional ownership and more independent boards had worse stock returns during the GFC: Although all firms were affected by the crisis, we find that firms with higher institutional ownership and more independent boards had worse stock returns than other firms during the crisis. Further exploration of this finding suggests that this is because (1) firms with higher institutional ownership took more risk prior to the crisis, which resulted in larger shareholder losses during the crisis period, and (2) firms with more independent board members raised more equity capital during the crisis, which led to a wealth transfer from existing shareholders to debtholders.28

For the authors, two policies affected the size of shareholder losses – risk management before the crisis and equity raisings during the crisis.29 Reviewing other studies, the authors conclude that bank CEOs were given compensation incentives prior to the crisis to encourage them to invest in new securitised products and that equity raisings helped stave-off firm failure but at the cost of falls in the share price: Consistent with the notion that corporate boards and shareholders encouraged risk-taking prior to the crisis, DeYoung et al. (2012) find that, in the years leading up to the financial crisis (2000–2006), banks included stronger risk-taking incentives in CEO compensation packages to encourage executives to exploit new growth opportunities created by ­deregulation and the explosion of debt securitization. Similarly, while raising equity capital helped reduce bankruptcy risk, it was very costly to existing shareholders during the crisis period.30

 David H Erkens, Mingyi Hung, and Pedro P Matos, “Governance in the 2007–2008 Financial Crisis: Evidence from Financial Institutions Worldwide” (2012) 18 Journal of Corporate Finance, (January 15, 2012), accessed 5 April 2017 at SSRN: http://ssrn.com/abstract=1397685 28  Ibid, 32. 29  Ibid, 9. 30  Ibid, 9–10 (footnotes omitted). The authors cite R DeYoung, E Peng and M Yan, “Executive compensation and business policy choices at U.S. commercial banks” (2012) J Financ Quant Anal, forthcoming. 27

814

28  Ownership, Governance Structure and Government Bailout

As noted in this passage in relation to equity raisings, more independent boards performed worse during the crisis as they encouraged managers to raise capital to reduce bankruptcy. It is further explained by the authors that, as a result of recognising losses from subprime mortgages, banks suffered lower capital adequacy ratios and were required to raise capital at high costs to avoid regulatory intervention: An alternative explanation for why firms with more independent boards experienced worse stock returns during the crisis is that independent board members encouraged managers to raise equity capital during the crisis period to ensure capital adequacy and reduce bankruptcy risk. In addition, prior studies suggest that an important role of independent directorships is to ensure transparent financial reporting (Anderson et  al., 2004; Klein, 2002). During the crisis period transparent reporting implied the timely recognition of losses related to subprime mortgages. Because the recognition of losses led to lower capital adequacy ratios, firms had to resort to raising equity capital to avoid regulatory intervention when they recognized losses related to subprime mortgage related assets. Raising equity capital, however, was very costly during the crisis period. It could have led to worse stock returns during the crisis because it caused a wealth transfer from existing equity holders to debtholders (Kashyap et al., 2008; Myers, 1977).31

The analysis of the findings by Erkens, Hung and Matos in relation to the effects of board independence and institutional ownership on stock returns in the GFC suggest a number of existing variables discussed next: Existing Board Independence Variables The variables relating to board independence are well established from Stage 1: • [AudIndInfo] (−) – Audit Committee – Independence – Information Flow and Decision Quality ‘Trade-off’, −4/50.00 rprox;32 • [AudIndMon] (+)  – Audit Committee  – Independence  – Monitoring Effect, +7/87.50 rprox;33 • [BrdIndInfo] (−) – Board Independent Director: Executive Director Proportion – Information Flow and Decision Quality ‘Trade-off’, −4/50.00 rprox;34 • [BrdIndMon] (+) – Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox;35 and • [OutBrdPos] (−)  – Outside Board Positions of Independent Directors, −6/75.00 rprox.36

 Ibid, 21. The authors cite R C Anderson, S A Mansi and D M Reeb, “Board characteristics, accounting integrity, and the cost of debt” (2004) 37 J Account Econ 315–342; A Klein, “Audit committee, board of director characteristics, and earnings management” (2002) 33 J Account Econ 375–400; A Kashyap, R Rajan and J Stein, “Rethinking capital regulation”, Working paper, 2008 and S C Myers, “Determinants of corporate borrowing” (1977) 5 J Financ Econ 147–175. 32  See discussion in section 8.4.3 of Stage 1, above n 7, pp 242–244. 33  See discussion in section 8.4.3 of Stage 1, above n 7, pp 242–244. 34  See discussion in section 7.3.2.1.3 of Stage 1, above n 7, pp 212–215. 35  See discussion in section 7.3.2.1.1–7.3.2.1.2 of Stage 1, above n 7, pp 208–212. 36  See discussion in sections 8.2.3–8.2.3.1 of Stage 1, above n 7, pp 229–232. 31

28.10  Country-Level Governance

815

[BankInstitRisk*] (−) – banks – institutional ownership (high) – effects of risk-­ taking – coverage/rating − 7/87.50 rprox – relational effect path Erkens, Hung and Matos’ observations suggest that, for the Stage 2 relational approach, the presence of institutional ownership is experienced or depicted as an increase in risk-taking. But the following variable remains in ‘interim’ (*) status pending the research of a proposed future Key Field – Shareholder Empowerment and Institutional Shareholders. Like the [BankHighLevRisk] (−) variable in Sect. 28.2 above and the [BankControlRisk] (−) variable in Sect. 28.7 above (both of which, in turn, are hypothesized to be identical to the [BrdSkills] (+)37 variable except in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox), the [BankInstitRisk*] (−) variable hypothesizes an increase in risk-taking which reduces risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) and/or the quality of decision-making (Decision-making Factor No 7). Thus the relational effect path of the [BankInstitRisk*] (−) variable also has a negative direction marker and is hypothesized to be identical to that of [BankHighLevRisk] (−) and [BankControlRisk] (−), again with Compliance Factor 2 remaining unaffected. This equates to a coverage/rating of −7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the [BankInstitRisk*] (−) variable.

28.10 Country-Level Governance Erkens, Hung and Matos also investigated whether country-level governance – in the form of the shareholder protection regime – affected firm performance during the crisis. A discussion of the origins and effects of the national shareholder protection regime was undertaken in Stage 1.38 Citing the well-known work of La Porta et al, the authors explain that country– level governance can affect firm performance: The international corporate governance literature suggests that another important dimension of corporate governance is the external governance mechanism in a country, primarily the legal institutions that protect shareholder rights, both in terms of the quality of legal institutions and laws protecting shareholder rights (La Porta et al., 1998).39

Yet the authors found that firm-level governance – but not country-level governance – affected firm performance during the crisis:

 See discussion in section 7.3.1.2.1 of Stage 1, above n 7, pp 198–199.  See discussion in sections 7.3.1.3–7.3.1.3.2 of Stage 1, above n 7, pp 202–206. 39  Erkens, Hung and Matos, above n 27, 27. The authors cite R La Porta, R Lopez-de-Silanes, A Shleifer and R W Vishny, (1998) 106 Law and Finance J Polit Econ 1113–1155. 37 38

816

28  Ownership, Governance Structure and Government Bailout Although we focus on firm-level governance mechanisms, we also examine how country-­ level governance mechanisms, such as the quality of legal institutions and the extent of laws protecting shareholder rights, influenced firm performance during the crisis. We find an insignificant relation between firm performance and the country-level governance variables. This evidence is consistent with firm-level, but not country-level governance mechanisms being important in explaining why some financial firms were much more affected by the financial crisis than others.40

The relational approach’s existing variable representing the national shareholder protection regime is significant for affecting all governance factors: • [NationGov*] (+) variable  – National Governance/Shareholder Protection Regime  – coverage/rating  +  8/100.00 rprox (relational effect path in section 7.3.1.3.2 of Stage 1). But Erkens, Hung and Matos’ observations that country-level governance did not affect firm performance during the GFC suggests that the operation of this variable may be suspended or of no effect in crisis times, hence the asterix (*) marking in this Stage 2 for Australian major banks.

40

 Erkens, Hung and Matos, above n 27, 4.

Chapter 29

Composition, Independence, Representation, Codes of Conduct and Culture Abstract  This Chap. 29 examines board composition, independence, representation, codes of conduct and culture. We begin with board composition, the independence proportion and representation and examine greater challenge, debate and testing. We move to consider a change in board culture and codes of conduct/ethics and conflicts including changing board culture and ‘tone at the top’. We present governance variables for culture and ‘tone at the top’, ‘entrenchment’ of the CEO, codes of conduct and ethics including an ‘ethics, compliance and reputation committee’ and a conflicts of interest policy. There follows the FSB’s Framework for Assessing Risk Culture including the aims of assessing risk culture, the FSB’s elements of a sound risk culture including the FSB’s and NAB’s ‘tone from the top’. We continue with the FSB’s further indicators of a sound risk culture – accountability, effective communication and challenge and incentives. There is then focus on the FSRC findings on governance, remuneration and culture including the FSRC Final Report recommendations and commentary on culture, governance and on the role of the board and concluding that section with the FSRC Final Report recommendations and commentary on priorities. The examination then moves to the NAB Self-Assessment 2018 on financial objectives and prioritisation including strategic planning and performance objectives, the growth fund and annual group budget, trade-offs in decision-making and customer outcomes. Switching to the Westpac Review Team 2018 examination of prioritisation decisions, we examine WBC’s four (4) factors contributing to prioritisation of financial considerations. We conclude with the FSRC Final Report recommendations and commentary on non-financial risks and accountability. Keywords  Composition · Independence · Codes of conduct · Board culture · Tone at the top · FSB Framework for Assessing Risk Culture · FSRC Final Report on governance · Remuneration and culture · Financial objectives and prioritisation · Non-financial risks · Accountability

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_29

817

818

29  Composition, Independence, Representation, Codes of Conduct and Culture

Board Composition, Independence Proportion and Representation Board composition requirements for APRA-regulated institutions are set out in APRA’s Prudential Standard CPS 510 Governance.1 Due to enhancement of the ‘independence’ ingredient through the independence requirements, the following board composition variables have an identical relational effect path to the [BrdIndMon] (+)2 variable – Board Independent: Executive Director Proportion  – Monitoring Effect, coverage/rating  +  7/87.50 (relational effect path in section 7.3.2.1.2 of Stage 1). This gives rise to a coverage/rating for these independence variables of +7/87.50 rprox in the Bank Combined Coverage and Table and Relational Proximity Table (Table 10.2 above): • [510ComposeIndepBrdComposeRequire] (+)  – CPS 510Compose  – Board Composition Requirements – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox (APRA CPS 510) including: –– must have a minimum of five directors at all times3; –– must have a majority of independent directors at all times4; –– Chairperson of the Board must be an independent director of the APRA-­ regulated institution5; –– A majority of directors present and eligible to vote at all Board meetings must be non-executive directors6; –– “Chairperson of the Board cannot have been the Chief Executive Officer (CEO) of the APRA-regulated institution at any time during the previous three years”7;

 Australian Prudential Regulation Authority, Prudential Standard CPS 510 Governance, July 2019, accessed 22 September 2019, available at: https://www.legislation.gov.au/Details/ F2019L00662/Download (‘CPS 510’), sections 26–33, pp  9–10. In addition to finalisation of APRA’s Draft Prudential Standard 511 Remuneration, APRA has announced that it intends to consult on revised versions of Prudential Standard CPS 510 Governance, Prudential Standard CPS 220 Risk Management and Prudential Standard 520 Fit and Proper in the second half of 2020 with expected effective dates of 2022. See Australian Prudential Regulation Authority, Information Paper, APRA’s Policy Priorities, section 2.1.1 Governance and risk management, section 2.1.3 Accountability and Attachment B: Timelines. 2  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in section 7.3.2.1.2 of Stage 1, p 211. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 3  CPS 510, above n 1, section 26, p 9. 4  Ibid, section 27, p 9. 5  Ibid, section 28, p 9. 6  Ibid, section 29, p 9. 7  Ibid, section 30, p 9. 1

29  Composition, Independence, Representation, Codes of Conduct and Culture

819

–– Chairperson must be available to meet with APRA on request8; –– “for a locally owned and incorporated APRA-regulated institution, a majority of directors must be ordinarily resident in Australia”9; and –– “for a foreign-owned, locally incorporated APRA-regulated institution, at least two of the directors must be ordinarily resident in Australia, at least one of whom must also be independent”10; • [510ComposeRepresBasedShareholding] (+)  – CPS 510Compose  – Board Representation Consistent with Shareholding  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox (APRA CPS 510) including: –– must be consistent with a locally incorporated APRA-regulated institution’s shareholding11; –– “where a shareholding constitutes not more than 15 per cent of the APRA-­ regulated institution’s voting shares, there should not be more than one Board member who is an associate of the shareholder where the Board has up to six directors, and not more than two Board members who are associates of the shareholder where the Board has seven or more directors”12; and –– “where an individual shareholding is greater than 15 per cent, as approved under the Financial Sector (Shareholdings) Act, the Board representation of that shareholding may be greater than allowed in paragraph 34 [of CPS 510], although it must still be broadly proportionate to the shareholding concerned”13; • [510ComposeIndepBrdComposeSubsids] (+)  – CPS 510Compose  – Board Composition Requirements for Subsidiaries of APRA-Regulated Institutions or Overseas Equivalents  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox (APRA CPS 510) including: –– “Board must have a majority of non-executive directors, but these non-­ executive directors need not all be independent”14: • the institution “will be required to have, at a minimum, two independent directors, in addition to an independent chairperson, where the Board has up to seven members”15; • “where the Board has more than seven members, the institution will be required to have at least three independent directors, in addition to an independent chairperson”16; and  Ibid, section 31, p 10.  Ibid, section 32, p 10. 10  Ibid, section 33, p 10. 11  Ibid, section 34, p 10. 12  Ibid. 13  Ibid, section 35, p 10. 14  Ibid, section 37, p 10. 15  Ibid, section 38, p 11. 16  Ibid. 8 9

820

29  Composition, Independence, Representation, Codes of Conduct and Culture

• “the independent directors on the Board of the parent company or its other subsidiaries may also sit as independent directors on the Board of the institution”.17

29.1 Greater Challenge, Debate and Testing The Walker Review 2009 examined the role of executive and non-executive directors, again focusing on challenge and debate: The most important factor in ensuring long-term corporate success, whether in a BOFI or a non-financial business, is a highly effective executive team that is not dominated by a single voice; where open challenge and debate occurs; and yet the executive team is cohesive and collectively strong.18

The Review found that non-executive director contribution during the GFC was “seriously inadequate” partly due to inadequate financial industry experience discussed in Sects. 33.1–33.6 below.19 However, equally or more important was that non-executive directors challenge and test the executive team and executive proposals, particularly in relation to risk: They should satisfy themselves that board discussion and decision-taking on risk matters is based on accurate and appropriately comprehensive information and draws, as far as they believe it to be relevant or necessary, on external analysis and input.20

As noted in Sect. 23.1, questions of the ‘challenge’ step in major risk and strategic issues directly raise considerations relevant to the oversight, monitoring and evaluation of the CEO, executives and management of the bank. As suggested by the Walker Review 2009 and/or EC, parts of the ‘challenge’ and ‘testing’ issue lay in: • the size, composition and qualification of the board discussed in Sect. 23.2; • the functioning of the board and the monitoring and evaluation of performance of directors and the board as a whole in Chap. 24; • rigour and urgency by the board, gaps in reporting and metrics and over-reliance on key individuals which reduce board effectiveness are also examined in Chap. 24;

 Ibid, section 39, p 11.  David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), Para 2.7, p 35. 19  Ibid, Para 4.2, p 52. 20  Ibid, Recommendation 6, p 56. 17 18

29.1  Greater Challenge, Debate and Testing

821

• competence and banking/financial industry expertise reviewed in Chap. 26 and Sects. 26.3–26.5 affected the ability and confidence of NEDs to challenge ‘strong’ CEOs; • increased time commitment from NEDs examined in Sects. 23.2 and 23.5; and • governance variables examining the time, qualifications, role and election of the chairperson examined in Chap. 34. The variables relating to non-executive director oversight, monitoring and evaluation are again well established from Stage 1: • [AudIndInfo] (−) – Audit Committee – Independence – Information Flow and Decision Quality ‘Trade-off’, −4/50.00 rprox21; • [AudIndMon] (+)  – Audit Committee  – Independence  – Monitoring Effect, +7/87.50 rprox22; • [BrdIndInfo] (−) – Board Independent Director: Executive Director Proportion – Information Flow and Decision Quality ‘Trade-off’, −4/50.00 rprox23; • [BrdIndMon] (+) – Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox24; and • [OutBrdPos] (−)  – Outside Board Positions of Independent Directors, −6/75.00 rprox.25 And the variables relating to non-executive director oversight, monitoring and evaluation already examined from this Part 5 include: • [BankBrdInfoTask] (+/−)  – Banks  – Board Size and Information and Task ‘Overload’, +/− 6/75.00 rprox (relational effect path in Sect. 23.3); • [BankNEDInduct] (+)  – Banks  – Induction of Non-Executive Directors  – Enhancement of Monitoring Effect, +7/87.50 rprox (relational effect path in Sect. 23.4); • [BankNEDTrain] (+)  – Banks  – Training of Non-Executive Directors  – Enhancement of Monitoring Effect, +7/87.50 rprox (relational effect path in Sect. 23.4); • [BankNEDDevelopProg] (+)  – Banks  – Development Programs for Non-­ Executive Directors – Enhancement of Monitoring Effect, +7/87.50 rprox (relational effect path in Sect. 23.4); • [BankNEDSupport] (+)  – Banks  – ‘Dedicated Support’ for Non-Executive Directors for Information and Advice in Addition to the Normal Board Process – Enhancement of Monitoring Effect, +7/87.50 rprox (relational effect path in Sect. 23.4); and

 See discussion in section 8.4.3 of Stage 1, above n 2, pp 242–244  Ibid. 23  See discussion in section 7.3.2.1.3 of Stage 1, above n 2, pp 212–215. 24  See discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, above n 2, pp 208–212. 25  See discussion in sections 8.2.3–8.2.3.1 of Stage 1, above n 2, pp 229–232. 21 22

822

29  Composition, Independence, Representation, Codes of Conduct and Culture

• [BankNEDFinAwareProg] (+) – Banks – Development Programs for Financial Industry Awareness of Non-Executive Directors on Risk Strategy – Enhancement of Monitoring Effect, +7/87.50 rprox (relational effect path in Sect. 23.4). In addition, two specific challenge and testing variables were presented in Sects. 24.1–24.2 in relation to strategy and risk issues formulated by the CEO, executives and management of the bank: • [BankNEDTestStrat] (+) variable – Banks – Challenging and Testing Strategy by Non-Executive Directors  – Monitoring Effect, +7/87.50 rprox (relational effect path in Sect. 24.1); and • [BankNEDTestRisk] (+) variable  – Banks  – Challenging and Testing Risk Issues and Questions by Non-Executive Directors – Monitoring Effect, +7/87.50 rprox (relational effect path in Sect. 24.2). Finally, a specific variable was introduced in Sect. 26.3 relating to the formulation of policies and standards on bank-specific competencies, skills and professional qualities: • [NEDBankSkillsMon] (+) – Banks – Non-Executive Directors – Policies and Standards on Bank-Specific Competencies, Skills and Professional Qualities, +7/87.50 rprox (relational effect path in Sect. 26.3).

29.2 Change in Board Culture and Codes of Conduct/Ethics and Conflicts The ASX Principles and Recommendations Fourth Edition26 requires under Principle 3 that a Listed Entity: [i]nstil a culture of acting lawfully, ethically and responsibly.27

For listed entities, the following governance variables extend beyond NEDs and so do not depend on any independence ingredient of NEDs and so do not follow the relational effect path of the [BrdIndMon] (+) variable. Instead, it is based on the relational effect path of the [BrdSkills] (+) variable in the same positive (+) direction giving rise to a coverage/rating of +7/87.50 rprox for the following induction requirements suggested by ASX Recommendations 3.1 and 3.2 and commentary. Thus, the following governance variables have ‘interim’ (*) status pending the examination of codes of conduct and ethics in a proposed future Key Field  – Governance Variables in Corporate Social Responsibility or CSR:  Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition, February 2019, accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-principles-and-recommendationsfourth-­edn.pdf (‘2019ASX’). 27  Ibid, Principle 3, p 16. 26

29.2  Change in Board Culture and Codes of Conduct/Ethics and Conflicts

823

• [2019ASXDiscloseValues*] (+) – 2019ASX – Board – Listed Entity to Articulate and Disclose its Values28  – Enhancement in Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating  +  7/87.50 rprox (2019ASX); • [2019ASXValuesKeyStakeholders*] (+)  – 2019ASX  – Board  – Values to Protect Reputation and Standing with Key Stakeholders29  – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (2019ASX) including: –– –– –– –– –– ––

customers; employees; suppliers; creditors; law makers; and regulators30;

• [2019ASXApproveValues*] (+)  – 2019ASX  – Board  – Board to Approve Entity’s Statement of Values31 – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating  +  7/87.50 rprox (2019ASX); • [2019ASXSnrExecTeamImplementValues*] (+) – 2019ASX – Board – Senior Executive Team to Implement Values Across Entity32 – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (2019ASX) including: –– all employees to receive training on values; –– senior executives to continually reference and reinforce values setting “tone at the top”; • [2019ASXDiscloseCodesConduct*] (+) – 2019ASX – Board – Listed Entity to Have and Disclose code of conduct for Directors, Senior Executives and Employees33  – Enhancement in Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (2019ASX); • [2019ASXBrdCmMaterialBreachCode*] (+) – 2019ASXBrd – Board – Board or Committee to be Informed of Material Breaches of Code of Conduct34  – Enhancement in Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox (2019ASX);

 Ibid, Rec 3.1, p 16.  Ibid, Rec 3.1, p 16. 30  Ibid, Commentary to Rec 3.1, p 16. 31  Ibid. 32  Ibid. 33  Ibid, Rec 3.2(a), p 16. 34  Ibid, Rec 3.2(b), p 16. 28 29

824

29  Composition, Independence, Representation, Codes of Conduct and Culture

• [2019ASXEmployTrainCode*] (+)  – 2019ASX  – Board  – Employees to Receive Appropriate Training on Their Obligations Under the Code35  – Enhancement in Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox (2019ASX); • [2019ASXToneAtTopCode*] (+) – 2019ASX – Board – Directors and Senior Executives to Speak and Act to Reinforce the Code36 – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (2019ASX); • [2019ASXContentsBox3.2Code*] (+)  – 2019ASX  – Board  – Suggested Contents for Code from Box 3.237 – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating  +  7/87.50 rprox (2019ASX); • [2019ASXDiscloseWhistlePolicy*] (+) – 2019ASX – Board – Listed Entity to Have and Disclose Whistleblower Policy38 – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (2019ASX); • [2019ASXBrdCmMatIncidentsWhistlePolicy*] (+) – 2019ASXBrd – Board – Board or Committee to be Informed of Material Incidents Under the Whistleblower Policy39 – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (2019ASX); • [2019ASXContentsBox3.3WhistlePolicy*] (+)  – 2019ASX  – Board  – Suggested Contents for Whistleblower Policy from Box 3.340 – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (2019ASX); • [2019ASXDiscloseBribeCorruptPolicy*] (+)  – 2019ASX  – Board  – Listed Entity to Have and Disclose Anti-bribery and Corruption Policy41 – Enhancement in Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox (2019ASX); • [2019ASXBrdCmMatBreachBribeCorruptPolicy*] (+)  – 2019ASXBrd  – Board  – Board or Committee to be Informed of Material Breaches of Anti-­ bribery and Corruption Policy42  – Enhancement in Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (2019ASX); and

 Ibid, Commentary to Rec 3.2, p 16.  Ibid. 37  Ibid, pp 16–17. 38  Ibid, Rec 3.3(a), p 17. 39  Ibid, Rec 3.3(b), p 17. 40  Ibid, Box 3.3, p 17. 41  Ibid, Rec 3.3(a), p 17. 42  Ibid, Rec 3.3(b), p 17. 35 36

29.2  Change in Board Culture and Codes of Conduct/Ethics and Conflicts

825

• [2019ASXContentsBox3.4BribeCorruptPolicy*] (+)  – 2019ASX  – Board  – Suggested Contents for Anti-bribery and Corruption Policy from Box 3.443  – Enhancement in Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (2019ASX). Changing Board Culture and ‘Tone at the Top’ The variables listed in the preceding Sect. 29.1 assist the bank in developing among non-executive directors the challenge, debate and testing of CEO, executive and management strategy and risk issues/questions. But further guidance is found in governmental and market participant reports relating specifically to board culture and ‘tone at the top’. The Walker Review 2009 warned of the pressures of conformity on non-­executive directors as stifling challenge: [T]he pressure for conformity on boards can be strong, generating corresponding difficulty for an individual board member who wishes to challenge group thinking. Such challenge on substantive policy issues can be seen as disruptive, non-collegial and even as disloyal. Yet, without it, there can be an illusion of unanimity in a board, with silence assumed to be acquiescence.44

And this failure to challenge was affected by the entrenchment – even for “excellent past performance and longevity in the role” – of the CEO.45 The Chairperson should promote an atmosphere of different views, particularly in relation to new strategic initiatives, new products and review of existing businesses: This will be particularly relevant in relation to new strategic initiatives such as the launch of a new product or service or a proposed acquisition. But challenge to the executive team may also be important in relation to a major area of existing business where market or other conditions change in ways that vitiate to at least some extent the case for a particular strategy as originally envisaged and agreed.46

The Review called for “material change of culture” in this respect47 and for interaction between executive and non-executive directors outside the board forum: Nor is the board itself the only forum in which effective interaction takes place between the executive directors and NEDs. The relative informality of a board committee may provide the most appropriate forum and this, in turn, should be complemented to the extent possible by NED interface with relevant executives and executive committees, for example through NED participation on an observer basis in an executive risk committee.48

 Ibid, Box 3.4, p 18.  Walker Review 2009, above n 18, Para 4.3, p 53. 45  Ibid, Para 4.4, p 53. 46  Ibid, Para 4.5, pp 53–54. 47  Ibid, Para 4.6, p 54. 48  Ibid, Para 4.7, p 54. 43 44

826

29  Composition, Independence, Representation, Codes of Conduct and Culture

The BCBS also specifically addressed corporate culture and values. The BCBS views corporate culture as flowing from the ‘tone at the top’.49 This was achieved by: • setting and adhering to corporate values that create expectations that all business should be conducted in a legal and ethical manner, and overseeing the adherence to such values by senior management and other employees; • promoting risk awareness within a strong risk culture, conveying the board’s expectation that it does not support excessive risk-taking and that all employees are responsible for helping the bank operate within the established risk appetite and risk limits; • confirming that appropriate steps have been or are being taken to communicate throughout the bank the corporate values, professional standards or codes of conduct it sets, together with supporting policies; and • confirming that employees, including senior management, are aware that appropriate disciplinary or other actions will follow unacceptable behaviours and transgressions.50

‘Culture’ and ‘tone at the top’ variables flowing from the Walker Review 2009 and BCBS Guidelines are considered next followed by governance variables for codes of conduct and ethics and a conflict of interest policy. Governance variables for risk culture proposed by the FSB’s Framework for Assessing Risk Culture (Sect. 29.3),51 the NAB Self-Assessment 2018 (Chap. 30)52 and the Westpac Review Team 2018 and Westpac Reassessment (also Chap. 30)53 complete the review. Culture and ‘Tone at the Top’ Variables – Coverage/Rating + 7/87.50 rprox – Relational Effect Paths In addition to the variables in Sect. 29.1, the approach to board culture and ‘tone at the top’ is to assign variables for the specific elements identified by the Walker Review 2009 and the BCBS Guidelines 2015 which assist challenge, debate and testing by non-executive directors of CEO, executive and management strategy and risk issues. Flowing from the independence ingredient of non-executive directors,

 The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’), Para 30, p 9. 50  Ibid, Para 30, p 9. 51  Financial Stability Board, Guidance on Supervisory Interaction with Financial Institutions on Risk Culture, A Framework for Assessing Risk Culture of 7 April 2014, accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/140407.pdf (‘FSBCult’). 52  National Australia Bank, NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/content/dam/ nabrwd/documents/reports/corporate/nab-self-assessment-2018.pdf (‘NAB Self-Assessment 2018’), pp 50–56. 53  See Westpac Banking Corporation, Review Team, Governance, Accountability and Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-Assessment_Report_.pdf (‘Westpac Review Team 2018’) and Westpac Banking Corporation, Reassessment of the Culture, Governance and Accountability Remediation Plan, June 2020, accessed 20 November 2020, available at https://www.westpac.com.au/content/dam/public/wbc/documents/pdf/aw/media/WBC_ CGA_Reassessment.pdf (‘Westpac Reassessment’). 49

29.2  Change in Board Culture and Codes of Conduct/Ethics and Conflicts

827

these variables are based on the enhanced risk management, monitoring and decision-­ making aspects of the [BrdIndMon] (+) variable in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1,54 coverage/rating + 7/87.50 rprox: • [CultNEDStrat] (+)  – Bank Culture  – Review of Strategy by Non-Executive Directors – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [CultNEDNewProds] (+) – Bank Culture – Review of New Products by Non-­ Executive Directors  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [CultNEDExistBus] (+) – Bank Culture – Review of Existing Business Market and Other Conditions by Non-Executive Directors – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [CultNEDObserve] (+) – Bank Culture – Interaction between Non-Executive Directors and Executive Directors  – NED Observers on Executive Risk Committee – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [CultNEDValues] (+) – Bank Culture – Non-executive Directors – Review and Oversight of Corporate Values – Enhancement of Monitoring Effect, coverage/ rating + 7/87.50 rprox; • [CultNEDRiskAppLimits] (+)  – Bank Culture  – Non-Executive Directors  – Review of Risk Awareness, Appetite and Limits – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [CultNEDCommun] (+) – Bank Culture – Non-Executive Directors – Review of Appropriate Steps to Communicate Values, Codes and Policies – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; and • [CultNEDDiscipline] (+) – Bank Culture – Non-Executive Directors – Review and Oversight of Disciplinary Actions for Breaches of Values, Codes and Policies – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox. The behaviour of these eight corporate and risk ‘culture’ variables is hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/rating + 7/87.50 rprox, which in turn is identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, coverage/rating + 7/87.50 rprox. Like those variables, the enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient of non-executive directors. Thus, the effect of these governance variables is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of the independence of non-­ executive directors. Thus, like the [BrdIndMon] (+) variable and the [BrdSkills] (+) variable, both with a coverage/rating of +7/87.50 rprox, these governance variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 155). Similarly to the [BrdIndMon] (+) variable and the

54 55

 See discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, above n 2, pp 208–212.  See discussion in section 2.6.2 of Stage 1, above n 2, pp 41–43.

828

29  Composition, Independence, Representation, Codes of Conduct and Culture

[BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the risk culture element of the board. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of +7/87.50 rprox for these eight corporate and risk ‘culture’ variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). ‘Entrenchment of CEO’ – Coverage/Rating − 7/87.50 rprox – Relational Effect Path As noted above by the Walker Review 2009, a failure to challenge may be affected by the entrenchment – even for “excellent past performance and longevity in the role” – of the CEO.56 This gives rise to a variable reflecting a reduction in monitoring of the CEO, executives and management consequent of the longevity of the CEO: • [CultLongCEO] (−) – Bank Culture – Past Performance and Longevity of the CEO – Entrenchment Effect – Reduction in Monitoring of CEO, Executives and Management. This variable is hypothesized to act in the opposite direction to the ‘culture’ variables introduced in this Sect. 29.2. The behaviour of the [CultLongCEO] (−) variable is hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1 which in turn is identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 but in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox. Opposite to those variables, the reduction of the monitoring of the CEO, executives and management (a reduction in Risk Management, Monitoring & Audit Factor No 5) is based on a reduction in the effect of the independence ingredient of non-executive directors due to the longevity of the CEO which erodes the effects of independence over time. Thus, the effect of the [CultLongCEO] (−) variable is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of the erosion of the independence effect of non-executive directors. This equates to a coverage/rating of −7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the [CultLongCEO] (−) variable. Codes of Conduct and Ethics and ‘Ethics, Compliance and Reputation Committee’ – Coverage/Rating + 7/87.50 rprox – Relational Effect Paths Thus, for the BCBS, a code of conduct or code of ethics “should define acceptable and unacceptable behaviours” and: • should explicitly disallow illegal activity, such as financial misreporting and misconduct, economic crime including fraud, breach of sanctions, money laundering,

56

 Walker Review 2009, above n 18, Para 4.4, p 53.

29.2  Change in Board Culture and Codes of Conduct/Ethics and Conflicts

829

a­nti-­competitive practices, bribery and corruption, or the violation of consumer rights; [and] • should make clear that employees are expected to conduct themselves ethically and perform their job with skill and due care and diligence in addition to complying with laws, regulations and company policies.57

Important, too, for the bank’s values was to “recognise the critical importance of timely and frank discussion and escalation of problems to higher levels within the organization” such as through an anonymous whistleblower policy and the “objective independent” investigation of “legitimate material concerns”.58 In addition to the approach to board culture and ‘tone at the top’ set out in this Sect. 29.2, the relational approach in Stage 2 for Australian major banks assigns variables for the specific elements of codes of conduct and ethics identified by BCBS which assist challenge, debate and testing of CEO, executive and management strategy and risk issues. These variables – again drawing on the independence ingredient of non-executive directors – are again based on the enhanced risk management, monitoring and decision-making aspects of the [BrdIndMon] (+) variable in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1,59 giving rise to a coverage/rating of +7/87.50 rprox. Such codes of conduct and ethics would be the responsibility of non-executive directors on an ‘Ethics, Compliance and Reputation Committee’ discussed in Sect. 36.6 below. Thus, the following governance variables have ‘interim’ (*) status pending the examination of codes of conduct and ethics in a proposed future Key Field – Governance Variables in Corporate Social Responsibility or CSR: • [CodesNEDIllegalActs*] (+)  – Bank Codes of Conduct and Ethics  – Non-­ Executive Directors – Review and Oversight of Codes of Conduct and Ethics for Illegal Activity  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [CodesNEDEthics*] (+) – Bank Codes of Conduct and Ethics – Non-Executive Directors – Review and Oversight of Codes of Conduct and Ethics for Ethical Conduct – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [CodesNEDDueCare*] (+)  – Bank Codes of Conduct and Ethics  – Non-­ Executive Directors – Review and Oversight of Codes of Due Care, Skill and Diligence – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [CodesNEDComply*] (+) – Bank Codes of Conduct and Ethics – Non-­Executive Directors  – Review and Oversight of Codes of Conduct for Compliance with Laws, Regulations and Company Policies – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [CodesNEDWhistle*] (+) – Bank Codes of Conduct and Ethics – Non-­Executive Directors  – Review and Oversight of Whistle-Blower Policy and Procedure  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; and

 BCBS Guidelines 2015, above n 49, Para 32, p 10.  Ibid. 59  See discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, above n 2, pp 208–212. 57 58

830

29  Composition, Independence, Representation, Codes of Conduct and Culture

• [CodesNEDIndInvestigate*] (+) – Bank Codes of Conduct and Ethics – Non-­ Executive Directors  – Review and Oversight of Policy and Procedure for Independent Investigation of Legitimate Material Concerns – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox. The behaviour of these six corporate ‘code of conduct and ethics’ variables is hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/rating + 7/87.50 rprox, which in turn is identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, coverage/rating + 7/87.50 rprox. Like those variables, the enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient of non-executive directors. Thus, the effect of these governance variables is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of the independence of non-executive directors. Thus, like the [BrdIndMon] (+) variable and the [BrdSkills] (+) variable, both with a coverage/rating of +7/87.50 rprox, these governance variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 160). Similarly to the [BrdIndMon] (+) variable and the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the codes, conduct and ethics decisions of the board. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of +7/87.50 rprox for these six ‘code of conduct and ethics’ variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Conflicts of Interest Policy For Turnbull and Pirson, “directors obtain absolute power to manage their own conflicts of interest”.61 For the BCBS, there should be a written conflicts policy with an objective compliance process for implementation.62 This policy should include: • a member’s duty to avoid, to the extent possible, activities that could create conflicts of interest or the appearance of conflicts of interest; • examples of where conflicts can arise when serving as a board member; • a rigorous review and approval process for members to follow before they engage in certain activities ﴾such as serving on another board) so as to ensure that such activity will not create a conflict of interest; • a member’s duty to promptly disclose any matter that may result, or has already resulted, in a conflict of interest;

 See discussion in section 2.6.2 of Stage 1, above n 2, pp 41–43.   Shann Turnbull and Michael Pirson, “The Future of Corporate Governance: Network Governance  – A Lesson from the Financial Crisis”, Fordham University Schools of Business Research Paper No. 2010–010, (15 March 2010), accessed 5 April 2017 at SSRN: http://ssrn.com/ abstract=1570924, 4. 62  BCBS Guidelines 2015, above n 49, Para 83, p 19. 60 61

29.2  Change in Board Culture and Codes of Conduct/Ethics and Conflicts

831

• a member’s responsibility to abstain from voting on any matter where the member may have a conflict of interest or where the member’s objectivity or ability to properly fulfil duties to the bank may be otherwise compromised; • adequate procedures for transactions with related parties so that they are made on an arm’s length basis; and • the way in which the board will deal with any non-compliance with the policy.63

These aspects of a conflicts of interest policy are hypothesized to form part of the corporate codes of conduct and ethics and, therefore, the culture of the bank. As a code of conduct, this variable would be the responsibility of non-executive directors on an Ethics, Compliance and Reputation Committee described in Sect. 36.6 below and has ‘interim’ (*) status pending the examination of codes of conduct and ethics in a proposed future Key Field  – Governance Variables in Corporate Social Responsibility or CSR: [CodesNEDConflicts*] (+) – Bank Codes of Conduct and Ethics – Non-Executive Directors – Review and Oversight of Written Policies for Conflicts of Interest – Enhancement of Monitoring Effect – Coverage/rating + 7/87.50 rprox – relational effect path The behaviour of the [CodesNEDConflicts*] (+) variable is hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/ rating + 7/87.50 rprox, which in turn is identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, coverage/rating + 7/87.50 rprox. Like those variables, the enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient of non-executive directors. Thus, the effect of the [CodesNEDConflicts*] (+) variable is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of the independence of non-­ executive directors. Thus, like the [BrdIndMon] (+) variable and the [BrdSkills] (+) variable, both with a coverage/rating of +7/87.50 rprox, the [CodesNEDConflicts*] (+) variable affects all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 164). Similarly to the [BrdIndMon] (+) variable and the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the codes, conduct, ethics and conflicts decisions of the board. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of +7/87.50 rprox for the [CodesNEDConflicts*] (+) variable the in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

63 64

 Ibid.  See discussion in section 2.6.2 of Stage 1, above n 2, pp 41–43.

832

29  Composition, Independence, Representation, Codes of Conduct and Culture

29.3 FSB’s Framework for Assessing Risk Culture The governance and management of bank risk is examined in Part 6 below including the ‘Risk Appetite Framework’ (RAF) and the ‘Risk Appetite Statement’ (RAS). In Sect. 29.2, we examined changing board culture and ‘tone at the top’ including the construction of a number of ‘CultNED’-prefix variables also in Sect. 29.2 which assist non-executive directors in challenge, debate and testing of CEO, executive and management strategy and risk issues. Here, as a bridge between that discussion and Part 6, we examine FSB-specific governance variables for developing the bank’s risk culture. The Aims of Assessing Risk Culture The FSB explains the aims of supervision in relation to risk culture  – to assess whether the bank’s ‘risk appetite framework’ (RAF) and ‘risk culture’ enhances adherence to the bank’s risk appetite (expressed in a ‘risk appetite statement’ (RAS)): Increasing the intensity and effectiveness of supervision is a key pillar of the FSB’s efforts to reduce the risks posed by systemically important financial institutions (SIFIs). A more intense and effective approach to oversight aims to deliver pre-emptive, rather than reactive, outcomes- based supervision. An anticipatory and strategic approach to supervision rests, among other things, on the ability to engage in high-level sceptical conversations with the board and senior management on the financial institution’s risk appetite framework, and whether the institution’s risk culture supports adherence to the board-approved risk appetite.65

Definitions of risk culture vary, thus the Stage 2 Key Code and Advanced Handbook for Australian major banks will adopt the definition adopted by the FSB which concerns ‘norms, attitudes and behaviours’ relating to risk: Culture can be a very complex issue as it involves behaviours and attitudes. But efforts should be made by financial institutions and by supervisors to understand an institution’s culture and how it affects safety and soundness. While various definitions of culture exist, supervisors are focusing on the institution’s norms, attitudes and behaviours related to risk awareness, risk taking and risk management, or the institution’s risk culture. A sound risk culture consistently supports appropriate risk awareness, behaviours and judgements about risk-taking within a strong risk governance framework. A sound risk culture bolsters effective risk management, promotes sound risk-taking, and ensures that emerging risks or risk-taking activities beyond the institution’s risk appetite are recognised, assessed, escalated and addressed in a timely manner.66

FSB’s Elements of a Sound Risk Culture Governance variables in Sect. 29.2 were based on the independence element of non-­ executive directors. Here  – constructing a bank-wide risk culture  – we cannot depend on that element. Instead, the approach of this Stage 2 Key Code and Advanced Handbook will be to craft ‘FSBCult’-prefix variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same direction. 65 66

 FSBCult, above n 51, Introduction, p 1.  Ibid (emphasis in original and footnote omitted).

29.3  FSB’s Framework for Assessing Risk Culture

833

Like the [BrdSkills] (+) variable, coverage/rating + 7/87.50 rprox, there is an hypothesised enhancement in risk management and therefore internal monitoring. Thus, the effect of the ‘FSBCult’-prefix governance variables is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, an enhancement of a risk culture can be seen as an enhancement in the quality of decision-making reflected in a positive effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Thus, like the [BrdSkills] (+) variable with a coverage/rating of +7/87.50 rprox, the ‘FSBCult’-prefix governance variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 167). Similarly to the [BrdSkills] (+) variable, coverage/rating  +  7/87.50 rprox, compliance with corporate governance and legal requirements on the bank  – an obligation which remains constant by force of law – is not affected by the risk culture element of bank directors, the CEO, executives, middle- and lower-level managers and employees. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the ‘FSBCult’prefix governance variables as follows: • [FSBCultRiskGov] (+)  – Banks  – FSBCult  – Elements of an Effective Risk Culture – Risk Governance68 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox including: –– roles and responsibilities of (see Sect. 41.4 below): • • • •

board; CRO; risk management function; and independent assessment of the RAF;

–– “stature, resources, authority and independence of the risk management and internal audit functions including board reporting”69; and –– “stature, resources, authority and independence of” compliance function and controls for conduct risk70; • [FSBCultRiskApp] (+)  – Banks  – FSBCult  – Elements of an Effective Risk Culture  – Risk Appetite71  – Enhancement in Risk Management and Internal  See discussion in section 2.6.2 of Stage 1, above n 2, pp 41–43.  FSBCult, above n 51, Risk Governance, p 2. 69  Ibid. 70  Ibid. 71  Ibid, Risk Appetite, pp 2–3. 67 68

834

29  Composition, Independence, Representation, Codes of Conduct and Culture

Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox including: –– an effective RAF, RAS and risk limits (see Sects. 41.1–41.3); –– models and systems to identify and measure individual and aggregate risks; and –– execution of bank strategy within RAF; and • [FSBCultCompSystem] (+) – Banks – FSBCult – Elements of an Effective Risk Culture  – Compensation System in Alignment with Prudent Risk-Taking72  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox. FSB’s and NAB’s Indicators of a Sound Risk Culture – Tone from the Top FSB’s Tone from the Top Here, the approach of this Stage 2 Key Code and Advanced Handbook for Australian major banks will again be to craft ‘FSBCultTone’-prefix variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same (+) direction giving rise to a coverage/rating of +7/87.50 rprox for the following governance variables: • [FSBCultToneFromTheTop] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture  – Tone-from-the-Top73  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox, including the sub-variables: –– [FSBCultToneSetAssess] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture – Tone-from-the-Top – Board and Senior Management – Setting and Assessing Expectations for Risk Culture74  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox; –– [FSBCultToneIDGaps] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-from-the-Top – Board and Senior Management – Identifying Gaps and Deficiencies75  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/ rating + 7/87.50 rprox; –– [FSBCultToneIntegrity] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture  – Tone-from-the-Top  – Board and Senior Management  – Integrity and Example-Setting (walking the talk)76  – Enhancement in Risk

 Ibid, Compensation, p 3.  Ibid, Indicators of a sound risk culture, p 3. 74  Ibid, Tone from the Top 3.1, p 5. 75  Ibid. 76  Ibid. 72 73

29.3  FSB’s Framework for Assessing Risk Culture

––

––

––

––

––

––

––

­ anagement and Internal Monitoring Effect  – Enhancement in Quality of M Decision-making, coverage/rating + 7/87.50 rprox; [FSBCultToneValues] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture  – Tone-from-the-Top  – Board and Senior Management  – Clear Articulation of Values which Support Desired Risk Culture and Behaviours77 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; [FSBCultToneReconReward] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture – Tone-from-the-Top – Board and Senior Management – Recognising, Promoting and Rewarding Behaviour which Reflects Desired Risk Culture and Core Values78  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; [FSBCultToneMon&Assess] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture  – Tone-from-the-Top  – Board and Senior Management  – Monitoring and Assessing Actual Culture79  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox; [FSBCultToneMiddleToBU] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture  – Tone-from-the-Top  – Board and Senior Management  – Channeling Risk Culture Through Middle Management to Business Units for Undertaking Activities Within Risk Limits80  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox; [FSBCultToneID&Assess&Remedy] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-from-the-Top – Board and Senior Management – Identify, Monitor and Assess Risk Culture and Remedy Weaknesses81  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; [FSBCultToneChallenge] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-from-the-Top – Board and Senior Management – Open Views, Challenge and Debate82  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; [FSBCultToneTools] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture  – Tone-from-the-Top  – Board and Senior Management  – Tools,

 Ibid, pp 5–6.  Ibid, p 6. 79  Ibid. 80  Ibid. 81  Ibid, 3.1.1, p 6. 82  Ibid, 3.1.2, p 6. 77 78

835

836

29  Composition, Independence, Representation, Codes of Conduct and Culture

Resources and Information for Directors’ Challenge Function83 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultToneEffectRAF] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture  – Tone-from-the-Top  – Board and Senior Management  – Effective RAF Supported by RAS84 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultToneMechsIndivGrp] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture – Tone-from-the-Top – Board and Senior Management – Mechanisms to Avoid Domination by Individual or Group85 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox including: • talent development; • succession planning; and • confidential 360-degree review processes; –– [FSBCultToneSnrManStruct] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture – Tone-from-the-Top – Board and Senior Management – Senior Management Incentive Structures for Compensation, Roles and Responsibilities and Termination86 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultToneAssessValues] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture  – Tone-from-the-Top  – Board and Senior Management  – Assessing Values Espoused by Management and Staff87  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultToneAssessRAF] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture  – Tone-from-the-Top  – Board and Senior Management  – Assessing Whether Management and Staff Understand RAF in Decisionmaking88  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultToneMechsRAFRAS] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture – Tone-from-the-Top – Board and Senior Management –

 Ibid, 3.1.3, p 6.  Ibid, 3.1.4, p 6. 85  Ibid, 3.1.5, p 6. 86  Ibid, 3.1.6, p 6. 87  Ibid, 3.1.7, p 7. 88  Ibid, 3.1.8, p 7. 83 84

29.3  FSB’s Framework for Assessing Risk Culture

––

––

––

––

837

Mechanisms to Embed RAF and RAS in Decision-making89 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; [FSBCultToneAssessBU] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture  – Tone-from-the-Top  – Board and Senior Management  – Assessment of Business Units for Problems In Relation to Risk Management90 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; [FSBCultToneMonIssues] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture  – Tone-from-the-Top  – Board and Senior Management  – Assessment of Promptness and Effectiveness of Issues Addressed by Management91 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; [FSBCultToneReviewRoot] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-from-the-Top – Board and Senior Management – Review of Deficiencies in Risk Management and Identification of Root Causes92  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating  +  7/87.50 rprox; and [FSBCultToneAssessCommEvents] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture – Tone-from-the-Top – Board and Senior Management – Assessment, Communication and Learning from Past Events93 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox.

NAB’s Tone from the Top The NAB Self-Assessment 201894 similarly notes that the NAB Risk Management Strategy (RMS) requires the Board to “set and reinforce an appropriate tone from the top”95 and identifies a number of tone from the top variables. Again, the approach of this Stage 2 Key Code and Advanced Handbook for Australian major banks will again be to craft ‘NABCultTone’-prefix variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same (+) direction giving rise to a coverage/rating of +7/87.50 rprox for the following governance variables:

 Ibid, 3.1.9, p 7.  Ibid, 3.1.10, p 7. 91  Ibid, 3.1.11, p 7. 92  Ibid, 3.1.12, p 7. 93  Ibid, 3.1.13, p 7. 94  NAB Self-Assessment 2018, above n 52. 95  Ibid, p 13. 89 90

838

29  Composition, Independence, Representation, Codes of Conduct and Culture

• [NABCultTonePurpVisionValues] (+) – Banks – NABCultTone – Board Role-­ Modelling of Tone-from-the-Top – Board Time on Bank’s ‘Purpose, Vision and Values’96 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating  +  7/87.50 rprox (NAB); • [NABCultToneExecRemun] (+)  – Banks  – NABCultTone  – Board Role-­ Modelling of Tone-from-the-Top –- Board Changes to Executive Remuneration Practices97 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (NAB), coverage/rating + 7/87.50 rprox (NAB); • [NABCultToneCustEngage] (+)  – Banks  – NABCultTone  – Board Role-­ Modelling of Tone-from-the-Top  – Program of Customer Engagements98  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); • [NABCultToneBrdMeetRegion] (+) – Banks – NABCultTone – Board Role-­ Modelling of Tone-from-the-Top  – Board Meetings in Regional Areas99  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); • [NABCultToneBrdEngageReg] (+)  – Banks  – NABCultTone  – Board Role-­ Modelling of Tone-from-the-Top – Board Active Engagement with Regulators with Scheduled Meetings100 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); • [NABCultToneStatusRiskControl] (+) – Banks – NABCultTone – Board Role-­ Modelling of Tone-from-the-Top – Board Recognition of Stature/Importance of Risk and Control Functions101 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); • [NABCultToneChairSpeechEmploy] (+)  – Banks  – NABCultTone  – Board Role-Modelling of Tone-from-the-Top  – Chair Speeches to External Forums Shared with Employees102  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); • [NABCultToneBrdFocusCust] (+)  – Banks  – NABCultTone  – Board Role-­ Modelling of Tone-from-the-Top  – Board Focus on Doing Right Thing for

 Ibid.  Ibid, p 14. 98  Ibid. 99  Ibid. 100  Ibid. 101  Ibid. 102  Ibid. 96 97

29.3  FSB’s Framework for Assessing Risk Culture

•

•

•

•

839

Customers103  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); [NABCultToneCustRapidFixSust] (+) – Banks – NABCultTone – Board Role-­ Modelling of Tone-from-the-Top – Board to Be Quick to Fix Customer Issues Sustainably104  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); [NABCultToneBiasFinConstrain] (+) – Banks – NABCultTone – Board Role-­ Modelling of Tone-from-the-Top – Board to Remove Board/Management Undue Bias on Financial Constraints in Decision-making105  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox (NAB); [NABCultToneEngageFeedback] (+) – Banks – NABCultTone – Board Role-­ Modelling of Tone-from-the-Top  – Board Engagement and Feedback with Management, Employees and Leaders in Accountability Activities106  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); and [NABCultToneChallengeMan (+)  – Banks  – NABCultTone  – Board Role-­ Modelling of Tone-from-the-Top  – Board Challenge of Management without Feeling of Intimidation107  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB).

The NAB Self-Assessment 2018’s Action #2 is to continue promoting a clear tone from the top: The Board will continue to promote a clear tone from the top and seek greater insights on how well this has cascaded below executive management.108

FSB’s Indicators of a Sound Risk Culture – Accountability Here, the approach of this Stage 2 Key Code and Advanced Handbook for Australian major banks will again be to craft ‘FSBCultAcc’-prefix variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same (+) direction giving rise to a coverage/rating of +7/87.50 rprox for the following governance variables:

 Ibid.  Ibid. 105  Ibid. 106  Ibid. 107  Ibid. 108  Ibid. 103 104

840

29  Composition, Independence, Representation, Codes of Conduct and Culture

• [FSBCultAccount] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture  – Accountability109  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox, including the following sub-variables: –– [FSBCultAccMonReport] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture – Accountability – Ownership of Risk – Monitoring, Reporting and Responding to Emerging Risks110 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultAccShareInfo] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture – Accountability – Ownership of Risk – Sharing Information on Emerging Risks Horizontally and Vertically Within Bank111 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultAccConseq] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture – Accountability – Ownership of Risk – Consequences for Breach of Core Values, Risk Appetite and Risk Culture112  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultAccEscalConseq] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture  – Accountability  – Escalation Processes  – Consequences of Non-Compliance113  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultAccEscalAssess] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture – Accountability – Escalation Processes – Assessments of Staff Awareness of Escalation Processes114  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultAccEscalMechs] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture  – Accountability  – Escalation Processes  – Mechanisms for Employees to Elevate Concerns Without Discomfort of Wrongdoing115  – Enhancement in Risk Management and Internal Monitoring Effect  –  FSBCult, above n 51, Indicators of a sound risk culture, pp 3–4.  Ibid, 3.2.1, p 8. 111  Ibid, 3.2.2, p 8. 112  Ibid, 3.2.3, p 8. 113  Ibid, 3.2.4, p 8. 114  Ibid, 3.2.5, p 8. 115  Ibid, 3.2.6, p 8. 109 110

29.3  FSB’s Framework for Assessing Risk Culture

841

Enhancement in Lines of Responsibility  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultAccEscalWhistleBlow] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture – Accountability – Escalation Processes – Whistleblower Procedures In Place Without Reprisals to Support Risk Management116  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Lines of Responsibility  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultAccConseqExcessRAS] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture – Accountability – Clear Consequences – Consequences Articulated and Applied for Excessive Risk-Taking in Relation to RAS117 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Lines of Responsibility  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; and –– [FSBCultAccConseqBreaches] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture  – Accountability  – Clear Consequences  – Severity of Breaches for Policies, Limits and Codes to Affect Compensation, Responsibilities including Termination118 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox. FSB’s Indicators of a Sound Risk Culture – Effective Communication and Challenge The FSB emphasises the positive effects of having a risk culture with effective communication and challenge, particularly for the identification and escalation of risks: A financial institution’s sound risk culture encourages transparency and open dialogue within the board and between (a) management and the board, and (b) management and staff, on all levels and at all points in the process of development, marketing, implementation and maintenance of a product, service or transaction, in order to promote the identification and escalation of risk issues (i.e., make it easy for staff to “raise their hand”).119

Here, the approach of this Stage 2 Key Code and Advanced Handbook for Australian major banks will again be to craft ‘FSBCultComm’-prefix variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same (+) direction giving rise to a coverage/rating of +7/87.50 rprox for the following governance variables: • [FSBCultCommChallenge] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture  – Effective Communication and Challenge120  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of  Ibid, 3.2.7, p 8.  Ibid, 3.2.8, p 8. 118  Ibid, 3.2.9, p 8. 119  Ibid, Effective Communication and Challenge, p 9. 120  Ibid, Indicators of a sound risk culture, p 4. 116 117

842

29  Composition, Independence, Representation, Codes of Conduct and Culture

Decision-making, coverage/rating  +  7/87.50 rprox, including the following sub-variables: –– [FSBCultCommAltViews] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture – Effective Communication and Challenge – Alternative Views and Questions Encouraged and Respected121  – Enhancement in Risk ­Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox; –– [FSBCultCommMechs] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture  – Effective Communication and Challenge  – Mechanisms for Encouraging Alternative Views and Assessing Openness to Challenge of Decision-­making122  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/ rating + 7/87.50 rprox; –– [FSBCultCommStatureConts] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture – Effective Communication and Challenge – Stature of Control Function (Risk Management, Internal Audit and Compliance) Equivalent to Business Units and Involved in all Committees and Decision-­ making123  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultCommIndConts] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture – Effective Communication and Challenge – Control Functions (Risk Management, Internal Audit and Compliance) are Independent and Have Direct Access to Board and Senior Management with Periodic Reporting124  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; and –– [FSBCultCommExertConts] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture – Effective Communication and Challenge – Control Functions (Risk Management, Internal Audit and Compliance) to Advise and Exert Control Tasks in relation to the Bank’s Risk Culture125 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox. FSB’s Indicators of a Sound Risk Culture – Incentives The FSB emphasises the role of incentives in the risk-culture to promote the long-­ term interests of the bank:

 Ibid, 3.3.1, p 9.  Ibid, 3.3.2, p 9. 123  Ibid, 3.3.3, p 9. 124  Ibid, 3.3.4, p 9. 125  Ibid, 3.3.5, p 9. 121 122

29.3  FSB’s Framework for Assessing Risk Culture

843

The power of a positive culture in risk management lies in its ability to motivate employees to want to control risks because sound risk taking is valued and enforced. Remuneration, performance evaluation and promotion systems reward servicing the greater, long-term interests of the financial institution and its clients, including sustained profitability, as opposed to short- term revenue generation…Risk management and compliance considerations have sufficient status in driving compensation, promotion, hiring, and performance evaluation within the business units.126

Here, the approach of this Stage 2 Key Code and Advanced Handbook for Australian major banks will again be to craft ‘FSBCultIncent’-prefix variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same (+) direction giving rise to a coverage/rating of +7/87.50 rprox for the following governance variables: • [FSBCultIncentives] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture  – Incentives127  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox, including the following sub-variables: –– [FSBCultIncentCoreValueRisk] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture  – Incentives  – Compensation System Supports Core Values and Sound Risk-Taking with a Well-Documented Process128  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultIncentMetrics] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture – Incentives – Remuneration and Performance Metrics Support and Drive Risk-Taking, Risk Appetite and Risk Culture129 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultIncentAnnRev] (+)  – Banks  – FSBCult  – Indicators of a Sound Risk Culture  – Incentives  – Annual Performance Reviews and Objective Setting Supports Core Values and Behaviours and Timely Addressing of Deficiencies130 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultIncentIndivGrp] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture  – Incentives  – Compensation System Includes Individual and Group Adherence to Core Values and Risk Culture131 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox;  Ibid, 3.4 Incentives, p 9.  Ibid, Indicators of a sound risk culture, p 4. 128  Ibid, 3.4.1, p 10. 129  Ibid, 3.4.2, p 10. 130  Ibid, 3.4.3, p 10. 131  Ibid, 3.4.4, p 10. 126 127

844

29  Composition, Independence, Representation, Codes of Conduct and Culture

–– [FSBCultIncentSuccession] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture – Incentives – Succession Planning for Key Positions Includes Risk Management Experience132  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [FSBCultIncentRiskSkills] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture  – Incentives  – Risk Management is a Critical Skill Set for Development of Senior Employees133  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decisionmaking, coverage/rating + 7/87.50 rprox; –– [FSBCultIncentJobRotate] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture  – Incentives  – Job Rotation Between Risk Functions and Business Units For Risk Awareness134 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decisionmaking, coverage/rating + 7/87.50 rprox; and –– [FSBCultIncentRiskTrain] (+) – Banks – FSBCult – Indicators of a Sound Risk Culture – Incentives – Risk Management Training for All Staff for Risk Competencies135 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox.

29.4 FSRC Findings on Governance, Remuneration and Culture The FSRC Final Report explained the relationship between governance, remuneration and culture: Governance refers to the entirety of structures and processes by which an entity is run. By shaping how the business is run, governance shapes culture. The systems, controls and risk management processes of the business affect its culture. But governance is not limited to questions of risk. Nor is it defined only by reference to how the board operates or what matters the board deals with. It embraces not only how, and by whom, decisions are made, but also the values or norms that the processes of governance are intended to effect. Hence, it is rightly said that the ‘tone’ of the entity is, and must be, set at the top.136

And for the FSRC all three must be tackled simultaneously:  Ibid, 3.4.5, p 10.  Ibid, 3.4.6, p 10. 134  Ibid, 3.4.7, p 10. 135  Ibid, 3.4.7, p 10. 136  Commonwealth of Australia, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 4 February 2019, accessed 5 February 2019, available at https://static.treasury.gov.au/uploads/sites/1/2019/02/fsrc-volume1.pdf, Volume 1, (‘FSRC Final Report’), pp 334–5 (footnote omitted). 132 133

29.5  FSRC Final Report Recommendations and Commentary on Culture

845

If what has happened in the past is to be avoided in the future, entities have no choice but to grapple with culture, governance and remuneration. All three are related. Culture obviously affects governance but it also affects remuneration (because remuneration will be structured to reward what the entity values). Governance obviously affects culture but governance will not only affect, it will ultimately determine, how remuneration and incentive arrangements are given practical effect. And remuneration and governance inform and reinforce the culture of the entity.137

In the following sections, Stage 2 of the relational approach for Australian major banks will examine ‘culture’ and ‘governance’ elements of the FSRC Final Report. The FSRC’s observations on remuneration were examined in Chap. 19.

29.5 FSRC Final Report Recommendations and Commentary on Culture The FSRC described culture as: ‘the shared values and norms that shape behaviours and mindsets’ within the entity. It is ‘what people do when no-one is watching’. Culture can drive or discourage misconduct.138

While there was no single best practice for culture, the FSRC identified some ‘basic norms’: –– –– –– –– –– ––

obey the law; do not mislead or deceive; act fairly; provide services that are fit for purpose; deliver services with reasonable care and skill; and when acting for another, act in the best interests of that other.139

In relation to the supervision of culture, the FSRC relied on the observations of the FSB and G30 that supervisors focus on ‘root cause analysis’: I agree with the view of the G30 that ‘[s]upervisors should look on cultural questions as root cause analysis and intervene when they see demonstrably serious problems as opposed to making culture a generalized supervisory add-on’.140

Important, too, for the FSRC was that sufficient resources be available for supervision agreeing with the G30 that: It is essential that there be enough supervision resources, and with the right skill sets/seniority and expert support if needed, to engage constructively with banks on these issues. The main objective should be early problem identification and bank-led corrective action.

 Ibid, p 335.  Ibid, p 375 (footnotes omitted). 139  Ibid, p 376. 140  Ibid, p 386 (bold in original and footnote omitted). 137 138

846

29  Composition, Independence, Representation, Codes of Conduct and Culture

Conduct and values should be part of mainstream supervisory processes as opposed to a separate add-on.141

The FSRC recommended adoption of a number of steps from the FSB so that supervisors: • build a supervisory programme focused on culture to mitigate the risk of misconduct; • use a risk-based approach to prioritise for review the firms or groups of firms that display significant cultural drivers of misconduct; • use a broad range of information and techniques to assess the cultural drivers of misconduct; and • engage firms’ leadership with respect to observations on culture and misconduct.142

For the Stage 2 relational approach for Australian major banks, there were two recommendations by the FSRC in relation to changing culture and governance. Here, the approach of this Stage 2 Key Code and Advanced Handbook will again be to craft ‘FSRCCult’-prefix variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same (+) direction giving rise to a coverage/rating of +7/87.50 rprox for the following governance variables: • [FSRCCultAssess] (+)  – Banks  – FSRCCult  – Regular Assessment of Bank Culture and Governance143  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [FSRCCultIDProbs] (+)  – Banks  – FSRCCult  – Regular Identification of Problems with Culture and Governance144 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [FSRCCultRemedProbs] (+) – Banks – FSRCCult – Regular Remediation of Problems Identified with Culture and Governance145  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox; and • [FSRCCultTestChanges] (+)  – Banks  – FSRCCult  – Regular Assessment of Effectiveness of Changes to Culture and Governance146 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox. The FSRC put strong emphasis on how these governance variables should be approached, focussing on boards and senior management: What the Recommendation requires is much more than an exercise in ‘box-ticking’. Its proper application demands intellectual drive, honesty and rigour. It demands thought,

 Ibid, pp 386–7 (bold in original and footnote omitted)  Ibid, p 387. 143  Ibid, Rec 5.6, p 392. 144  Ibid. 145  Ibid. 146  Ibid. 141 142

29.6  FSRC Final Report Recommendations and Commentary on Governance

847

work and action informed by what has happened in the past, why it happened and what steps are now proposed to prevent its recurrence. Above all, it demands recognition that the primary responsibility for misconduct in the financial services industry lies with the entities concerned and with those who manage and control them: their boards and senior management.147

Recommendation 5.7 of the FSRC Final Report provided advice for APRA in its prudential standards on culture, here translated by the Stage 2 relational approach into a number of governance variables for major banks themselves: • [FSRCCultProgMiscRisk] (+) – Banks – FSRCCult – Construction of Program that will Mitigate the Risk of Misconduct148 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [FSRCCultRiskApproach] (+)  – Banks  – FSRCCult  – Using a Risk-Based Approach to Reviews of Culture and Misconduct149  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox; • [FSRCCultAssessDrivers] (+)  – Banks  – FSRCCult  – Assessing Cultural Drivers of Misconduct150  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; and • [FSRCCultRiskManMiscRisk] (+) – Banks – FSRCCult – Risk Management of Conduct Risk and Governance151  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox.

29.6 FSRC Final Report Recommendations and Commentary on Governance The FSRC opined that accountability is at the core of governance: [G]overnance refers to all of the structures and processes by which an entity is run. It embraces not only by whom, and how, decisions are made, but also the values or norms to which the processes of governance are intended to give effect. Notions of accountability lie at the heart of governance. Who is to be held accountable for what is done or not done? How are those who are accountable held to account?152

 Ibid (bold in original omitted).  Ibid, Rec 5.7, p 393. 149  Ibid. 150  Ibid. 151  Ibid. 152  Ibid, Governance, p 394. 147 148

848

29  Composition, Independence, Representation, Codes of Conduct and Culture

For the FSRC, recommendations on governance fell into three headings – the role of the board, bank priorities and accountability. Governance variables for each heading will now be constructed. FSRC Final Report Recommendations and Commentary on the Role of the Board The first matter in relation to the role of the board in governance was an absence in the quality of information provided to the board to challenge management on key issues.153 The effect of this and related variables is the opposite/negative (−) effect of the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1.154 In that section, the [TransTimeMon] (+) variable hypothesizes an improvement in the quality and reliability of information which flows to the board and, therefore, the market. This, in turn, enhances the quality of external or market monitoring of the board with a predicted improvement in internal monitoring. There, Compliance Factor No 2 and the reflexive relationship between Reporting Factor No 1 and Risk Management, Monitoring & Audit Factor No 5 are the ‘sources’ of the positive influence represented in Figure 9.1 of Stage 1 for the [TransTimeMon] (+) variable. In the case here of the Stage 2 governance variables following identified by the FSRC, there is the same effect – there is an enhancement in the quality and reliability of information which flows to the board from management. Thus, this also results in an enhancement of the quality and reliability of information which flows to the market. This in turn increases the quality of external or market monitoring of the board with a predicted increase in internal monitoring. Thus, here, the approach of this Stage 2 Key Code and Advanced Handbook for Australian major banks will be to craft ‘FSRCGov’-prefix variables based on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 and in the same (+) direction giving rise to a coverage/rating of +8/100.00 rprox for the following governance variables derived from the recommendations of the FSRC155: • [FSRCGovQualInfoChallenge] (+) – Banks – FSRCGov – Boards – Quality of Information for Challenge of Management on Key Issues156 – Enhancement in Information Flow to the Board – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox; • [FSRCGovInfoBreachLaw] (+) – Banks – FSRCGov – Boards – Information on Issues about Breaches of Law157 - Enhancement in Information Flow to the Board -Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox;

 Ibid, What the examples show, p 400.  See discussion in section 9.1.2.1 of Stage 1, above n 2, pp 262–266. 155  FSRC Final Report, above n 136, p 400. 156  Ibid. 157  Ibid. 153 154

29.7  FSRC Recommendations and Commentary on Priorities

849

• [FSRCGovInfoBreachConduct] (+)  – Banks  – FSRCGov  – Boards  – Information on Issues about Breaches of Standards of Conduct158 – Enhancement in Information Flow to the Board  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox; and • [FSRCGovInfoBreachCustOut] (+)  – Banks  – FSRCGov  – Boards  – Information on Issues about Poor Customer Outcomes159  – Enhancement in Information Flow to the Board – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox.

29.7 FSRC Recommendations and Commentary on Priorities FSRC Final Report Recommendations and Commentary on Priorities Here for the Stage 2 relational approach for these variables, it is not a question of information flow to the board. So it is not a question of constructing governance variables based on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1. Instead, it is a question of the quality of risk management and internal monitoring and/or the quality of decision-making. Thus, here, the approach of this Stage 2 Key Code and Advanced Handbook will be to craft ‘FSRCPriority’-prefix variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 but in the negative (−) direction giving rise to a coverage/rating of −7/87.50 rprox for the following governance variables derived from the recommendations of the FSRC160: • [FSRCPriorityProfit] (−) – Banks – FSRCPriority – Boards – Priority of Profit Ahead of Customers and the Law161  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox; • [FSRCPrioritySholderInts] (−) – Banks – FSRCPriority – Boards – Priority of Shareholder Interests Ahead of Customers and the Law162 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­ making, coverage/rating − 7/87.50 rprox; • [FSRCPrioritySharePc] (−)  – Banks  – FSRCPriority  – Boards  – Priority of Share Price Ahead of Customers and the Law163 – Reduction in Risk Management

 Ibid.  Ibid. 160  Ibid, p 401. 161  Ibid. 162  Ibid. 163  Ibid, p 402. 158 159

850

•

•

•

•

•

•

29  Composition, Independence, Representation, Codes of Conduct and Culture

and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox; [FSRCPriorityTotSholderRet] (−) – Banks – FSRCPriority – Boards – Priority of Total Shareholder Return Ahead of Customers and the Law164 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox; [FSRCPrioritySoleSholderValue] (−)  – Banks  – FSRCPriority  – Boards  – Sole Priority of Shareholder Value Ahead of Customers and the Law165  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox; [FSRCPriorityAccountPeriod] (−) – Banks – FSRCPriority – Boards – Priority of Current or Most Recent Accounting Period Ahead of Customers and the Law166  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox; [FSRCPriorityShortTermStake] (−)  – Banks  – FSRCPriority  – Boards  – Priority of Short Term Results Ahead of Long-Term Interests of Stakeholders167 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox; [FSRCPriorityShortTermCusts] (−)  – Banks  – FSRCPriority  – Boards  – Priority of Short Term Results Ahead of Long-Term Interests of Customers168 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox; and [FSRCPriorityShortTermEmploy] (−)  – Banks  – FSRCPriority  – Boards  – Priority of Short Term Results Ahead of Long-Term Interests of Employees169 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox.

The opposite of the last three variables combine for a variable in the positive direction – and echoing the overarching aims of the relational approach’s three relational axes of good governance – still based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same (+) direction. This gives rise to a coverage/ rating of +7/87.50 rprox for the following governance variable derived from the recommendations of the FSRC: • [FSRCPriorityBalanceSTandLT] (+)  – Banks  – FSRCPriority  – Boards  – Balancing of Short-Term Interests of Shareholders with Long-Term Interests of Stakeholders (Shareholders, Customers and Employees)170  – Enhancement in

 Ibid.  Ibid, p 402. 166  Ibid. 167  Ibid, p 403. 168  Ibid. 169  Ibid. 170  Ibid. 164 165

29.8  NAB Self-Assessment 2018 on Financial Objectives and Prioritisation

851

Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox.

29.8 NAB Self-Assessment 2018 on Financial Objectives and Prioritisation Thus, here, the approach of this Stage 2 Key Code and Advanced Handbook for Australian major banks will be to craft ‘NABPriority’-prefix variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the positive (+) and negative (−) directions giving rise to a coverage/rating of +7/87.50 rprox and − 7/87.50 rprox respectively for the following governance variables derived from the NAB Self-Assessment 2018.171 Financial Objectives and Prioritisation In the positive (+) direction for financial objectives and prioritisation: • [NABPriorityInvest] (+) – Banks – NABPriority – Boards – Favour Long-Term Over Short-Term Results – Investment Spend (Generally)172 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [NABPriorityTransform] (+) – Banks – NABPriority – Boards – Favour Long-­ Term Over Short-Term Results  – Simplify and Transform the Bank173  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; and • [NABPriorityInvestRisk] (+) – Banks – NABPriority – Boards – Favour Long-­ Term Over Short-Term Results  – Investment on Risk-Related Initiatives174  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox. In the negative (−) direction for financial objectives and prioritisation: • [NABPriorityInvestOpComplyRisk] (−) – Banks – NABPriority – Boards – Insufficient Investment Spend on Reducing Complexity and Accumulated Operational (Particularly Technology) and Compliance Risk175  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-­making, coverage/rating − 7/87.50 rprox; • [NABPriorityBEARAccReviewRisk] (−) – Banks – NABPriority – Boards – Failure of Evaluation and Assessment of Capacity and Capabilities to Address  NAB Self-Assessment 2018, above n 52, pp 36–40.  Ibid, p 37. 173  Ibid. 174  Ibid. 175  Ibid. 171 172

852

29  Composition, Independence, Representation, Codes of Conduct and Culture

Specific Risks of BEAR Accountable Persons176 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox; • [NABPriorityRiskAlignBEARAcc] (−)  – Banks  – NABPriority  – Boards  – Failure to Update Categorisation, Measurement and Reporting of Risk to Better Align to BEAR Accountabilities177 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox; • [NABPrioritySTFinOverCustOut] (−)  – Banks  – NABPriority  – Boards  – Priorities Favour Short-Term Financial Objectives Over Customer Outcomes178 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox; and • [NABPriorityInconsistDecFrame] (−) – Banks – NABPriority – Boards – No Consistent or Explicit Framework for Decision-making – Including Impact on Customer, Employees, Risk, Reputation and Financials179 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­ making coverage/rating − 7/87.50 rprox. NAB Self-Assessment 2018 on Strategic Planning and Performance Objectives In the positive (+) direction for strategic planning and performance objectives: • [NABPriorityLTStratObject] (+)  – Banks  – NABPriority  – Boards  – Bank Long-Term Strategic Objectives180  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • For enhancing information flow by a reporting variable based on the [TransTimeMon] (+) variable and in the same (+) direction, coverage/rating + 8/100.00 rprox, in section 9.1.2.1 of Stage 1: –– [NABPriorityLTStratPerfIndRep] (+) – Banks – NABPriority – Boards – Bank Long-Term Strategic Performance Indicators Reporting to ELT (Executive Leadership Team) and Reported to Board through the CEO, CFO and Group CRO Reports181 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); –– [NABPriorityLTStratPerfIndMetrics] (+)  – Banks  – NABPriority  – Boards  – Bank Long-Term Strategic Performance Indicators Metrics in  Ibid.  Ibid. 178  Ibid. 179  Ibid. 180  Ibid. 181  Ibid. 176 177

29.8  NAB Self-Assessment 2018 on Financial Objectives and Prioritisation

853

Dashboards ‘Run the Bank’ and ‘Change the Bank’182  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/ Responsibility, coverage/rating + 8/100.00 rprox (NAB); and –– [NABPriorityLTGrowthFundBEARAccUpdate] (+)  – Banks  – NABPriority  – Boards  – Bank Long-Term Strategic Objectives  – Growth Fund Investment Allocation to Support BEAR Accountable Persons – Bank “Update of Categorisation, Measurement and Reporting of Risk to Align with BEAR Accountabilities”183 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB). Growth Fund and Annual Group Budget Returning to variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, coverage/rating + 7/87.50 rprox, in the positive (+) direction for Growth Fund and Annual Group Budget: • [NABPriorityLTGrowthFund] (+)  – Banks  – NABPriority  – Boards  – Bank Long-Term Strategic Objectives  – Growth Fund Investment Allocation184  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox, including the sub-variables: –– [NABPriorityLTGrowthFundRiskRegComply] (+)  – Banks  – NABPriority  – Boards  – Bank Long-Term Strategic Objectives  – Growth Fund Investment Allocation to Risk, Regulatory or Compliance Functions185 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; –– [NABPriorityLTGrowthFundIndustrial] (+)  – Banks  – NABPriority  – Boards – Bank Long-Term Strategic Objectives – Growth Fund Investment Allocation to Process, Control and System Improvements (‘Industrialisation’)186  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/ rating + 7/87.50 rprox; and –– [NABPriorityLTGrowthFundBEARAccEval] (+) – Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Growth Fund Investment Allocation to Support BEAR Accountable Persons  – “In Evaluating and Assessing the Adequacy and Appropriateness of Operational Capacity and

 Ibid.  Ibid, p 38, Action #16 therein. 184  Ibid, p 38. 185  Ibid. 186  Ibid. 182 183

854

29  Composition, Independence, Representation, Codes of Conduct and Culture

Investment to Address the Risks for Which They are Responsible”187  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox. Again, returning to variables based on the [BrdSkills] (+) variable but in the negative (−) direction for Growth Fund and Annual Group Budget: • [NABPriorityLTGrowthFundComplexOpComply] (−)  – Banks  – NABPriority  – Boards  – Bank Long-Term Strategic Objectives  – Failure to Request or Allocate Growth Fund Investment Allocation to Accumulated Complexity, Operational (Particularly Technology) Risk and Compliance Risk188  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox. Trade-Offs in Decision-Making Again, in the case of variables based on the [BrdSkills] (+) variable but in the negative (−) direction for Trade-Offs in Decision-making: • [NABPriorityDecisonNonConsist] (−)  – Banks  – NABPriority  – Boards  – Bank Long-Term Strategic Objectives – Failure to Guide Decision-making with Consistent Principles189 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox, including the following sub-variables: –– [NABPriorityDecisonStakeConseq] (−) – Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives  – Failure to Guide Decision-making with Consistent Principles  – Failure to Give Explicit Consideration to Consequences for all Relevant Stakeholders190  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox; –– [NABPriorityDecisonBudgetConstrain] (−)  – Banks  – NABPriority  – Boards – Bank Long-Term Strategic Objectives – Failure to Guide Decision-­ making with Consistent Principles – Decision-making Limited by “Perceived Local Budget or Resourcing Constraints”191 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox; –– [NABPriorityDecisonMisinterpMulti] (−)  – Banks  – NABPriority  – Boards – Bank Long-Term Strategic Objectives – Failure to Guide Decision-­ making with Consistent Principles  – “Trade-offs Balancing Multiple Factors…Misinterpreted as they Cascaded Through the Organisation”192  –  Ibid, Action #16 therein.  Ibid, p 38. 189  Ibid, p 39. 190  Ibid. 191  Ibid. 192  Ibid. 187 188

29.8  NAB Self-Assessment 2018 on Financial Objectives and Prioritisation

855

Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox; and –– [NABPriorityDecisonMisinterpFinResult] (−)  – Banks  – NABPriority  – Boards  – Bank Long-Term Strategic Objectives  – Failure to Guide ­Decision-­making with Consistent Principles – Perception of Financial Results Over “Customer Experience, Risk and Compliance Outcomes, and Behaviour and Values”193  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox. In the positive (+) direction for variables based on the [BrdSkills] (+) variable for Trade-Offs in Decision-making: • [NABPriorityDecisionConsistApproach] (+)  – Banks  – NABPriority  – Boards  – Bank Long-Term Strategic Objectives  – “Consistent and Explicit Decision-­making Approach for Important Decisions”194 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox, including impacts on: –– –– –– –– ––

Customer; Employees; Risks; Reputation; and Financial Results.

Customer Outcomes In the negative (−) direction for variables based on the [BrdSkills] (+) variable for Customer Outcomes, giving rise to a coverage/rating of −7/87.50 rprox: • [NABPriorityDecisonCustValue&Out] (−) – Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives – Failure to Be Disciplined and Systematic in “Consideration, Definition and Measurement of Value to Customers and Customer Outcomes”195  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox; • [NABPriorityDecisonCustMetrics] (−)  – Banks  – NABPriority  – Boards  – Bank Long-Term Strategic Objectives  – Failure of Metrics for Quality of Customer Outcomes196 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox; and • [NABPriorityDecisonCustProd&Serv] (−) – Banks – NABPriority – Boards – Bank Long-Term Strategic Objectives  – Failure of Approach to Design,  Ibid.  Ibid, Action #17 therein. 195  Ibid, p 39. 196  Ibid. 193 194

856

29  Composition, Independence, Representation, Codes of Conduct and Culture

Management, Governance and Monitoring of Products and Services for Value to Customer197 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox.

29.9 Westpac Review Team 2018 Prioritisation Decisions The following failings identified by the Westpac Review Team 2018, all of which again track the relational effect path of the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1198 but in the negative (−) direction, have a coverage/rating of −7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • case studies199: –– in the negative (−) direction for variables based on the [BrdSkills] (+) variable: • [WBCFailInvestAcquisitionRisk&Comply] (−)  – Banks  – WBCFailInvest  – Financial Prioritisation  – Business Acquisition on Assumption Risk and Compliance Matters Could be Resolved During Integration – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 7/87.50 rprox (Westpac)200; • [WBCFailInvestFundingRisk&Comply] (−) – Banks – WBCFailInvest – Financial Prioritisation – Funding Decisions without Full Understanding of Risk and Compliance Issues – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  7/87.50 rprox (Westpac)201; • Investment allocation decisions202: –– in the negative (−) direction for variables based on the [BrdSkills] (+) variable: • [WBCFailAllocateInvestEIPNFRs] (−)  – Banks  – WBCFailAllocateInvest – Financial Prioritisation – Investment Allocation Decisions – Enterprise Investment Pool (EIP) – Failure to Identify Nonfinancial Risks Inherent in Initiative or if Initiative Does Not Proceed  –

 Ibid, Action #18 therein.  See discussion in sections 7.3.1.2.1 of Stage 1, above n 2, pp 198–201. 199  Westpac Review Team 2018, above n 53, section 8.1.1, p 63. 200  Ibid. 201  Ibid. 202  Ibid, section 8.1.2, p 63. 197 198

29.9  Westpac Review Team 2018 Prioritisation Decisions

857

Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 7/87.50 rprox (Westpac)203 including: • Operational Risk and Compliance Functions not involved in identifying or analysing risks in the submission process204; • Executive Team and Board not aware of non-financial risks in the initiative decision205 remediated by: –– Operational Risk and Compliance Functions to Identify risks in the EIP submissions including risks of initiative not proceeding206; –– in the positive (+) direction for variables based on the [BrdSkills] (+) variable: • [WBCAllocateInvestBSRProc] (+)  – Banks  – WBCAllocateInvest  – Financial Prioritisation – Investment Allocation Decisions – Board Strategy Review Process for Executive Team and Board for High-Level Initiatives – Enhancement in Quality of Risk Management, Monitoring and Decisionmaking, coverage/rating + 7/87.50 rprox (Westpac)207 including: • further scrutiny by Group and divisional governance committees to re-­ evaluate allocations208; and • allocation process for Enterprise Investment Pool including financial considerations and financial benefits209; • Project delivery210: –– in the negative (−) direction for variables based on the [BrdSkills] (+) variable: • [WBCProjectDelInitialCostPressure] (−) – Banks – WBCProjectDel – Financial Prioritisation – Project Delivery – Pressure to Adhere to Initial Cost Estimates at High Level – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  7/87.50 rprox (Westpac)211 including: • extensions to project schedule; • reduction in scope and compromises; • resulting in “delivered risk”212;  Ibid, section 8.1.4, p 63.  Ibid. 205  Ibid, section 8.1.5, p 63. 206  Ibid, Recommendation G31, p 63. 207  Ibid, section 8.1.2, p 63. 208  Ibid. 209  Ibid, section 8.1.3, p 63. 210  Ibid, section 8.1.6, p 64. 211  Ibid, section 8.1.7, p 64. 212  Ibid. 203 204

858

29  Composition, Independence, Representation, Codes of Conduct and Culture

• failure to take account of risk and compliance requirements in a durable manner213; • “challenges to benefit realisation”214; • green project status hiding “progressive dilution of eventual outcome”215; and • failure of initial assumptions causing challenges faced216; • remediated by: –– reporting templates for Project Steering Committee updated to include risks and all material underlying assumptions at front for consideration and challenge217; and –– reporting templates for Project Steering Committee updated for changes in scope, schedule, solution and expected benefits tracked in auditable form.218 –– in the positive (+) direction for variables based on the [BrdSkills] (+) variable: • [WBCProjectDelProjSteerCm] (+)  – Banks  – WBCProjectDel  – Financial Prioritisation – Project Delivery – Project Steering Committee Established to Oversee Initiative  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 7/87.50 rprox (Westpac)219 including: • • • •

more detailed formulation of initiative; refinement of cost estimates; resourcing needs; and timelines and milestones220;

WBC Four (4) Factors Contributing to Prioritisation of Financial Considerations • Four (4) factors contributing to prioritisation of financial considerations over risk considerations221: –– 1. “voice” of finance and human resources222: • in the negative (−) direction for variables based on the [BrdSkills] (+) variable:  Ibid, section 8.1.8, p 64.  Ibid, section 8.1.9, p 64. 215  Ibid, section 8.1.10, p 64. 216  Ibid, 8.1.11, p 64. 217  Ibid, Recommendation G32, p 64. 218  Ibid, Recommendation G33, p 64. 219  Ibid, section 8.1.6, p 64. 220  Ibid. 221  Ibid, section 8.2.1, p 64. 222  Ibid, section 8.2.2, p 65. 213 214

29.9  Westpac Review Team 2018 Prioritisation Decisions

859

• [WBCFinPriorityFin&HRInfluence] (−) – Banks – WBCFinPriority – Financial Prioritisation – Financial Prioritisation Over Risk – Influence of Finance and HR Functions Over Business Units  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 7/87.50 rprox (Westpac)223 including: –– perceived veto for budget, headcount, remuneration, timing and organisational structure constraints224; –– 2. “voice” of Operational Risk and Compliance functions225: • in the negative (−) direction for variables based on the [BrdSkills] (+) variable: • [WBCFinPriorityOpRisk&ComplyLowStand] (−)  – Banks  – WBCFinPriority  – Financial Prioritisation  – Financial Prioritisation Over Risk – Standing and Authority of Operational Risk and Compliance Functions Not Elevated – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  7/87.50 rprox (Westpac)226 including: –– financial considerations over-emphasised227; –– less mature non-financial risk stature/standing/authority leads to less active listening to views of Operational Risk and Compliance function228 remediated by: • decision rights of Finance and HR in relation to risk and compliance to be clarified229; –– 3. Westpac’s understanding and approach to managing risk and compliance230: • in the positive (+) direction for variables based on the [BrdSkills] (+) variable: • [WBCFinPriorityFin&NFRsCustMkt] (+)  – Banks  – WBCFinPriority  – Financial Prioritisation  – Financial Prioritisation Over Risk – Consideration of Financial and Non-financial Risks including on Customer and Market  – Enhancement in Quality of Risk

 Ibid.  Ibid, section 8.2.3, p 65 225  Ibid, section 8.2.4, p 65. 226  Ibid. 227  Ibid, section 8.2.5, p 65. 228  Ibid, section 8.2.6, p 65. 229  Ibid, Recommendation G34, p 65. 230  Ibid, section 8.2.7, p 65. 223 224

860

29  Composition, Independence, Representation, Codes of Conduct and Culture

Management, Monitoring and Decision-making, ing + 7/87.50 rprox (Westpac)231 including:

coverage/rat-

–– enhancing management of non-financial risks across 3 LOD232; and –– embedding “should we?” consideration in decision-making233; • in the negative (−) direction for variables based on the [BrdSkills] (+) variable: • [WBCFinPriorityNFRsFailRobustApproach] (−)  – Banks  – WBCFinPriority  – Financial Prioritisation  – Financial Prioritisation Over Risk  – Lack of Robust Approach to Non-financial Risks  – Reduction in Quality of Risk Management, Monitoring and Decisionmaking, coverage/rating − 7/87.50 rprox (Westpac)234 including: –– –– –– –– ––

risks not identified; gravity/extent/implications not appreciated; mitigants not identified; risks not given due attention; and “should we?” consideration not informing decisions235;

–– 4. delegation by Group Executives of their responsibility for decisions about projects236: • in the negative (−) direction for variables based on the [BrdSkills] (+) variable: • [WBCFinPrio\O] (−)  – Banks  – WBCFinPriority – Financial Prioritisation – Financial Prioritisation Over Risk  – Governance Committee to Scrutinise Project-delivered Initiatives endorsed by Executive Team and Approved by the Board237 – Enterprise Portfolio Oversight Committee Considers Non-Regulatory Change Initiatives238 – Group Executives Delegating Attendance to Divisional CFOs  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  7/87.50 rprox (Westpac)239 including:

 Ibid.  Ibid, section 8.2.8, p 65. 233  Ibid. 234  Ibid, section 8.2.9, p 65. 235  Ibid. 236  Ibid, section 8.2.10, pp 65–66. 237  Ibid, section 8.2.10, p 66. 238  Ibid section 8.2.11, p 66. 239  Ibid, section 8.2.12, p 66. 231 232

29.11  FSRC Final Report Recommendations and Commentary on Accountability

861

–– divisional CFOs may prioritise shorter-term financial considerations over risks when assessing funding decisions240 remediated by: • Group Executives more regularly attend EPOC meetings241; and • development of formal assurance process for delegations including transparency and rationale.242

29.10 FSRC Final Report Recommendations and Commentary on Non-financial Risks In Sect. 36.8 of Chap. 36 below, APRA recommends the establishment of a ‘NonFinancial Risk Committee at the Group Executive level’243 to remediate failings in relation to the oversight of risk, including operational and compliance risks. For the FSRC Final Report, there is also an emphasis on the management of non-­ financial risks: Obviously, the prudent management of financial risks by financial services entities is and will always remain important. But financial services entities must now accept that financial risks are not the only risks that matter. The prudent management of non-financial risks is equally important. Financial services entities must give sufficient attention, and devote sufficient resources, to the effective management of non-financial risks. APRA should give consideration to how that requirement can be made more prominent in its prudential standards.244

29.11 FSRC Final Report Recommendations and Commentary on Accountability The FSRC observed that accountability was of central importance to culture, governance and remuneration245 quoting the following passage from the APRA Final Report: A lack of accountability is a common theme underlying several of the issues observed in this Inquiry. This contributed to: an inability to identify who is accountable when things have gone wrong; inadequate remuneration outcomes for adverse risk and compliance outcomes; weak issue escalation, management and closure; insufficient Executive Committee

 Ibid, sections 8.2.13–8.2.14, p 66.  Ibid, Recommendation G35, p 66. 242  Ibid. 243  See discussion in Sect. 36.8 of Chap. 36 below. 244  FSRC Final Report, above n 136, p 406 (bold in original). 245  Ibid, p 407. 240 241

862

29  Composition, Independence, Representation, Codes of Conduct and Culture

oversight; and inadequate business unit supervision of functions performed elsewhere in the Group.246

The review in this Stage 2 Key Code and Advanced Handbook of the Banking Executive Accountability Regime (BEAR) was undertaken in Chap. 20. Here, for the FSRC, there should be an additional responsibility of accountable persons: I have already indicated in the chapter about the banking sector that I consider APRA should determine, under section 37BA(4) of the Banking Act 1959 (Cth), an additional responsibility of accountable persons within each of the banks subject to the BEAR. That additional responsibility would be for the end-to-end management of product design, delivery, maintenance and, where necessary, remediation. It would then be for each bank to identify the relevant accountable person.247

Again for the FSRC, the BEAR was “not a substitute for proper processes within entities for identifying who is accountable for risk”248 including “conduct and compliance risk”.249 In addition, the CRO’s responsibilities for risk management were not “a complete or comprehensive identification of who within the organisation should be held accountable for risks”.250 Here for the additional accountability responsibility for an accountable person suggested by the FSRC, the approach of this Stage 2 Key Code and Advanced Handbook will again be to craft a variable based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same (+) direction giving rise to a coverage/ rating of +7/87.50 rprox for the following governance variable: • [FSRCAccPersonEndtoEndResp] (+) – Banks – FSRC – Boards – Additional Accountability Responsibility for BEAR – Accountable Person to be Responsible for End-to-End Management of Product Design, Delivery, Maintenance and Remediation  – Enhancement of Risk Management and Decision-making and Reporting – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility and Decision-making, coverage/rating + 7/87.50 rprox.

 Ibid, citing Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (‘APRA Final Report’), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-­ Report_30042018.pdf, p 59. 247  FSRC Final Report, above n 136, p 408. 248  Ibid. 249  Ibid. 250  Ibid, p 409. 246

Chapter 30

NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac Reassessment on Governance, Accountability and Culture Abstract  This Chapter 30 of the Stage 2 Key Code and Advanced Handbook for the governance of Australian major banks examines the NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac Reassessment on governance, accountability and culture. This begins with the NAB Self-Assessment 2018 and Westpac Review Team 2018 on the role of the board and senior management including the operation of the board and its committees. There is focus on NAB’s reporting to the board, customer impact and outcomes, second line risk reporting, reporting from third line internal audit, non-financial risk reporting, operational and technology risk, compliance and regulatory matters and NAB’s further variables for non-financial risk reporting. We then switch to the Westpac Review Team 2018 on investment allocations. There follows the NAB board challenge and closure of issues, remuneration and consequence management and the NAB Self-Assessment on senior leadership oversight including Executive Risk Committees, ELT Risk Committees, Customer Experience Board (CXB), Group Risk Return Management Committee (GRRMC), Value Chain Risk Management Committees and the Technology and Operations Risk Management Committee. This section then turns to the NAB operation of the Executive Leadership Team (ELT) and the Group Risk Return Management Committee (GRRMC). The examination then moves to Westpac’s functioning of the Executive Team and Westpac RISKCO including enhancing RISKCO reporting and enhancing Executive Team functions. The Westpac examination concludes with the Westpac Reassessment’s board and executive oversight of non-financial risk including the Westpac board and RISKCO. Chapter 30 concludes with the NAB Self-Assessment of accountability including clarity of accountability, effectiveness of accountability, accountabilities for resolving ‘complex’ issues and NAB accountabilities in performance and remuneration. Keywords  Governance · Accountability · Culture · Reporting to the board · Senior leadership/executive team oversight · RISKCO · Non-financial risk · Accountability © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_30

863

864

30  NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac…

As noted in the introduction in Part 1, in the NAB Self-Assessment 2018,1 its ‘core’ themes are stated to follow the APRA Final Report: • Governance: the way in which decisions at NAB are made, including how financial objectives, values and strategic priorities impact on decision-making and risk management, and how decisions once made are implemented. • Accountability: the way in which NAB employees, both individually and collectively, fulfil their responsibilities and the consequences of them not doing so. • Culture: the norms of behaviour for individuals and groups within NAB that determine the collective ability to identify, understand, openly discuss, escalate and act on current and future challenges and risks.2

30.1 NAB Self-Assessment 2018 and Westpac Review Team 2018 on the Role of the Board and Senior Management This Chap. 30 will examine the NAB Self-Assessment 2018 and Westpac Review Team 20183 on the role of the board and senior management in Sects. 30.3–30.9.

30.2 Operation of the Board and Its Committees A number of Board Committees are examined in this Stage 2 Key Code and Advanced Handbook and are also reviewed in the NAB Self-Assessment 2018: • the Board Risk Committee (BRC) is examined in Chap. 43; • the Audit Committee (AudCom) is examined in Sect. 36.1; • the Compensation/Remuneration Committee (CC) was examined in Sect. 12.6; and • a NAB Customer Outcomes Committee will be introduced in the NAB Self-­ Assessment 2018 in Sect. 36.6. For Westpac, there are five standing Committees reviewed by its Review Team: • Board Audit Committee; • Board Risk & Compliance Committee;

 National Australia Bank, NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/ content/dam/nabrwd/documents/reports/corporate/nab-self-assessment-2018.pdf (‘NAB Self-­ Assessment 2018’). 2  Ibid, p 7. 3  Westpac Banking Corporation, Review Team, Governance, Accountability and Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-Assessment_Report_.pdf (‘Westpac Review Team 2018’). 1

30.3  NAB Reporting to the Board

865

• Board Remuneration Committee; • Board Nominations Committee; and • Board Technology Committee.4 In the Westpac Reassessment of June 2020,5 Westpac adds emphasis to specific non-financial risks by forming a sub-committee of the Board Risk Committee known as the: • Board Legal, Regulatory and Compliance Committee.6

30.3 NAB Reporting to the Board The Stage 2 relational approach for Australian major banks will construct a disclosure variable identical to the [TransTimeMon] (+)7 variable (and in the same positive (+) direction with a coverage/rating of +8/100.00 rprox) to reflect an increase in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the enhancement in information flow as a result of NAB’s identification of reporting to the board. This gives rise to governance variables with a coverage/rating of +8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Alternatively, there is an increase in the quality of decision-making – Decision-­ making Factor No 7  – and/or an enhancement of clear lines of accountability/ responsibility affecting positively Responsibility Factor No 8 for each of the enhancements identified by NAB. In the case of failings in board reporting, negative variables based on the [TransTimeMon] (+)8 variable (but in the negative (−) direction), will be identified.

 Ibid, section 5.2.1, p 32.  Westpac Banking Corporation, Reassessment of the Culture, Governance and Accountability Remediation Plan, June 2020, accessed 20 November 2020, available at https://www.westpac. com.au/content/dam/public/wbc/documents/pdf/aw/media/WBC_CGA_Reassessment.pdf (‘Westpac Reassessment’). 6  Ibid, p 7. 7  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in section 9.1.2.1 of Stage 1, pp 198–199. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 8  Ibid. 4 5

866

30  NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac…

NAB Self-Assessment 2018 In the case of reporting to the board generally, the variable based on the [TransTimeMon] (+) variable is submitted to be: • [NABBrdRepTwoPlusFiveRule] (+) – Banks – NABBrdRep – Reporting to the Board Generally – ‘Two Plus Five’ Rule for Board Papers9 – Greater Discipline in Highlighting of Key Issues and Concerns  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); NAB Customer Impact and Outcomes In the case of customer impact and outcomes for variables based on the [TransTimeMon] (+) variable: • [NABBrdRepCustImpact] (+)  – Banks  – NABBrdRep  – Reporting to the Board Generally – Impacts on Customers for Board Papers – Greater Focus on Impacts on Customers10  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); • [NABBrdRepCustComplain] (+)  – Banks  – NABBrdRep  – Reporting to the Board Generally – Impacts on Customers for Board Papers – Insights and Trends from Customer Complaints11 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); NAB Second Line Risk Reporting In the case of Second Line Risk Reporting for variables based on the [TransTimeMon] (+) variable: • [NABBrdRepSecLineRiskViewBrd] (+) – Banks – NABBrdRep – Reporting to the Board Generally – Second Line Risk View for Board Papers and Papers to Board12  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); • [NABBrdRepSecLineRiskViewBRC] (+) – Banks – NABBrdRep – Reporting to the Board Generally  – Second Line Risk View for Papers to BRC13  – Enhancement in Information Flow – Increase in Quality of Risk Management

 NAB Self-Assessment 2018, above n 1, p 14.  Ibid. 11  Ibid. 12  Ibid. 13  Ibid. 9

10

30.3  NAB Reporting to the Board

867

and ­ Internal Monitoring and Decision-making  – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); • [NABBrdRepSecLineRiskViewGRRMC] (+)  – Banks  – NABBrdRep  – Reporting to the Board Generally – Second Line Risk View for Papers to Group Risk Return Management Committee (GRRMC)14 – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); • [NABBrdRepCROWrittenRep] (+) – Banks – NABBrdRep – Reporting to the Board Generally  – CRO Written Report to Board, BRC and GRRMC15  – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); NAB Reporting from Third Line Internal Audit In the case of reporting from Third Line Internal Audit for variables based on the [TransTimeMon] (+) variable: • [NABBrdRepThirdLineRepBrd] (+) – Banks – NABBrdRep – Reporting to the Board Generally  – Third Line Internal Audit Reporting to Board16  – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); • [NABBrdRepThirdLineRepAudCom] (+) – Banks – NABBrdRep – Reporting to the Board Generally  – Third Line Internal Audit Reporting to Audit Committee17 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); • [NABBrdRepThirdLineRepBRC] (+) – Banks – NABBrdRep – Reporting to the Board Generally  – Third Line Internal Audit Reporting to BRC18  – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); NAB Non-financial Risk Reporting In the case of Non-Financial Risk Reporting for variables based on the [TransTimeMon] (+) variable:

 Ibid.  Ibid, p 15. 16  Ibid. 17  Ibid. 18  Ibid. 14 15

868

30  NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac…

• [NABBrdRepSecLineNFRRepBrd] (+)  – Banks  – NABBrdRep  – Non-­ Financial Risk Reporting – Second Line NFR Reporting to Board19 – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/ Responsibility, coverage/rating + 8/100.00 rprox (NAB); • [NABBrdRepSecLineNFRRepBRC] (+)  – Banks  – NABBrdRep  – Non-­ Financial Risk Reporting – Second Line NFR Reporting to BRC20 – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/ Responsibility, coverage/rating + 8/100.00 rprox (NAB); NAB Operational and Technology Risks In the case of Operational and Technology Risks for variables based on the [TransTimeMon] (+) variable: • [NABBrdRepSecLineOTRRepBrd] (+) – Banks – NABBrdRep – Operational and Technology Risk Reporting  – Second Line OTR Reporting to Board21  – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); • [NABBrdRepSecLineOTRRepBRC] (+) – Banks – NABBrdRep – Operational and Technology Risk Reporting  – Second Line OTR Reporting to BRC22  – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); NAB Compliance and Regulatory Matters In the case of Compliance and Regulatory Matters for variables based on the [TransTimeMon] (+) variable: • [NABBrdRepSecLineComplyRegRepBrd] (+)  – Banks  – NABBrdRep  – Compliance and Regulatory Matters – Second Line Compliance and Regulatory Reporting to Board23 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (NAB); • [NABBrdRepSecLineComplyRegRepBRC] (+)  – Banks  – NABBrdRep  – Compliance and Regulatory Matters – Second Line Compliance and Regulatory Reporting to BRC24 – Enhancement in Information Flow – Increase in Quality of

 Ibid.  Ibid. 21  Ibid. 22  Ibid. 23  Ibid. 24  Ibid. 19 20

30.3  NAB Reporting to the Board

869

Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (NAB); NAB Further Variables for Non-financial Risk Reporting In the case of initiatives for better Non-Financial Risk reporting to the Board for variables based on the [TransTimeMon] (+) variable: • [NABBrdRepSecLineNFRRepNew] (+)  – Banks  – NABBrdRep  – Non-­ Financial Risk Reporting  – Second Line NFR Reporting to Board  – New Initiatives25 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (NAB), including the following sub-variables: –– [NABBrdRepSecLineNFRRepLeads] (+) – Banks – NABBrdRep – Non-­ Financial Risk Reporting  – Second Line NFR Reporting to Board  – New Initiatives – Better Lead Indicators of Non-Financial Risks Aligned to Risk Appetite26 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (NAB); –– [NABBrdRepSecLineNFRRepReput] (+) – Banks – NABBrdRep – Non-­ Financial Risk Reporting  – Second Line NFR Reporting to Board  – New Initiatives  – More Holistic Reporting of Matters Affecting Bank’s Reputation27  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (NAB); –– [NABBrdRepSecLineNFRRepAgedRemed] (+) – Banks – NABBrdRep – Non-Financial Risk Reporting – Second Line NFR Reporting to Board – New Initiatives – Regular Aged Remediation Report to Highlight Slippage and Set Targets to Remediate Customers28  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-­making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); –– [NABBrdRepSecLineNFRRepBench] (+) – Banks – NABBrdRep – Non-­ Financial Risk Reporting  – Second Line NFR Reporting to Board  – New Initiatives – Increased Benchmarking29 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and  Ibid.  Ibid. 27  Ibid. 28  Ibid. 29  Ibid. 25 26

870

30  NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac…

Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); and –– [NABBrdRepSecLineNFRRepLearn] (+) – Banks – NABBrdRep – Non-­ Financial Risk Reporting  – Second Line NFR Reporting to Board  – New Initiatives  – Outside-In Learning30  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-­making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB). The resultant Action #3 in relation to Non-Financial Risk Reporting in the NAB Self-Assessment 2018 is that: The Board will require and oversee enhancements to non-financial risk reporting, in particular to ensure key matters are escalated early and clearly and that adequate agenda time is allocated to them.31

30.4 Westpac Review Team 2018 Westpac Investment Allocations In the case of reporting to the board for investment allocation decisions made by the board, the Westpac Review Team identifies a negative variable based on the [TransTimeMon] (+)32 variable but in the negative (−) direction, giving rise to a coverage/rating of −8/100.00 rprox: • [WBCBrdRepAllocateEIPRiskComply] (−)  – Banks  – WBCBrdRep  – Reporting to the Board – Reporting for Investment Allocation Decisions of the EIP (Enterprise Investment Pool)  – Decisions Approving Overall Size and Allocation of EIP – Failure to Describe the Risk and Compliance Issues of Not Proceeding with An Initiative thus Under-weighing Risk Considerations  – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (Westpac).33

30.5 NAB Board Challenge and Closure of Issues For the Stage 2 relational approach, there were a number of matters identified by the NAB Self-Assessment 2018 in relation to board challenge and closure of issues.

 Ibid.  Ibid. 32  See discussion in section 9.1.2.1 of Stage 1, above n 5, pp 198–199. 33  Westpac Review Team 2018, above n 3, section 5.3.4 and Recommendation G6, pp 35–36. 30 31

30.5  NAB Board Challenge and Closure of Issues

871

Here, the approach of this Stage 2 Key Code and Advanced Handbook will be to construct ‘NABBrdChall’-prefix variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 but in the negative (−) direction giving rise to a coverage/rating of −7/87.50 rprox for the following governance variables: • [NABBrdChallUndueSpeed] (−) – Banks – NABBrdChall – Board Challenge and Closure of Issues – Undue Speed in Resolving Issue Lacking Sustainability or Appropriateness34 – Reduction in Quality of Risk Management and Internal Monitoring  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); • [NABBrdChallNoTest] (−) – Banks – NABBrdChall – Board Challenge and Closure of Issues  – Failure to be Sufficiently Searching or Testing of Management35  – Reduction in Quality of Risk Management and Internal Monitoring  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); • [NABBrdChallNoUrgency] (−) – Banks – NABBrdChall – Board Challenge and Closure of Issues  – Failure to Demand Sufficient Urgency in Closing Issues36 – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (NAB); • [NABBrdChallFailListen&Learn] (−)  – Banks  – NABBrdChall  – Board Challenge and Closure of Issues – Failure to Listen and Learn from Past Conduct Risk Issues37  – Reduction in Quality of Risk Management and Internal Monitoring  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); • [NABBrdChallCustImpact] (−) – Banks – NABBrdChall – Board Challenge and Closure of Issues  – Failure to Place Customer Impacts at Centre of Questioning38  – Reduction in Quality of Risk Management and Internal Monitoring  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); and • [NABBrdChallPeerIndustryStnd] (−)  – Banks  – NABBrdChall  – Board Challenge and Closure of Issues – Comparison to Peers and Industry Standard for Closing Issues Reducing Intensity in Closing Issues39 – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-­ making, coverage/rating − 7/87.50 rprox (NAB). The resultant Action #4 in relation to Board Challenge and Closure of Issues in the NAB Self-Assessment 2018 is that:

 NAB Self-Assessment 2018, above n 1, p 15.  Ibid. 36  Ibid. 37  Ibid, p 16. 38  Ibid. 39  Ibid. 34 35

872

30  NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac…

The Board will maintain its heightened focus on setting clear directions and expectations for management, being sceptical as well as supportive; and being relentless on the timely, appropriate and sustainable closure of important issues.40

30.6 NAB Remuneration and Consequence Management For these aspects of the Board’s functions identified by the NAB Self-Assessment 2018,41 there are a number of governance variables, each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskFailHighEnd] (−) variable in Sect. 12.5 and, in turn, the [EqOptEntrch] (−) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of −7/87.50 rprox: • [NABBrdOseeRemFailIndivConduct] (−) – Board Oversight of Remuneration Policies and Practices – Failure to Apply Individual Downside Adjustments to Reflect Conduct Considerations42  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox (NAB); • [NABBrdOseeRemFailIndivRiskMan] (−) – Board Oversight of Remuneration Policies and Practices – Failure to Apply Individual Downside Adjustments to Reflect Risk Management Considerations43  – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox (NAB); • [NABBrdOseeRemBRCRemLink] (−)  – Board Oversight of Remuneration Policies and Practices  – Failure of Linkage between Risk Topic at BRC and Remuneration Consequences44  – Risk-Taking in Excess of Risk Appetite  – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox (NAB); and • [NABBrdOseeRemPerfRemMRTs] (−)  – Board Oversight of Remuneration Policies and Practices  – Failure to Oversee Performance and Remuneration Outcomes for Material Risk Takers (MRTs)45 – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure, coverage/rating − 7/87.50 rprox (NAB). The resultant Action #5 in relation to Remuneration Consequence Management in the NAB Self-Assessment 2018 is that: The Board will both lead and drive a further maturing of remuneration consequence management practices and require an uplift in remuneration governance activities more generally.46

 Ibid.  Ibid. 42  Ibid. 43  Ibid. 44  Ibid. 45  Ibid. 46  Ibid. 40 41

30.7  NAB Self-Assessment on Senior Leadership Oversight

873

30.7 NAB Self-Assessment on Senior Leadership Oversight Executive Risk Committees The Stage 2 relational approach will construct disclosure variables identical to the [TransTimeMon] (+)47 variable (and in the same positive (+) direction, with a coverage/rating of +8/100.00 rprox) to reflect an increase in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the enhancement in information flow as a result of NAB’s implementation of Executive Leadership Team (ELT) structures. This gives rise to governance variables with a coverage/rating of +8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Alternatively, there is an increase in the quality of decision-making – Decision-­ making Factor No 7  – and/or an enhancement of clear lines of accountability/ responsibility affecting positively Responsibility Factor No 8 for each of the enhancements identified by NAB. In the case of failings in ELT risk committees, negative variables based on the [TransTimeMon] (+)48 variable (but in the negative (−) direction), will be identified. NAB ELT Risk Committees In the case of ELT risk committees, the ‘NABELT’-prefix variables based on the [TransTimeMon] (+) variable in the positive (+) direction, coverage/rating + 8/100.00 rprox are: Customer Experience Board (CXB) • [NABELTCXBStratObject] (+) – Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Customer Experience Board (CXB)49 – Development, Approval, Monitoring and Driving of Strategic Objectives  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/ Responsibility, coverage/rating + 8/100.00 rprox (NAB); Group Risk Return Management Committee (GRRMC) • [NABELTGRRMCRisksNFRisks] (+)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT)  – Group Risk Return Management Committee50  – Identification and Oversight of Bank-Wide Risks and Issues Including Non-Financial Risks – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB) including the following sub-variables for GRRMC sub-committees:

 See discussion in section 9.1.2.1 of Stage 1, above n 7, pp 198–199.  Ibid. 49  NAB Self-Assessment 2018, above n 1, p 18. 50  Ibid, p 18. 47 48

874

30  NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac…

–– [NABELTGRRMCGroupAsset&Liab] (+) – Banks – NABELT – Oversight of Executive Leadership Team (ELT)  – Group Risk Return Management Committee Sub-Committees  – Group Asset and Liability Committee  – Oversight of Balance Sheet Structure and Risk Settings and Oversight/ Monitoring of Group Treasury and its Risk Profile51  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-­making  – Increase in Quality of Accountability/ Responsibility, coverage/rating + 8/100.00 rprox (NAB); –– [NABELTGRRMCCredit&MktRisk] (+) – Banks – NABELT – Oversight of Executive Leadership Team (ELT)  – Group Risk Return Management Committee Sub-Committees – Group Credit and Market Risk Committee – Bank-wide Management and Oversight of Credit and Market Risk and Review of Quality and Composition of Bank’s Credit Risk Portfolio52 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/ Responsibility, coverage/rating + 8/100.00 rprox (NAB); –– [NABELTGRRMCRegComplyOpsRisk] (+)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT)  – Group Risk Return Management Committee Sub-Committees – Group Regulatory, Compliance and Operational Risk Committee (GRCORC) – Oversight of Management of Non-­Financial Risks Covering Operational and Compliance Risks including Conduct and Prudential Regulatory Risk53  – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); Value Chain Risk Management Committees • [NABELTVCRMCs] (+)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT)  – Value Chain Risk Management Committees (VCRMCs)  – Product Design, Delivery and Distribution54  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/ Responsibility, coverage/rating + 8/100.00 rprox (NAB); and Technology and Operations Risk Management Committee • [NABELTTech&OpsCm] (+)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT)  – Technology and Operations Risk Management Committee  – Oversight of Risks and Controls within Bank’s Technology and Operations Division55 – Enhancement in Information Flow – Increase in Quality

 Ibid, p 19.  Ibid. 53  Ibid. 54  Ibid. 55  Ibid. 51 52

30.7  NAB Self-Assessment on Senior Leadership Oversight

875

of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (NAB). NAB Operation of Executive Leadership Team (ELT) and Group Risk Return Management Committee (GRRMC) The NAB Self-Assessment 201856 makes reference at this point to the Banking Executive Accountability Regime (BEAR). This is discussed in Chap. 20. The Stage 2 relational approach will construct disclosure variables identical to the [TransTimeMon] (+)57 variable (and in the same positive (+) direction with a coverage/rating of +8/100.00 rprox) to reflect an increase in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the enhancement in information flow as a result of NAB’s implementation of Executive Leadership Team (ELT) structures. This gives rise to governance variables with a coverage/rating of +8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Alternatively, there is an increase in the quality of decision-making – Decision-­ making Factor No 7  – and/or an enhancement of clear lines of accountability/ responsibility affecting positively Responsibility Factor No 8 for each of the enhancements identified by NAB. Action #6 in relation to operation of the Executive Leadership Team in the NAB Self-Assessment 2018 is that: The ELT will drive an uplift in the voice of the customer through governance, reporting, decisions and relevant controls  – incorporating a more intense focus on customer outcomes.58

This gives rise to a number of governance variables for the operation of the ELT based on the [TransTimeMon] (+) variable in the positive (+) direction, coverage/ rating + 8/100.00 rprox: • [NABELTCustVoiceOutcomes] (+)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Increased Focus on Customer Outcomes59 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (NAB), the content of this variable including: –– –– –– ––

governance; reporting; decision-making; and controls.

 Ibid, p 20.  See discussion in section 9.1.2.1 of Stage 1, above n 7, pp 198–199. 58  NAB Self-Assessment 2018, above n 1, p 20. 59  Ibid. 56 57

876

30  NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac…

In relation to ELT oversight of bank-wide risks and issues60 based on the [TransTimeMon] (+) variable in the positive direction, coverage/rating + 8/100.00 rprox: • [NABELTGRRMCRepBRC] (+) – Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Structured and Formal Processes for Reporting to BRC61  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); • [NABELTGRRMCFin&NFRiskTime] (+) – Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-­ Wide Risk Through Group Risk Return Management Committee (GRRMC) – Remit of All Material Risk Categories including Financial and Non-Financial Risks – Equal Time for Financial and Non-Financial Risks62 – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/ Responsibility, coverage/rating + 8/100.00 rprox (NAB); • [NABELTGRRMCAgenda] (+) – Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC)  – Agenda-­ Setting Function with CEO, Group CRO and Committee Secretary63  – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); • [NABELTGRRMCMOIs] (+)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC) – Reporting of Matters of Interest (MOIs)64 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); • [NABELTGRRMCCRORiskTargets] (+) – Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-­ Wide Risk Through Group Risk Return Management Committee (GRRMC) – Group CRO’s Risk Targets Report (Quarterly)65 – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and  Ibid.  Ibid. 62  Ibid. 63  Ibid. 64  Ibid. 65  Ibid. 60 61

30.7  NAB Self-Assessment on Senior Leadership Oversight

877

Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB); • [NABELTGRRMCRiskRepImprove] (+) – Banks – NABELT – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-­ Wide Risk Through Group Risk Return Management Committee (GRRMC) – Improvements in Risk Reporting66 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB), the contents of this variable including: –– –– –– –– ––

greater focus on the impact of risks on customer outcomes and NAB’s reputation; risk indicators that take a forward-looking approach; specific rather than general measures on compliance; regulatory obligations and issues management and resolution; and increased use of measures that enable greater outside-in perspective.67

Failures in relation to ELT oversight of non-financial risks being compliance, conduct and operational risk68 based on the [TransTimeMon] (+) variable but in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [NABELTGRRMCNFRiskFail] (−)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of BankWide Risk Through Group Risk Return Management Committee (GRRMC) – Failures in Relation to Non-Financial Risks  – Lack of Rigour, Discipline and Intensity69  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox (NAB) including the sub-variables: –– [NABELTGRRMCNFRiskFailConduct] (−)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT)  – Operation of the ELT  – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC)  – Failures in Relation to Non-Financial Risks  – Failures in Conduct Risk Matters Brought Before the GRRMC – Failure in Implementation and Adoption of Framework for Management of Conduct Risk70  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox (NAB); and –– [NABELTGRRMCNFRiskFailComply] (−)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT)  – Operation of the ELT  –

 Ibid.  Ibid. 68  Ibid, p 21. 69  Ibid. 70  Ibid. 66 67

878

30  NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac…

Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC)  – Failures in Relation to Non-Financial Risks  – Failures in Compliance Risk Matters Brought Before the GRRMC – Failure in Approach and Investment in Compliance Risk Management71 – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility, coverage/rating − 8/100.00 rprox (NAB). Failures in relation to ELT oversight of non-financial risks being the effectiveness of the Group Regulatory Compliance & Operational Risk Committee (GRCORC)72 based on the [TransTimeMon] (+) variable but in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [NABELTGRRMCGRCORCFail] (−)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-­ Wide Risk Through Group Risk Return Management Committee (GRRMC) – Failures in Relation to Non-Financial Risks – Failures in Support of GRRMC by Group Regulatory Compliance & Operational Risk Committee (GRCORC)73 – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (NAB) including the sub-variables: –– [NABELTGRRMCGRCORCFailTime] (−)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT)  – Operation of the ELT  – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC)  – Failures in Relation to Non-Financial Risks  – Failures in Support of GRRMC by Group Regulatory Compliance & Operational Risk Committee (GRCORC) – Disproportionate Time Spent on Policy and Framework Endorsement74  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (NAB); –– [NABELTGRRMCGRCORCFailNoTable] (−)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT)  – Operation of the ELT  – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC)  – Failures in Relation to Non-Financial Risks  – Failures in Support of GRRMC by Group Regulatory Compliance & Operational Risk Committee (GRCORC)  – Matters Not Tabled at GRCORC75 – Reduction in Information Flow – Reduction in Quality of Risk  Ibid.  Ibid. 73  Ibid. 74  Ibid. 75  Ibid. 71 72

30.7  NAB Self-Assessment on Senior Leadership Oversight

––

––

––

––

 Ibid.  Ibid. 78  Ibid. 79  Ibid. 76 77

879

Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox (NAB); [NABELTGRRMCGRCORCFailFirstLine] (−)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT)  – Operation of the ELT  – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC)  – Failures in Relation to Non-Financial Risks  – Failures in Support of GRRMC by Group Regulatory Compliance & Operational Risk Committee (GRCORC) – Failure to Have First-Line Risk Owners at Meetings and Consequent Failure to Challenge Management76 – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (NAB); [NABELTGRRMCGRCORCFailRiskApp] (−)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT)  – Operation of the ELT  – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC)  – Failures in Relation to Non-Financial Risks  – Failures in Support of GRRMC by Group Regulatory Compliance & Operational Risk Committee (GRCORC)  – Failure to Report on Risk Appetite77 – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox (NAB); [NABELTGRRMCGRCORCFailComply] (−)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT)  – Operation of the ELT  – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC)  – Failures in Relation to Non-Financial Risks  – Failures in Support of GRRMC by Group Regulatory Compliance & Operational Risk Committee (GRCORC) – Failure to Report on Compliance78 – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (NAB); and [NABELTGRRMCGRCORCFailCust] (−)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT)  – Operation of the ELT  – Oversight of Bank-Wide Risk Through Group Risk Return Management Committee (GRRMC)  – Failures in Relation to Non-Financial Risks  – Failures in Support of GRRMC by Group Regulatory Compliance & Operational Risk Committee (GRCORC)  – Failure to Report on Customer Issues and Complaints79  – Reduction in Information Flow  – Reduction in

880

30  NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac…

Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (NAB). Failures in relation to ELT oversight of non-financial risks being the effectiveness of Value Chain Risk Management Committees (VCRMCs)80 based on the [TransTimeMon] (+) variable but in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [NABELTVCRMCsFail] (−)  – Banks  – NABELT  – Oversight of Executive Leadership Team (ELT) – Operation of the ELT – Oversight of Bank-Wide Risk Through Value Chain Risk Management Committees (VCRMCs)81 – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/ Responsibility, coverage/rating − 8/100.00 rprox (NAB), the content of this variable including: –– The role of the VCRMCs in relation to specific non-financial risk classes, such as conduct risk. –– The relationship between the VCRMCs and the Technology & Operations division’s risk management committee and the level of cross-reporting required to enable effective oversight of risks. –– Alignment of VCRMCs decision-making authorities and divisional ELT member responsibilities (including how BEAR is operationalised within the bank). –– Escalation and reporting lines to the GRRMC, the Board or regulators. –– Appropriateness of composition, for example, Compliance and Financial Crime Risk are not currently represented, rather reliance is placed on the attending divisional CROs to represent on these risks.82

The NAB Self-Assessment 2018 identified further failings for this variable including: –– In addition, the depth and quality of information reported on customer outcomes, compliance and conduct issues and emerging risks to the VCRMCs, is insufficient to appropriately manage these risks and issues; and –– Finally, these committees are not recognised in the formal risk governance framework, have no delegated accountabilities or mandatory requirements, and are not ultimately accountable through a Board-overseen performance framework.83

Thus, Action #7 in relation to operation of the Executive Leadership Team in the NAB Self-Assessment 2018 is to: Review and drive changes such that the GRRMC – supported by more effective Group and First Line risk governance committees – brings more rigour, discipline and intensity in the areas of conduct, compliance and operational risk.84

 Ibid.  Ibid. 82  Ibid. 83  Ibid. 84  Ibid. 80 81

30.8  Westpac Functioning of Executive Team and RISKCO

881

30.8 Westpac Functioning of Executive Team and RISKCO Similarly to NAB, the Stage 2 relational approach will construct disclosure variables identical to the [TransTimeMon] (+)85 variable (and in the same positive (+) direction with a coverage/rating of +8/100.00 rprox) to reflect an increase in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the enhancement in information flow as a result of Westpac’s implementation of Executive Team structures and RISKCO.  This gives rise to governance variables with a coverage/rating of +8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Alternatively, there is an increase in the quality of decision-making – Decision-­ making Factor No 7  – and/or an enhancement of clear lines of accountability/ responsibility affecting positively Responsibility Factor No 8 for each of the enhancements identified by Westpac. Functioning of Westpac Executive Team This gives rise to a number of governance variables for the operation of the Executive Team based on the [TransTimeMon] (+) variable in the positive (+) direction, coverage/rating + 8/100.00 rprox: • [WBCExecTeamCEOGroupExecs] (+) – Banks – WBCExecTeam – Oversight of Executive Team  – Functioning of Executive Team  – Comprising CEO and Group Executives – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (Westpac);86 • [WBCExecTeamIncreasedFocus] (+) – Banks – WBCExecTeam – Oversight of Executive Team  – Functioning of Executive Team  – Increased Focus  – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (Westpac)87 including: –– risk and compliance; –– non-financial risk; and –– customers; Based on the [TransTimeMon] (+) variable but in the negative (−) direction, coverage/rating − 8/100.00 rprox, for the Westpac Executive Team: • [WBCExecTeamChallenge] (−)  – Banks  – WBCExecTeam  – Oversight of Executive Team – Functioning of Executive Team – Level of Challenge Amongst

 See discussion in section 9.1.2.1 of Stage 1, above n 7, pp 198–199.  Westpac Review Team 2018, above n 3, section 5.4.1, p 37. 87  Ibid, section 5.4.6, p 38. 85 86

882

30  NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac…

Executive Team Members  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (Westpac);88 • [WBCExecTeamGoodNewsCult] (−) – Banks – WBCExecTeam – Oversight of Executive Team – Functioning of Executive Team – “Remnants of Good News Culture” Amongst Executive Team Members – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-­ making  – Reduction in Quality of Accountability/Responsibility, coverage/ rating − 8/100.00 rprox (Westpac);89 Based on the [TransTimeMon] (+) variable in the dual direction (+/−) for the Westpac Executive Team: • [WBCExecTeamOffLineConverse] (+/−)  – Banks  – WBCExecTeam  – Oversight of Executive Team  – Functioning of Executive Team  – Executive Committee Discussions Concluded for Bilateral Challenge Offline  – Dual Direction in Information Flow – Dual Direction in Quality of Risk Management and Internal Monitoring and Decision-making  – Dual Direction in Quality of Accountability/Responsibility, coverage/rating +/−8/100.00 rprox (Westpac).90 Functioning of Westpac RISKCO Governance variables for the operation of the RISKCO based on the [TransTimeMon] (+) variable in the positive (+) direction, coverage/rating + 8/100.00 rprox: • [WBCETRISKCOGroupExecs] (+) – Banks – WBCETRISKCO – Oversight of Executive Team  – Oversight of Group-Wide Risk Through RISKCO  – Composition Includes all Group Executives  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (Westpac);91 • [WBCETRISKCOBrdRiskApp] (+) – Banks – WBCETRISKCO – Oversight of Executive Team – Oversight of Group-Wide Risk Through RISKCO – Within Board-approved Risk Appetite – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (Westpac);92 • [WBCETRISKCOBRCOsight] (+) – Banks – WBCETRISKCO – Oversight of Executive Team – Oversight of Group-Wide Risk through RISKCO – RISKCO

 Ibid, section 5.4.2, p 37.  Ibid, section 5.4.5, p 38. 90  Ibid, section 5.4.3, p 37. 91  Ibid, section 5.5.1, p 38. 92  Ibid. 88 89

30.8  Westpac Functioning of Executive Team and RISKCO

883

Overseen by BRC – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (Westpac)93 including: –– –– –– –– ––

delegation of authority from BRC to RISKCO; chaired by CRO; escalation to BRC by CRO advising CEO; including Risk GMs; and excluding Divisional CROs;94

• [WBCETRISKCOSubCms] (+)  – Banks  – WBCETRISKCO  – Oversight of Executive Team – Oversight of Group-Wide Risk through RISKCO – RISKCO Sub-committees – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (Westpac)95 including: –– –– –– –– –– ––

credit risk; operational risk and financial crime; funding, liquidity and capital; market risk; prudential reporting and standards; and divisional risk and compliance committees; 96

• [WBCETRISKCOMatRisks] (+) – Banks – WBCETRISKCO – Oversight of Executive Team – Oversight of Group-Wide Risk through RISKCO – Oversight of All Material Risks – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (Westpac)97 including: –– operational risk and compliance; and • [WBCETRISKCOBRCRiskReport] (+)  – Banks  – WBCETRISKCO  – Oversight of Executive Team  – Oversight of Group-Wide Risk through RISKCO  – RISKCO Risk and Compliance Reporting Consistent with BRC  – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (Westpac).98

 Ibid, sections 5.5.1 – 5.5.2, p 38.  Ibid. 95  Ibid, sections 5.5.3, p 38. 96  Ibid. 97  Ibid, sections 5.5.4, p 38. 98  Ibid, sections 5.5.6, p 38. 93 94

884

30  NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac…

Enhancing RISKCO Reporting Thus, the Westpac Review Team concludes that the “Review Team’s recommendations to enhance [BRC] reporting practices also apply to RISKCO reporting practices”.99 Enhancing Executive Team Functions The Westpac Review Team also summarises a number of recommendations as “equally relevant to the Executive Team” including: • • • • • •

reporting to the BRCC; Group Audit reporting to the BAC; customer complaint reporting; the way in which the Board views situations in which Westpac is “out of appetite”; issue resolution; and risk considerations in EIP allocation.100

30.8.1 Westpac Reassessment Board and Executive Oversight of Non-financial Risk For the Westpac Reassessment,101 for the Stage 2 relational approach for the following Westpac oversight variables, it is not a question of information flow to the board. So it is not a question of constructing governance variables based on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1, coverage/rating + 8/100.00 rprox. Instead, it is a question of the quality of risk management and internal monitoring and/or the quality of decision-making. Thus, here, the approach of this Stage 2 Key Code and Advanced Handbook will be to craft ‘2020WBCNFR’-prefix variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 but in the negative (−) direction giving rise to a coverage/rating of −7/87.50 rprox for the following governance variables derived from the recommendations of the Westpac Reassessment: Westpac Board and RISKCO In the negative (−) direction: • [2020WBCNFRRisk&IssuePriority] (−) – Banks – 2020WBCNFR – Board and Executive Team  – Oversight of Non-Financial Risk  – Urgent Priority Required on Non-Financial Risks and Issues  – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of ­Decision-­making –

 Ibid  Ibid, section 5.5.7, p 38 (format altered and bullet-points added). 101  Westpac Reassessment, above n 5. 99

100

30.8  Westpac Functioning of Executive Team and RISKCO

•

•

•

•

885

Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating − 7/87.50 rprox (2020Westpac);102 [2020WBCNFRRAS&Metrics] (−)  – Banks  – 2020WBCNFR  – Board and Executive Team – Oversight of Non-Financial Risk – Non-Financial Risk RASs and Metrics Remain Too High Without Robust Data Reducing Insight – Reduction in Quality of Decision-making  – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating  −  7/87.50 rprox (2020Westpac);103 [2020WBCNFRBRCAgenda&PaperLength] (−) – Banks – 2020WBCNFR – Board and Executive Team – Oversight of Non-Financial Risk – BRC Agendas and Papers Too Long Reducing Meeting Efficiency and Ability to Identify Risks  – Reduction in Quality of Risk Management and Internal Monitoring  – Reduction in Quality of Decision-making  – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating − 7/87.50 rprox (2020Westpac);104 [2020WBCNFRRISKCOAgenda&PaperLength] (−)  – Banks  – 2020WBCNFR  – Board and Executive Team  – Oversight of Non-Financial Risk  – RISKCO Agendas and Papers Too Long Reducing Meeting Efficiency and Ability to Identify Risks – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating − 7/87.50 rprox (2020Westpac);105 and [2020WBCNFRRISKCOMessageManagement] (−)  – Banks  – 2020WBCNFR  – Board and Executive Team  – Oversight of Non-Financial Risk – “Message Management” – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating − 7/87.50 rprox (2020Westpac).106 In the positive (+) direction:

• [2020WBCNFREstablishBLRCC] (+) – Banks – 2020WBCNFR – Board and Executive Team  – Oversight of Non-Financial Risk  – Establishment of Board Legal, Regulatory and Compliance Committee  – Enhancement in Quality of Risk Management and Internal Monitoring  – Enhancement in Quality of Decision-­making  – Enhancement in Delineation and Disclosure of Powers,

 Ibid, Chapter 4, Shortcomings in culture, governance and accountability frameworks and practices, Table 1, p 14. 103  Ibid. 104  Ibid. 105  Ibid. 106  Ibid. 102

886

30  NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac…

Duties and Lines of Responsibility, coverage/rating  +  7/87.50 rprox (2020Westpac);107 and • [2020WBCNFREnhanceOsight] (+)  – Banks  – 2020WBCNFR  – Board and Executive Team – Oversight of Non-Financial Risk – Enhancement of Oversight by Board and Executive of CORE Program – Enhancement in Quality of Risk Management and Internal Monitoring  – Enhancement in Quality of Decision-­ making  – Enhancement in Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating + 7/87.50 rprox (2020Westpac).108

30.9 NAB Self-Assessment of Accountability Here for the Stage 2 relational approach for the following NAB accountability variables, it is not a question of information flow to the board. So it is not a question of constructing governance variables based on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1, coverage/rating + 8/100.00 rprox. Instead, it is a question of the quality of risk management and internal monitoring and/or the quality of decision-making. Thus, here, the approach of this Stage 2 Key Code and Advanced Handbook will be to craft ‘NABAcc’-prefix variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 but in the negative (−) direction giving rise to a coverage/rating of −7/87.50 rprox for the following governance variables derived from the recommendations of the NAB Self-Assessment 2018:109 • [NABAccCrossDivIssues] (−) – Banks – NABAcc – Boards – Accountability – Failure to Establish Accountability for Complex, Cross-Divisional Issues110  – Resulting in Ambiguous Ownership, Slow Progress and Missteps in Addressing Issues111 – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making  – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating − 7/87.50 rprox (NAB); • [NABAccGenOverSpec] (−) – Banks – NABAcc – Boards – Accountability – Favouring/Appointing Generalists Over Specialists for Roles Requiring Specialist Expertise112 – Reduction in Quality of Risk Management and Internal Monitoring  – Reduction in Quality of Decision-making  – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating − 7/87.50 rprox (NAB); and  Ibid.  Ibid. 109  NAB Self-Assessment 2018, above n 1, pp 41–44. 110  Ibid, p 42. 111  Ibid. 112  Ibid. See also, p 44. 107 108

30.9  NAB Self-Assessment of Accountability

887

• [NABAccRotateLead] (−)  – Banks  – NABAcc  – Boards  – Accountability  – Rotation of Leaders Within Bank113 – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating − 7/87.50 rprox (NAB). Accountability variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same (+) direction giving rise to a coverage/rating of +7/87.50 rprox: • [NABAccCEOELTLead] (+) – Banks – NABAcc – Boards – Accountability – CEO to Assign Executive Leadership Team (ELT) Member for Overall Issue Resolution114 – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); • [NABAccEmbedBEAR] (+) – Banks – NABAcc – Boards – Accountability – Embedding Accountability Principles and Practices Under BEAR for Leaders Beneath Executive Leadership Team (ELT)115  – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); • [NABAccAssign&DocMRTs] (+)  – Banks  – NABAcc  – Boards  – Accountability  – Assign and Document Individual Accountability for Risk Performance (Positive and Negative) for Material Risk Takers and other Employees116  – Increase in Quality of Risk Management and Internal Monitoring  – Increase in Quality of Decision-making  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB) including: –– “including a specific risk goal in the performance management framework [which] provides a mechanism for evaluating the exercise of risk management accountabilities by all [bank] employees”;117 –– “remuneration consequences apply for failing to meet a target level of Achieved on the risk goal”;118 and –– “assigning accountability and applying consequence management and downside remuneration adjustments”;119

 Ibid, p 42.  Ibid, Action #19 therein. 115  Ibid, Action #20 therein. 116  Ibid, Action #21 therein and p 44. 117  Ibid, p 44. 118  Ibid. 119  Ibid. 113 114

888

30  NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac…

• [NABAccDelegateAuth] (+) – Banks – NABAcc – Boards – Accountability – Formal Delegations of Authority Under Delegation of Authorities Framework120 – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating  +  7/87.50 rprox (NAB); • [NABAccDelegateResp] (+) – Banks – NABAcc – Boards – Accountability – Formal Delegations of Authority Under Delegation of Authorities Framework – Delegator Retains Responsibility for Decisions of Delegate121  – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); • [NABAccDelegateCommitAuthFirstLine] (+) – Banks – NABAcc – Boards – Accountability  – Formal Delegations of Authority Under Delegation of Authorities Framework  – Delegated Commitment Authorities for Approving Loan Applications in First Line122 – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); • [NABAccDelegateCommitAuthSecLine] (+) – Banks – NABAcc – Boards – Accountability  – Formal Delegations of Authority Under Delegation of Authorities Framework  – Delegated Commitment Authorities for Approving Loan Applications in Second Line123 – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); • [NABAcc3LoDRiskManRMS&RMF] (+)  – Banks  – NABAcc  – Boards  – Accountability –Three Lines of Defence Model for Risk Management Documented in Risk Management Strategy (RMS) for each Component of Risk Management Framework (RMF)124 – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); • [NABAccBEARRegimeAccPerson] (+)  – Banks  – NABAcc  – Boards  – Accountability  – BEAR Accountability Regime for Accountable Persons125  – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-making  – Enhancement of Delineation and Disclosure of

 Ibid, p 42.  Ibid. 122  Ibid. 123  Ibid. 124  Ibid. 125  Ibid. 120 121

30.9  NAB Self-Assessment of Accountability

889

Powers, Duties and Lines of Responsibility, coverage/rating  +  7/87.50 rprox (NAB), the contents of this variable including: –– –– –– ––

honesty and integrity; due skill, care and diligence; deal with APRA in an open, constructive and co-operative way; and reasonable steps to prevent matters adversely affecting the Bank’s prudential standing and reputation; and

• [NABAccBEARRegimeADI] (+) – Banks – NABAcc – Boards – Accountability – BEAR Accountability Regime for ADIs126  – Increase in Quality of Risk Management and Internal Monitoring – Increase in Quality of Decision-­making – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB), the contents of this variable including: –– –– –– ––

honesty and integrity; due skill, care and diligence; deal with APRA in an open, constructive and co-operative way; and reasonable steps to prevent matters adversely affecting the Bank’s prudential standing and reputation.

NAB Clarity of Accountability Again, the approach of this Stage 2 Key Code and Advanced Handbook will be to craft ‘NABAcc’-prefix accountability variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 but in the negative (−) direction. This gives rise to a coverage/rating of −7/87.50 rprox for the following governance variables derived from the recommendations of the NAB Self-Assessment 2018:127 • [NABAccClarifyEnd-to-End] (−)  – Banks  – NABAcc  – Boards  – Accountability – Lack of Accountability/Ownership for End-to-End Processes for Products and Services Spanning Multi-Divisions128 – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decisionmaking – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating − 7/87.50 rprox (NAB); • [NABAccClarifyDefineApplication] (−)  – Banks  – NABAcc  – Boards  – Accountability  – Lack of Definition and/or Application for Risk Management Accountabilities129  – Reduction in Quality of Risk Management and Internal Monitoring  – Reduction in Quality of Decision-making  – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating − 7/87.50 rprox (NAB);

 Ibid.  Ibid. 128  Ibid, p 43. 129  Ibid. 126 127

890

30  NAB Self-Assessment 2018, Westpac Review Team 2018 and Westpac…

• [NABAccClarifyMaterialRisk&Process] (−) – Banks – NABAcc – Boards – Accountability  – Lack of Definition and/or Application for Risk Management Accountabilities for Material Risks and Processes that Span the Bank130  – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making  – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating  −  7/87.50 rprox (NAB); • [NABAccClarifyOverRelyFirstLine] (−)  – Banks  – NABAcc  – Boards  – Accountability  – Over-reliance by Seniors Leaders on First Line Risk Management Teams for Performing Risk Activities131 – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-­ making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating − 7/87.50 rprox (NAB); and • [NABAccClarifyComplexAccModel] (−)  – Banks  – NABAcc  – Boards  – Accountability  – Complex and Overlapping Accountability Model for Compliance Plans and Compliance Obligation Ownership132  – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-­making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating − 7/87.50 rprox (NAB). For clarity of accountability variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same (+) direction giving rise to a coverage/ rating of +7/87.50 rprox: • The BEAR Accountability Regime is examined in Chap. 20 above; and • [NABAccClarifyBEARRegimeAccStatements] (+)  – Banks  – NABAcc  – Boards  – Accountability  – Accountability Statements for BEAR Regime133  – Enhancement of Discipline and Rigour in Managing Handovers including Status of Risks and Issues  – Increase in Quality of Risk Management and Internal Monitoring  – Increase in Quality of Decision-making  – Enhancement of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB). Thus, Action #19 of the NAB Self-Assessment 2018 provides that: For all material issues, the CEO to assign an ELT member to be accountable for ensuring overall issue resolution, supported by all team members as necessary to deliver required change.134

 Ibid.  Ibid. 132  Ibid. 133  Ibid. 134  Ibid. 130 131

30.9  NAB Self-Assessment of Accountability

891

NAB Effectiveness of Accountability NAB Accountabilities for Resolving ‘complex’ Issues Again, the approach of this Stage 2 Key Code and Advanced Handbook will be to craft ‘NABAcc’-prefix accountability variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 but in the negative (−) direction. This gives rise to a coverage/rating of −7/87.50 rprox for the following governance variables derived from the recommendations of the NAB Self-Assessment 2018:135 • See the [NABAccCrossDivIssues] (−) variable in this Sect. 30.9 above; • [NABAccCrossDivDefine&Own] (−)  – Banks  – NABAcc  – Boards  – Accountability  – Lack of Well-Defined Accountabilities and Ownership for Cross-­Divisional Issues136  – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating − 7/87.50 rprox (NAB): • See the [NABAccRotateLead] (−) variable in this Sect. 30.9 above; • [NABAccRotateLeadProjMan] (−)  – Banks  – NABAcc  – Boards  – Accountability – Rotation of Leaders Within Bank – Lack of Strong, Detailed Project Management to Reduce Reliance on Individual Leaders137 – Reduction in Quality of Risk Management and Internal Monitoring – Reduction in Quality of Decision-­making – Reduction of Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating − 7/87.50 rprox (NAB); and • See the [NABAccGenOverSpec] (−) variable in this Sect. 30.9 above. Thus, Action #20 of the NAB Self-Assessment 2018 provides that the Bank: Further embed accountability principles and practices developed under BEAR, so that leaders beneath the ELT have an equally clear understanding of their responsibilities and expectations of them.138

NAB Accountabilities in Performance and Remuneration Again based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same (+) direction for accountabilities in performance and remuneration, giving rise to a coverage/rating of +7/87.50 rprox: • See the [NABAccAssign&DocMRTs] (+) variable in this Sect. 30.9 above.

 Ibid.  Ibid. 137  Ibid. 138  Ibid. 135 136

Chapter 31

NAB and Westpac Recommendations and Commentary on Culture

Abstract  Chapter 31 of the Stage 2 Key Code and Advanced Handbook for the governance of Australian major banks examines the NAB and Westpac recommendations and commentary on culture. This begins with an examination of NAB’s five cultural inhibitors to targeted culture including a discussion of values, behaviours, cultural ‘levers’ and measuring risk culture. NAB’s cultural inhibitor 1 is rigour and discipline. Cultural inhibitor 2 is over-reliance on people for deficiencies in systems and processes. There follows cultural inhibitor 3 – failure of collective intensity or individual resolve to fix complex issues. Cultural inhibitor 4 is failure to listen and learn from customers, regulators and employees and concluding cultural inhibitor 5 is other priorities put before commitment to customers. We then move to Westpac’s findings and commentary on culture of which there are 9 findings examined in this Chapter: • • • • • • • • •

vision, values and strategy; management of non-financial risks; caring, relationship-focus and collaboration; collective decision-making and diffused accountability; completeness and organisational complexity; speaking-up and challenge; prioritising, making decisions and saying “no”; conceptualisation and process over outcome; and institutional learning and reflection. We conclude with the Westpac Reassessment findings on risk culture.

Keywords  Culture · Cultural inhibiters to targeted culture · Values and behaviours and cultural levers · Non-financial risk · Collaboration · Diffused accountability · Completeness and complexity · Challenge · Prioritising · Lack of learning

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_31

893

894

31  NAB and Westpac Recommendations and Commentary on Culture

NAB gives its definition of culture as an informal practice: Culture, an informal practice, is the self-sustaining pattern of behaviour that determines how things are done within an organisation, how its people interact and work. An organisation’s culture might reflect a strong focus on financial outcomes, on effective safety and risk management, on taking a stand for customers, or on societal impact. Just as with rules and procedures, an effective culture balances these priorities and assigns value to each. An ineffective culture disproportionately values one over another. The criticism of the financial services industry culture relates largely to the perceived under-representation of risk and customer interest relative to short-term financial outcomes.1

Some of the governance variables in Sect. 29.2 of Chap. 29 were based on the independence element of non-executive directors. Here – for NAB constructing its culture variables – we cannot depend on that element. Instead, the approach of this Stage 2 Key Code and Advanced Handbook for Australian major banks will be to craft ‘NABCult’-prefix variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same (+) direction, coverage/rating + 7/87.50 rprox. Like the [BrdSkills] (+) variable with a coverage/rating of +7/87.50 rprox, there is an hypothesised enhancement in risk management and therefore internal monitoring. Thus, the effect of the ‘NABCult’-prefix governance variables is predicted to be significant on the spine of the relational effect path  – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, an enhancement of a risk culture can be seen as an enhancement in the quality of decision-making reflected in a positive effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Thus, like the [BrdSkills] (+) variable with a coverage/rating of +7/87.50 rprox, the ‘NABCult’-prefix governance variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 12). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the culture element of bank directors, the CEO, executives, middle- and lower-level managers and employees. Compliance Factor No 2 thus remains constant for this variable.

 National Australia Bank, NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/content/dam/ nabrwd/documents/reports/corporate/nab-self-assessment-2018.pdf (‘NAB Self-Assessment 2018’), p 51. 2  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in section 2.6.2 of Stage 1, above n 1, pp 41–43. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 1

31.1  NAB Five Cultural Inhibitors to Targeted Culture

895

This equates to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the ‘NABCult’prefix governance variables as follows:

31.1 NAB Five Cultural Inhibitors to Targeted Culture Cultural inhibitor variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 but in the negative (−) direction giving rise to a coverage/rating of −7/87.50 rprox in relation to ‘cultural inhibitors to targeted culture’:3 • [NABCultInhib1RigDiscip] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time4 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (NAB); • [NABCultInhib2OverRelyPeop] (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Over-reliance on People to Make Up For Deficiencies in Systems and Processes5  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (NAB); • [NABCultInhib3Coll&IndivResolve] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues6 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (NAB); • [NABCultInhib4FailListen&Learn] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure to Listen and Learn from Customers, Regulators and Employees7  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (NAB); and • [NABCultInhib5PriorityOverCust] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Other Priorities Put Before Commitment to Customers8 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (NAB).

 NAB Self-Assessment 2018, above n 1, pp 50–56.  Ibid, p 51. 5  Ibid. 6  Ibid. 7  Ibid. 8  Ibid. 3 4

896

31  NAB and Westpac Recommendations and Commentary on Culture

31.2 NAB Values and Behaviours and Cultural ‘Levers’ Culture variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same (+) direction giving rise to a coverage/rating of +7/87.50 rprox in relation to ‘culture in NAB’:9 • [NABCultValues&Behave1Cust] (+)  – Banks  – NABCult  – Values and Behaviours – Passion for Customers10 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); • [NABCultValues&Behave2Bold] (+)  – Banks  – NABCult  – Values and Behaviours  – Be Bold11  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); • [NABCultValues&Behave3Win] (+)  – Banks  – NABCult  – Values and Behaviours – Win Together12 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); • [NABCultValues&Behave4Respect] (+)  – Banks  – NABCult  – Values and Behaviours  – Respect for People13  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); and • [NABCultValues&Behave5RightThing] (+) – Banks – NABCult – Values and Behaviours  – Do the Right Thing14  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB). Accountability variables based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same positive (+) direction giving rise to a coverage/rating of +7/87.50 rprox in relation to ‘cultural ‘levers’ in the plan to embed desired culture’:15 • [NABCultLever1ConsistCustStnd] (+)  – Banks  – NABCult  – Values and Behaviours  – Cultural Levers for Desired Culture  – Delivering Consistent Customer Standards16  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB);

 Ibid.  Ibid, p 52. 11  Ibid. 12  Ibid. 13  Ibid. 14  Ibid. 15  Ibid. 16  Ibid. 9

10

31.3  NAB Measuring Risk Culture

897

• [NABCultLever2OutstandLead] (+)  – Banks  – NABCult  – Values and Behaviours  – Cultural Levers for Desired Culture  – Developing Outstanding Leaders17 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating  +  7/87.50 rprox (NAB); • [NABCultLever3UpPerfManRecog] (+)  – Banks  – NABCult  – Values and Behaviours  – Cultural Levers for Desired Culture  – Uplifting Performance Management and Recognition18  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); • [NABCultLever4SimplePols&Pract] (+)  – Banks  – NABCult  – Values and Behaviours  – Cultural Levers for Desired Culture  – Simplifying Policies and Practices19 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating  +  7/87.50 rprox (NAB); and • [NABCultLever5AlignSelectOnboard] (+) – Banks – NABCult – Values and Behaviours  – Cultural Levers for Desired Culture  – Aligning Selection and Onboarding Systems and Processes20 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB).

31.3 NAB Measuring Risk Culture The following Stage 2 variables are modelled in the positive (+) direction on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1, coverage/rating + 8/100.00 rprox, in relation to measuring risk culture.21 These variables represent an increase in information flow and therefore an enhancement in the quality of risk management and internal monitoring and decision-making with a coverage/ rating of +8/100.00 rprox: • [NABCultMeas1EmploySurvey] (+)  – Banks  – NABCult  – Measuring Risk Culture  – Employee Surveys and Behavioural Indicators22  – Increase in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (NAB);

 Ibid.  Ibid. 19  Ibid. 20  Ibid. 21  Ibid. 22  Ibid. 17 18

898

31  NAB and Westpac Recommendations and Commentary on Culture

• [NABCultMeas2ExtConsultBench] (+) – Banks – NABCult – Measuring Risk Culture  – External Consultants to Analyse and Benchmark Risk Culture23  – Increase in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (NAB); • [NABCultMeas3Hard&PerceptData] (+)  – Banks  – NABCult  – Measuring Risk Culture – Combination of ‘Hard’ Data and ‘Perception’ Data24 – Increase in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (NAB), including: –– for ‘hard data’  – customer complaints, NPS (Net Promoter Score), Whistleblowing, control and compliance and reward outcomes; and –– for ‘perception’ data – employee and other surveys and focus groups. In the negative (−) direction modelled on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 in relation to measuring risk culture25 and representing a reduction in information flow and therefore a reduction in the quality of risk management and internal monitoring and decision-making, coverage/rating − 8/100.00 rprox:: • [NABCultMeas4FailSystematic] (−)  – Banks  – NABCult  – Measuring Risk Culture  – Failure of Systematic Reporting on Risk Culture Measures26  – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (NAB); • [NABCultMeas5FailRiskTargets] (−) – Banks – NABCult – Measuring Risk Culture – Failure to Set Targets for Risk27 – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (NAB); and • [NABCultMeas6FailOtherTargets] (−) – Banks – NABCult – Measuring Risk Culture – Failure to Set Targets for Other Aspects of Culture28 – Reduction in Information Flow  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (NAB).

 Ibid.  Ibid. 25  Ibid. 26  Ibid. 27  Ibid. 28  Ibid. 23 24

31.4  NAB Cultural Inhibitor 1 – Rigour and Discipline

899

31.4 NAB Cultural Inhibitor 1 – Rigour and Discipline Returning to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 but in the negative (−) direction in relation to failure to bring “the rigour and discipline required to get it right every single time”, coverage/rating − 7/87.50 rprox:29 • See the [NABCultInhib1RigDiscip] (−) variable in Sect. 31.1; • [NABCultInhib1ALackOpDiscip] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Lack of Operational Discipline30 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); • [NABCultInhib1BCon&DecommSysts] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Failure to Consolidate and Decommissioning Systems or in Keeping Systems Up to Date31 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); • [NABCultInhib1CFailStratSoln] (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time  – Quick ‘Tactical’ Fix for Problems Rather than Strategic Solution32 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox coverage/rating − 7/87.50 rprox(NAB); • [NABCultInhib1DFailComplex] (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Allowing Complexity to Grow33 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­ making, coverage/rating − 7/87.50 rprox (NAB); • [NABCultInhib1EFailDelivSyst] (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Leadership Capability – Leaders Not Evaluated on Ability to Build and Lead Highly Reliable Delivery Systems34 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); • [NABCultInhib1FFailRotateGen] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required

 Ibid, p 53.  Ibid. 31  Ibid. 32  Ibid. 33  Ibid. 34  Ibid. 29 30

900

•

•

•

•

31  NAB and Westpac Recommendations and Commentary on Culture

to Get it Right Every Single Time  – Leadership Capability  – Rotation of Generalists to Increasingly Complex Roles35 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); [NABCultInhib1GOverUseCons] (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Leadership Capability – Overuse of Consultants36 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); [NABCultInhib1HFollow&Check] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Leadership Capability – Failure to follow Through and Check Solution37  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); [NABCultInhib1IEmergeRisk] (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Leadership Capability – Failure to Establish Leading Indicators which Signal Emerging Risks38 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); and [NABCultInhib1JStopLineProbs] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture – Failure to Use Rigour and Discipline Required to Get it Right Every Single Time – Leadership Capability – Failure to Encourage ‘Stop the Line’ Culture if Quality Problems Emerge39  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decisionmaking, coverage/rating − 7/87.50 rprox (NAB);

Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the positive (+) direction in relation to bringing “the rigour and discipline required to get it right every single time”, coverage/rating + 7/87.50 rprox:40 • [NABCultInhib1KIndustProg] (+) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Rigour and Discipline Required to Get it Right Every Single Time – ‘Industrialisation’ Program of Work41 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox (NAB);

 Ibid.  Ibid. 37  Ibid. 38  Ibid. 39  Ibid. 40  Ibid. 41  Ibid. 35 36

31.5  NAB Cultural Inhibitor 2 – Over-Reliance on People for Deficiencies in Systems…

901

• [NABCultInhib1LMetrics&Monitor] (+)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture – Rigour and Discipline Required to Get it Right Every Single Time  – Metrics in Place to Monitor Whether Improvements Realised42 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating  +  7/87.50 rprox (NAB); and • [NABCultInhib1MChiefDataOfficer] (+)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture – Rigour and Discipline Required to Get it Right Every Single Time  – Appointment of Chief Data Officer43  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB).

31.5 NAB Cultural Inhibitor 2 – Over-Reliance on People for Deficiencies in Systems and Processes Using the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 but in the negative (−) direction in relation to “over-relied on our people to make up for deficiencies in our systems and processes”,44 coverage/rating − 7/87.50 rprox: • See the [NABCultInhib2OverRelyPeop] (−) variable in Sect. 31.1; • [NABCultInhib2AComplex] (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture  – Over-reliance on People to Make Up For Deficiencies in Systems and Processes  – Complexity of Policies, Systems and Processes  – Reliance on Collaboration, Discretionary Effort and Goodwill of Employees45 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); and • [NABCultInhib2BOverwork] (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture  – Over-reliance on People to Make Up For Deficiencies in Systems and Processes – Overwork and Lack of Enablement with Appropriate Systems and Tools During Change – Failure of Consistent and Reliable Customer Service Delivery46  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (NAB).

 Ibid.  Ibid. 44  Ibid, 45  Ibid. 46  Ibid. 42 43

902

31  NAB and Westpac Recommendations and Commentary on Culture

31.6 NAB Cultural Inhibitor 3 – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues Using the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 but in the negative (−) direction for “failure of collective intensity or individual resolve to fix complex issues”,47 coverage/rating − 7/87.50 rprox: • See the [NABCultInhib3Coll&IndivResolve] (−) variable in Sect. 31.1; • [NABCultInhib3AFailDaytoDayOps] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Failings in Urgency in Day-to-Day Operating Environment to Fix Issues48  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); • [NABCultInhib3BFailRemedCust] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Failings in Urgency to Remediate Customers49 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); • [NABCultInhib3CFailMultiDivProbs] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Failings in Fixing Problems Crossing Divisional Boundaries50 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (NAB); • [NABCultInhib3DFailMultiDivAcc] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Failings in Fixing Problems Crossing Divisional Boundaries – Failure to Accept Accountability for Issues Beyond Senior Manager Direct Area51 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (NAB); • [NABCultInhib3EFailMultiDivResource] (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture  – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Failings in Fixing Problems Crossing Divisional Boundaries – Failure of Corporate Support, Funding and Resources52 – Reduction

 Ibid, p 54.  Ibid. 49  Ibid. 50  Ibid. 51  Ibid. 52  Ibid. 47 48

31.6  NAB Cultural Inhibitor 3 – Failure of Collective Intensity or Individual Resolve…

•

•

•

•

•

•

in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); [NABCultInhib3FFailTeamCoop] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues  – Collaboration and Teamwork  – Failings in Employee Cooperation Between Teams53 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); [NABCultInhib3GFailConstrConfl] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues  – Collaboration and Teamwork  – Failings in Engaging in Issues or Constructive Conflicts to Solve Issues54  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); [NABCultInhib3HFailTrust] (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Collaboration and Teamwork – Failings in Developing Trust Between Employees to Deliver High Performance and Failure of Timely and Candid Feedback55 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (NAB); [NABCultInhib3IFailSubOptOutcomes] (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture  – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Courage to Set Ambitious Standards – Accepting Sub-optimal Outcomes Blamed on Externalities Perceived Beyond Employee Control56  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (NAB); [NABCultInhib3JFailIndustryIssues] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues  – Courage to Set Ambitious Standards  – Benchmarking to Peers to Label Problems as ‘Industry’ Issues and Perceive First-­Mover Disadvantage57  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); [NABCultInhib3KFailExecute] (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure of Collective Intensity or Individual Resolve to Fix

 Ibid.  Ibid. 55  Ibid. 56  Ibid. 57  Ibid. 53 54

903

904

31  NAB and Westpac Recommendations and Commentary on Culture

Complex Issues  – Declaring Victory Too Early  – Failings in Execution58  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); • [NABCultInhib3LFailConfirmChange] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues  – Declaring Victory Too Early  – Failings in Confirming Change has Achieved What Was Intended59  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decisionmaking, coverage/rating − 7/87.50 rprox (NAB); • [NABCultInhib3MFailRevisitEnviro] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues  – Declaring Victory Too Early  – Failings in Revisiting Judgements as Environment Changes60  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decisionmaking, coverage/rating − 7/87.50 rprox (NAB); and • [NABCultInhib3NFailSupportStepUp] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure of Collective Intensity or Individual Resolve to Fix Complex Issues – Failure to Support Employees Moving Complex Issues Forward – Failure to Provide Resources and Priority to Assist61 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB). Using the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the positive (+) direction for “collective intensity or individual resolve to fix complex issues”,62 coverage/rating + 7/87.50 rprox: • [NABCultInhib3OBEARAcc] (+) – Banks – NABCult – Cultural Inhibitors to Targeted Culture  – Collective Intensity or Individual Resolve to Fix Complex Issues  – Fixing Problems Crossing Divisional Boundaries  – CEO to Assign a BEAR Accountable ELT Member Responsible for Resolution of Issue63  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB).

 Ibid.  Ibid. 60  Ibid. 61  Ibid. 62  Ibid. 63  Ibid. 58 59

31.7  NAB Cultural Inhibitor 4 – Failure to Listen and Learn from Customers…

905

31.7 NAB Cultural Inhibitor 4 – Failure to Listen and Learn from Customers, Regulators and Employees Using the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 but in the negative (−) direction for “failure to listen and learn from customers, regulators and employees”,64 coverage/rating − 7/87.50 rprox: • See the [NABCultInhib4FailListen&Learn] (−) variable in Sect. 31.1; • [NABCultInhib4AFailLate&Miss] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure to Listen and Learn from Customers, Regulators and Employees – Responding Late or Missed or Resisted Internal or External Signals65  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (NAB); • [NABCultInhib4BFailReactive] (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Listen and Learn from Customers, Regulators and Employees  – Reactive in Approach and Failing to Engage Early with Regulators, Customers and Employees66 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); • [NABCultInhib4CFailCustComplaints] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure to Listen and Learn from Customers, Regulators and Employees  – Failure to Deal with and Learn from Customer Complaints67 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (NAB); • [NABCultInhib4DSlowCustComplaintProc] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure to Listen and Learn from Customers, Regulators and Employees – Slow Complaints Handling Process68 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); • [NABCultInhib4EFailRecurPattern] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure to Listen and Learn from Customers, Regulators and Employees – Failure to Recognise Recurring Patterns and Deal with them Diligently69 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (NAB);  Ibid.  Ibid. 66  Ibid. 67  Ibid, p 55. 68  Ibid. 69  Ibid. 64 65

906

31  NAB and Westpac Recommendations and Commentary on Culture

• [NABCultInhib4FFailMeasCustOut] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure to Listen and Learn from Customers, Regulators and Employees  – Failure to Measure Customer Outcomes70  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); • [NABCultInhib4GFailRegVoice] (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Listen and Learn from Customers, Regulators and Employees  – Failure to Consider Regulator Voice71  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­ making, coverage/rating − 7/87.50 rprox (NAB), including:72 –– –– –– –– –– –– ––

legislation; regulatory guides; letters and direct interactions; industry reports; enforcement actions undertaken; endorsement of codes of conduct; and speeches and media releases;

• [NABCultInhib4HFailLegislOblige] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure to Listen and Learn from Customers, Regulators and Employees – Failure to Consider Regulator Voice – Failure to Ensure Legislative Obligations are Captured, Internalised and Supported by Specified Processes and Controls in Integrated and Effective Manner73  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­making, coverage/rating − 7/87.50 rprox (NAB); • [NABCultInhib4IFailMistake&Chall] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Failure to Listen and Learn from Customers, Regulators and Employees – Failure to Consider Employee Voice – Failure to Disclose Failures and Mistakes and Challenge Decisions and Behaviour of Others74  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (NAB); and • [NABCultInhib4JFailCustServ (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Failure to Listen and Learn from Customers, Regulators and Employees  – Failure to Consider Employee Voice  – Perceived Factors Hindering Exceptional Customer Service75  – Reduction in Risk Management

 Ibid.  Ibid. 72  Ibid. 73  Ibid. 74  Ibid. 75  Ibid. 70 71

31.8  NAB Cultural Inhibitor 5 – Other Priorities Put Before Commitment to Customers

907

and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB), including perceived:76 –– –– –– ––

sales pressure; inadequate access to relief employees; complex systems and processes; and arbitrary harshness in consequences imposed for breaches.

31.8 NAB Cultural Inhibitor 5 – Other Priorities Put Before Commitment to Customers Using the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 but in the negative (−) direction for “other priorities put before commitment to customer outcomes”,77 coverage/rating − 7/87.50 rprox: • See the [NABCultInhib5PriorityOverCust] (−) variable in Sect. 31.1; • [NABCultInhib5APrioritySTFinMan] (−)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Other Priorities Put Before Commitment to Customers  – Emphasis on Short-Term Financial Management Rather than Customer Outcomes78 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (NAB); • [NABCultInhib5BPrioritySales] (−) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Perceived Emphasis on Sales Over Service79 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (NAB); Using the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the positive (+) direction for prioritising ‘commitment to customer outcomes’ over other priorities, coverage/rating + 7/87.50 rprox: • [NABCultInhib5CCustTargetBehave] (+)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Other Priorities Put Before Commitment to Customers  – Target Behaviours  – ‘Taking a Stand for the Customer’80  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB);

 Ibid  Ibid. 78  Ibid. 79  Ibid, p 56. 80  Ibid, p 55. 76 77

908

31  NAB and Westpac Recommendations and Commentary on Culture

• [NABCultInhib5DCustSyst&Controls] (+)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Other Priorities Put Before Commitment to Customers  – Systems and Controls for Bankers to Achieve Right Customer Outcomes Every Time81  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); • [NABCultInhib5ECustQualAssure] (+)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Other Priorities Put Before Commitment to Customers – Quality Assurance System to Detect Error82 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox (NAB); • [NABCultInhib5FCustSystMaintInvest] (+)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Other Priorities Put Before Commitment to Customers – Sustainable Investment to Keep Systems Customers Rely on Stable and Secure83  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); • [NABCultInhib5GCustThirdParty] (+)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Other Priorities Put Before Commitment to Customers – Confirmation that Third Parties including Intermediaries Maintain or Enhance the Quality, Depth and Reliability of Services for Customers84  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); • [NABCultInhib5HCustRemed] (+) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Speed and Ease of Fix for Customer including to Err in Customer Favour if Approach is Unclear85  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); • [NABCultInhib5ICustHuddles] (+) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Customer ‘Huddles’ for Staff Weekly or Fortnightly  – Review Insights and Feedback from Customers to Identify Issues and Create Action Plans to Improve Local Team and Across the Bank86  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB), including:

 Ibid, p 56.  Ibid. 83  Ibid. 84  Ibid. 85  Ibid. 86  Ibid. 81 82

31.9  Westpac’s Findings and Commentary on Culture

909

–– NPS (Net Promoter Score) verbatim comments, complaints and customer stories;87 • [NABCultInhib5JNoLeaderBrd] (+) – Banks – NABCult – Cultural Inhibitors to Targeted Culture – Other Priorities Put Before Commitment to Customers – Removal of Visible ‘Leaderboard’ for Sales88 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB); • [NABCultInhib5KCultEmbedPlan] (+)  – Banks  – NABCult  – Cultural Inhibitors to Targeted Culture  – Other Priorities Put Before Commitment to Customers  – Implement ‘Culture Embed Plan’89  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (NAB) including: –– Board oversight.90

31.9 Westpac’s Findings and Commentary on Culture Westpac views ‘risk culture’ as part of the overall culture and comprised of four interwoven elements: While culture has significant bearing on the management of risk and compliance, Westpac does not regard “risk culture” – the behavioural norms of individuals and groups that influence the identification, understanding, discussion and escalation of current and future risks – as something independent of the overall culture. Rather, managing risk and helping to protect its customers, communities and people are seen as part of Westpac’s culture. …There are four, interwoven elements of culture used to describe the operation and dynamic of culture within the Group. The first three elements – Drivers of culture, the Mind elements and Behaviours – must be considered holistically with Outcomes. Consideration of each of these elements informed the findings in this chapter.91

Here  – for Westpac’s Review Team constructing its culture variables  – the approach of this Stage 2 Key Code and Advanced Handbook will be to craft ‘WBCCult’ variables – similarly to the ‘NABCult’-prefix variables – based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same positive (+) direction, coverage/rating + 7/87.50 rprox.

 Ibid.  Ibid. 89  Ibid. 90  Ibid, Action #26 therein. 91  Westpac Banking Corporation, Review Team, Governance, Accountability and Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-Assessment_Report_.pdf (‘Westpac Review Team 2018’), chap. 13, Culture, p 95 (footnotes omitted). 87 88

910

31  NAB and Westpac Recommendations and Commentary on Culture

Like the [BrdSkills] (+) variable, there is an hypothesised enhancement in risk management and therefore internal monitoring. Thus, the effect of the ‘WBCCult’prefix governance variables is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, an enhancement of a risk culture can be seen as an enhancement in the quality of decision-making reflected in a positive effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Thus, like the [BrdSkills] (+) variable with a coverage/rating of +7/87.50 rprox, the ‘WBCCult’-prefix governance variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 192). Similarly to the [BrdSkills] (+) variable, coverage/rating  +  7/87.50 rprox, compliance with corporate governance and legal requirements on the company – an obligation which remains constant by force of law – is not affected by the culture element of bank directors, the CEO, executives, middle- and lower-level managers and employees. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the ‘WBCCult’prefix governance variables as follows:

31.10 Westpac Finding 1: “Vision, values and strategy set at the top are clear, but translation by leaders into purposeful action for employees can be improved”93 Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the positive (+) direction for vision, values and strategy, coverage/rating + 7/87.50 rprox: • [WBCCultTopClear] (+)  – Banks  – WBCCultTopClear  – Vision, Values and Strategy at Top Are Clear94  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (Westpac); • [WBCCultTopClearCoreValues] (+) – Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Core Values of Integrity, Service, One Team, Courage and Achievement Well-Communicated95 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox (Westpac);

 See discussion in section 2.6.2 of Stage 1, above n 2, pp 41–43.  Westpac Review Team 2018, above n 91, Finding 1, section 13.1, p 95. 94  Ibid, section 13.1.1, p 95. 95  Ibid, section 13.1.2, p 96. 92 93

31.10  Westpac Finding 1: “Vision, values and strategy set at the top are clear…

911

• [WBCCultTopClearCoreValuesIntegrity] (+) – Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Core Values of Integrity, Service, One Team, Courage and Achievement – Integrity (the ‘Right Thing’) Strongly Embedded for Customers, Bank and Colleagues96  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox (Westpac); • [WBCCultTopClearIntent&ToneTop] (+)  – Banks  – WBCCultTopClear  – Vision, Values and Strategy at Top Are Clear – Strong Intent and Tone from the Top97  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating  +  7/87.50 rprox (Westpac) including: –– strong support mechanisms and programs; • [WBCCultTopClearGM-1Expert&RoleModels] (+)  – Banks  – WBCCultTopClear  – Vision, Values and Strategy at Top Are Clear  – Strong GM-1 Experts and Role Models98  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (Westpac) including: –– subject matter experts; –– good role models; and –– instilling ‘speak-up’ culture in some areas; Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the negative (−) direction for vision, values and strategy, coverage/rating − 7/87.50 rprox: • [WBCCultTopClearBUs&SMan] (−) – Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Values Not Translated to Business Units and Senior Management99  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (Westpac); • [WBCCultTopClearCoreValuesPract] (−)  – Banks  – WBCCultTopClear  – Vision, Values and Strategy at Top Are Clear – Core Values of Integrity, Service, One Team, Courage and Achievement Not Put into Practice100  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (Westpac); • [WBCCultTopClearCoreValuesServiceOneTeam] (−)  – Banks  – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Core Values of Integrity, Service, One Team, Courage and Achievement – Service and One

 Ibid, section 13.1.4, p 96.  Ibid, section 13.1.4, p 96. 98  Ibid, section 13.1.11, p 97. 99  Ibid, section 13.1.1, p 95. 100  Ibid, section 13.1.2, p 96. 96 97

912

31  NAB and Westpac Recommendations and Commentary on Culture

Team Not Sufficiently Ingrained101 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (Westpac) including:102 –– –– –– ––

lack of contextualisation at lower level; uncertainty about alignment of service, commerciality and day-to-day work; complexity and process hindering service; and One Team may result in over-collaboration and over-focus on relationships;

• [WBCCultTopClearCoreValuesCourage] (−) – Banks – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Core Values of Integrity, Service, One Team, Courage and Achievement – Courage Not Sufficiently Ingrained103 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (Westpac) including: –– fearful of “speaking up, managing messages, challenging and taking ownership and accountability”;104 • [WBCCultTopClearCoreValuesAchievement] (−)  – Banks  – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Core Values of Integrity, Service, One Team, Courage and Achievement  – Achievement linked to Productivity and Cost Reduction105 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (Westpac); • [WBCCultTopClearSpeakUp&ChallengeET] (−)  – Banks  – WBCCultTopClear – Vision, Values and Strategy at Top Are Clear – Comfort to Speak up and Challenge Inconsistent within Executive Team106 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (Westpac) including:107 –– insufficient prioritisation; and –– avoiding difficult decisions; • [WBCCultTopClearGMBottleneck] (−)  – Banks  – WBCCultTopClear  – Vision, Values and Strategy at Top Are Clear  – GM Bottlenecks to Decision-­ making, Managing and Filtering Upward Messaging108  – Reduction in Risk

 Ibid, section 13.1.5, p 96.  Ibid. 103  Ibid, section 13.1.6, p 96. 104  Ibid. 105  Ibid, section 13.1.7, p 96. 106  Ibid, section 13.1.9, p 97. 107  Ibid. 108  Ibid, section 13.1.10, p 97. 101 102

31.11  Westpac Finding 2: “Management of non-financial risk, although…

913

Management and Internal Monitoring Effect – Reduction in Quality of Decision-­ making, coverage/rating − 7/87.50 rprox (Westpac) including:109 –– residual ‘good news’ culture; and –– “high number of stakeholders and expectations that GMs must manage”; • [WBCCultTopClearGM-1Drawbacks] (−)  – Banks  – WBCCultTopClear  – Vision, Values and Strategy at Top Are Clear – GM-1 Drawbacks in Practice110 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (Westpac) including:111 –– –– –– ––

discouragement of speak-up; “excessive concern about career repercussions for delivering bad news”; “managing” of messages to GM level; “patchy ownership of outcomes due to blurriness of accountability between GM and GM-1 roles”; and –– lack of GM-1 leadership programs. • [WBCCultTopClearGM-2Drawbacks] (−)  – Banks  – WBCCultTopClear  – Vision, Values and Strategy at Top Are Clear – GM-2 Drawbacks in Practice112 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (Westpac) including:113 –– –– –– –– ––

“overly concerned with self over team”; discouraging speak-up; “focus on short-term pursuit of outcomes”; “insufficient consequences for falling short of desired behaviours”; and “lack of clarity with regard to accountability”.

31.11 Westpac Finding 2: “Management of non-financial risk, although recognised as important, is not as well understood and embedded as it should be”114 Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the positive (+) direction for management of non-financial risks, coverage/rating + 7/87.50 rprox:

 Ibid.  Ibid, section 13.1.11, p 97. 111  Ibid. 112  Ibid, section 13.1.12, p 97. 113  Ibid. 114  Ibid, section 13.2, p 98. 109 110

914

31  NAB and Westpac Recommendations and Commentary on Culture

• [WBCCultNFRAwareBrd&ET] (+) – Banks – WBCCultNFR – Non-Financial Risk Awareness by Board and Executive Team (High)115 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox (Westpac); Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the negative (−) direction for management of non-financial risks, coverage/rating − 7/87.50 rprox: • [WBCCultNFRAwareGM&GM-1] (−)  – Banks  – WBCCultNFR  – Non-­ Financial Risk Awareness by GMs and GM-1  s Materially Inconsistent116  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (Westpac) including: –– not following long processes to save time can introduce risk or non-compliant behaviour; • [WBCCultNFRCapability] (−)  – Banks  – WBCCultNFR  – Non-Financial Risk Capability at Lower Confidence117 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (Westpac) including: –– operational risk management creating operational risk; • [WBCCultNFRAware&CapabilityFactors] (−)  – Banks  – WBCCultNFR  – Non-Financial Risk Awareness and Capability Factors118  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­ making, coverage/rating − 7/87.50 rprox (Westpac) including:119 –– –– –– ––

time and capacity constraints; competing priorities; “sales pressure, focus on targets and lack of reward for good behaviour”; “lack of transparency and clarity regarding consequences for poor risk management and behaviour”; and –– “consequences for poor risk management were not consistently applied”.

 Ibid, section 13.2.2, p 98.  Ibid, section 13.2.2, p 98. 117  Ibid, section 13.2.3, p 98. 118  Ibid, section 13.2.4, p 98. 119  Ibid. 115 116

31.12  Westpac Finding 3: “The organisation is people-oriented, but can overplay its…

915

31.12 Westpac Finding 3: “The organisation is people-­oriented, but can overplay its caring, relationship-focus and collaboration attributes”120 Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the positive (+) direction for caring, relationship-focus and collaboration, coverage/rating + 7/87.50 rprox: • [WBCCultCare] (+) – Banks – WBCCultCare – Caring Culture121 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (Westpac) including: –– –– –– ––

long-tenure employees; inclusion and diversity; policies to support employees; and helping internally and externally;122

• [WBCCultRelation&Risk] (+)  – Banks  – WBCCultRelation  – Relationships Integral to Risk Matters123  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (Westpac) including: –– overcoming complexity of frameworks, policies and processes; –– seeking advice; and –– strong relationship with regulators; • [WBCCultCollab] (+)  – Banks  – WBCCultCollab  – Collaboration124  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating  +  7/87.50 rprox (Westpac) including: –– making better decisions; –– devise better solutions; and –– challenging ideas more; Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the negative (−) direction for management of caring and relationship downsides, coverage/ rating − 7/87.50 rprox:

 Ibid, section 13.3, p 99.  Ibid, section 13.3.2, p 99. 122  Ibid, section 13.3.3, p 99. 123  Ibid, section 13.3.4, p 99. 124  Ibid, section 13.3.5, p 99. 120 121

916

31  NAB and Westpac Recommendations and Commentary on Culture

• [WBCCultCare&RelationDownsides] (−) – Banks – WBCCultCare – Caring and Relationship Downsides125 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (Westpac) including:126 –– difficulties on-boarding new employees, carrying out tasks and having ideas and suggestions heard; –– “outcomes can be overly dependent on the working style or preferences of individuals”; –– blurring of roles and accountabilities between L1 and L2; –– “preventing speaking-up and challenging”; and –– “protect[ing] people who have underperformed or displayed poor behaviour at lower levels”; • [WBCCultCollabOver] (−) – Banks – WBCCultCollab – Overcollaboration127 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (Westpac) including:128 –– “unnecessarily high number of meetings and committees”; and –– “involvement of too many people in decision-making, leading to slowness, diffusion of accountability…and loss of thinking space”; • [WBCCultCollabLackRisk&BUs] (−)  – Banks  – WBCCultCollab  – Collaboration between Risk Function and Businesses129  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decisionmaking, coverage/rating − 7/87.50 rprox (Westpac) including:130 –– “lack of open communication and collaboration between Risk and business”; –– “lack of working toward common goals”; –– “Compliance function…was perceived as “policing”, rather than supporting business in meeting compliance requirement”; –– unsureness as to “who to ask for support and needing to work with multiple support teams (Operational Risk, Compliance and Legal) to solve problems”; –– “gaps in risk capability in the business and business acumen in the Risk function”;131 and –– “insufficient clarity regarding end-to-end accountability and ownership at various points”.132  Ibid, section 13.3.5, p 99.  Ibid. 127  Ibid, section 13.3.5, pp 99–100. 128  Ibid. 129  Ibid, section 13.3.6, p 100. 130  Ibid. 131  Ibid, section 13.3.7, p 100. 132  Ibid. 125 126

31.13  Westpac Finding 4: “There is insufficient personal ownership and empowerment… 917

31.13 Westpac Finding 4: “There is insufficient personal ownership and empowerment, leading to a tendency to default to collective decision-making and diffused accountability”133 Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the negative (−) direction for collective decision-making and diffused accountability, coverage/ rating − 7/87.50 rprox: • [WBCCultOwnPersonalDrivers] (−) – Banks – WBCCultOwn – Insufficient Personal Ownership Drivers134  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (Westpac) including:135 –– –– –– –– ––

lack of empowerment; fear of failure and resulting consequence; insufficient clarity of directions; complexity; and prioritisation difficulties;

• [WBCCultOwnEmpowerDrivers] (−)  – Banks  – WBCCultOwn  – Lack of Empowerment Outcomes and Drivers Resulting in Difficulty in Delivering Optimal Service136  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (Westpac) including:137 –– –– –– –– –– –– –– ––

“highly constrained zones of discretion”; “significant time navigating complex structures”; “processes and policies that are not conducive to actual and felt ownership”; hierarchal structure; complexity of processes and policies; complex structures requiring involvement of multiple stakeholders; perceived resource constraints; and perceived strong influence of Finance and HR functions including in relation to risk matters;

• [WBCCultOwnEmpowerDefaultCollective] (−)  – Banks  – WBCCultOwn  – Lack of Empowerment Resulting in Default to Collective Decision-making138 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in  Ibid, section 13.4, p 100.  Ibid, section 13.4.1, p 100. 135  Ibid, section 13.4.2, pp 100–101. 136  Ibid, section 13.4.3, p 101. 137  Ibid sections 13.4.3 – 13.4.5, p 101. 138  Ibid, section 13.4.6, p 101. 133 134

918

31  NAB and Westpac Recommendations and Commentary on Culture

Quality of Decision-making, coverage/rating  −  7/87.50 rprox (Westpac) including:139 –– –– –– –– –– ––

“making decisions in groups…through committees or extensive sign-offs”; unclear accountability for issues; “lack of single point of end-to-end accountability”; lack of ownership and empowerment; “structural complexity and bureaucracy”; and tendency to over-collaborate;

31.14 Westpac Finding 5: “There is a tendency towards “Completeness”, Which Can Lead to Acceptance and Perpetuation of Organisational Complexity”140 Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the negative (−) direction for completeness and organisational complexity, coverage/rating − 7/87.50 rprox: • [WBCCultCompleteMax] (−) – Banks – WBCCultComplete – Completeness or “Maximalism” in Approach to Work141 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (Westpac) including:142 –– employees “highly analytical, as seeking “more information” before making decisions”; –– “involving “everyone” in meetings and decision-making forums”; –– “seeking or requiring extensive “sign-offs””; –– “iterating documents an unusually large number of times”; –– putting “more (rather than fewer) pieces of information into reports”; –– preference “to layer on – over reducing or rationalising – processes, policies and complexity”; –– “slowness of execution, which may in turn lead to reduced capacity and fewer opportunities for learning and reflection”;143 –– difficulties in interpretation and application of overly complete frameworks, policies and procedures; and –– difficulties in “ready comprehension of main points (including at Board level…)” of exhaustive reports and documents;

 Ibid.  Ibid, section 13.5, p 101. 141  Ibid, section 13.5.1, pp 101–102. 142  Ibid. 143  Ibid, section 13.5.2, p 102. 139 140

31.14  Westpac Finding 5: “There is a tendency towards “Completeness”, Which…

919

• [WBCCultCompleteDrivers] (−) – Banks – WBCCultComplete – Drivers of Completeness or “Maximalism” in Approach to Work144  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­ making, coverage/rating − 7/87.50 rprox (Westpac) including:145 –– desire for safety to “over-report and layer-on processes than to omit something that may later be found to be crucial”; –– exacerbated by external scrutiny; and –– “historical preference for the analytical and the technical, and the tendency to focus on conceptualisation over embedding”; • [WBCCultCompleteComplexAccept] (−)  – Banks  – WBCCultComplete  – Acceptance and Perpetuation of Complexity146 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (Westpac) including:147 –– structural complexity; –– “process and policy complexity or “bureaucracy””; –– “complexity…driv[ing] some traits such as lack of empowerment (Finding 4) and focus on process over outcome (Finding 8); and –– “consequent work-arounds to get things done, [the bank] may be assuming additional risk”; Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the positive (+) direction for completeness and organisational complexity, coverage/rating + 7/87.50 rprox: • [WBCCultCompleteBenefits] (+) – Banks – WBCCultComplete – Benefits in Completeness or “Maximalism” in Approach to Work148 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making coverage/rating + 7/87.50 rprox (Westpac) including: –– rigour and thoroughness; and –– risk management.

 Ibid, section 13.5.3, p 102.  Ibid. 146  Ibid, section 13.5.4, p 102. 147  Ibid. 148  Ibid, section 13.5.1, pp 101–102. 144 145

920

31  NAB and Westpac Recommendations and Commentary on Culture

31.15 Westpac Finding 6: “Focus on speak-up and challenge has increased, but more work is needed to increase employee comfort and listening by leaders”149 Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the negative (−) direction for speaking-up and challenge, coverage/rating − 7/87.50 rprox: • [WBCCultNoChallRedSpeakUp] (−)  – Banks  – WBCCultNoChall  – “Red” Risk Appetite Dashboard for Speak-Up – Employee Fear to “Call Out” Issues, Risks and Concerns150 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (Westpac) including:151 –– “enablement of a positive speak-up culture varies by organisational level”; • [WBCCultNoChallFail] (−) – Banks – WBCCultNoChall – Challenge Culture/ Environment Failure in Some Parts of Bank152 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (Westpac) excluding:153 –– new hire frustration at ‘defensive’ leadership behaviour and challenging established processes with industry experience; • [WBCCultNoChallDrivers] (−)  – Banks  – WBCCultNoChall  – Challenge Culture/Environment Failure in Some Parts of Bank – Drivers154 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-­making, coverage/rating − 7/87.50 rprox (Westpac) including:155 –– leadership shortcomings in fostering the value of Courage (Finding 1); –– “employee “speak-up” has not yet been matched by management “listening up”” including “no strong organisational norm around leaders actively seeking out and being open to feedback and raised issues”; –– “hierarchical behaviour not conducive to upward challenge”; –– fear of consequences of challenge of a superior; and –– perception of insufficient action as a result of raising issues.

 Ibid, section 13.6, p 102.  Ibid, section 13.6.1, p 102. 151  Ibid. 152  Ibid, section 13.6.2, pp 102–103. 153  Ibid. 154  Ibid, section 13.6.3, p 103. 155  Ibid. 149 150

31.16  Westpac Finding 7: “There is insufficient discipline in prioritising, making…

921

31.16 Westpac Finding 7: “There is insufficient discipline in prioritising, making decisions and saying “no””156 Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the negative (−) direction for prioritising, making decisions and saying “no”, coverage/rating − 7/87.50 rprox: • [WBCCultPriority] (−)  – Banks  – WBCCultPriority  – Prioritising, Making Decisions and Saying “No” – Low Expectation that Leaders Can Prioritise or Make Trade-offs157 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (Westpac) including:158 –– “inability (often of leaders) to face issues and make difficult decisions, specifically when they are required to say “no””; • [WBCCultPriorityRiskMan] (−)  – Banks  – WBCCultPriority  – Prioritising, Making Decisions and Saying “No” – Prioritisation Issues in Risk Management Function159 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (Westpac) including:160 –– “proliferation of risk-related requirements without any guidance on prioritisation”; –– “frequent reporting of risk and issues, including Audit issues as “amber”…does not assist with prioritisation and orientation towards resolution”; and –– further accentuated by rating of majority of Audit issues as “requires remediation”; • [WBCCultPriorityDrivers] (−)  – Banks  – WBCCultPriority  – Drivers of Prioritising, Making Decisions and Saying “No”161  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decisionmaking, coverage/rating − 7/87.50 rprox (Westpac) including:162 –– –– –– ––

adding processes and adding to processes; “completeness” (Finding 5); “involving too many people” (Finding 3); “hierarchy and the large number of people with actual or perceived veto rights”;

 Ibid, section 13.7, p 103.  Ibid, section 13.7.1, p 103. 158  Ibid. 159  Ibid, section 13.7.2, p 103. 160  Ibid. 161  Ibid, section 13.7.3, p 103. 162  Ibid. 156 157

922

31  NAB and Westpac Recommendations and Commentary on Culture

–– “avoiding conflict or…uncomfortable challenging others” (Finding 6); –– “consensus driven and collaborative traits…diffuse personal ownership and accountability, and confuse decision-making authority (see Finding 4), limiting the ability to prioritise”; –– prioritisation working only “when something is urgent and important, or when there is sufficient impetus provided by senior (internal or external) levels of authority”;163 and –– “perception that issues raised to senior management can result in overly quick and intense responses that do not leave room for reflection or strategic thinking… lead[ing] to suboptimal outcomes such as duplicated efforts or solutions not addressing the root cause”.

31.17 Westpac Finding 8: “There is a tendency to focus on conceptualisation over embedding and process over outcome”164 Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the negative (−) direction for conceptualisation and process over outcome, coverage/rating − 7/87.50 rprox: • [WBCCultConceptProc] (−) – Banks – WBCCultConcept – Conceptualising Frameworks and Policies Over Rigorous Execution to bring Conceptual Products to Fruition165 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (Westpac); • [WBCCultConceptProcDrivers] (−) – Banks – WBCCultConcept – Drivers of Conceptualisation166 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (Westpac) including:167 –– leaders removed from day-to-day realities; –– “reluctance to challenge upward (Finding 6)…as leaders may not be made aware of embedding difficulties”; –– management losing interest/involvement when implementation required or “other pressing concerns consume scare time reserves”; and –– employee perception to move to next urgent matter;

 Ibid, section 13.7.4, pp 103–104.  Ibid, section 13.8, p 104. 165  Ibid, section13.8.1, p 104. 166  Ibid, section13.8.2, p 104. 167  Ibid. 163 164

31.18  Westpac Finding 9: “A lack of institutional learning and reflection holds…

923

• [WBCCultConceptProcOut] (−)  – Banks  – WBCCultConcept  – Preferring Process Over Outcomes168  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (Westpac) including:169 –– “Compliance function was highlighted as particularly “adversarial,” focussing more on attestation and policy than managing compliance risk”; and • [WBCCultConceptProcOutDrivers] (−)  – Banks  – WBCCultConcept  – Drivers of Preferring Process Over Outcomes170 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (Westpac) including:171 –– –– –– –– ––

fear of consequences; perception of “safety in a process”; “lack of personal ownership and accountability (Finding 4)”; “perceived capacity and complexity issues (Finding 5)”; and “reluctance to challenge the status quo (Finding 6)”.

31.18 Westpac Finding 9: “A lack of institutional learning and reflection holds the organisation back”172 Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the positive (+) direction for institutional learning and reflection, coverage/rating + 7/87.50 rprox: • [WBCCultLearnMech&Prog] (+)  – Banks  – WBCCultLearn  – Mechanisms and Programs for Employee Learning173  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (Westpac); Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the negative (−) direction for institutional learning and reflection, coverage/rating − 7/87.50 rprox: • [WBCCultLearn&ReflectEmbed] (−) – Banks – WBCCultLearn – Learning and Reflection Not Embedded in Day-to-Day Activities of Employees174  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in  Ibid, section13.8.3, p 104.  Ibid. 170  Ibid, section13.8.4, p 104. 171  Ibid. 172  Ibid, section 13.9, p 105. 173  Ibid, section 13.9.1, p 105. 174  Ibid, section 13.9.1, p 105. 168 169

924

31  NAB and Westpac Recommendations and Commentary on Culture

Quality of Decision-making, coverage/rating  −  7/87.50 rprox (Westpac) including:175 –– lack of learning and reflection among competing priorities; –– lack of time to learn; and –– affecting activities such as risk and compliance; • [WBCCultLearn&ReflectInstitLevel] (−)  – Banks  – WBCCultLearn  – Learning and Reflection Not Embedded at Institutional Level176 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-­making, coverage/rating − 7/87.50 rprox (Westpac) including:177 –– post-implementation reviews, but no distillation, documenting or dissemination of findings for future reference; –– “multiple remediation projects in the same areas over the past two decades also suggest a lack of systematic sharing of best practices”;178 –– “relatively high level of discomfort reported in sharing vulnerability and failure and learning from mistakes”;179 and –– “lack of listening and defensiveness to challenge” for some leaders (Finding 6);180 • [WBCCultLearn&ReflectDrivers] (−)  – Banks  – WBCCultLearn  – Drivers Influencing the Levels of Learning and Reflection181  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­ making, coverage/rating − 7/87.50 rprox (Westpac) including:182 –– perceived capacity constraints; –– adherence to status quo rather than challenge (Finding 6); –– remediated by: • “learning and reflection resulting from recent external scrutiny, particularly the Royal Commission”183 in relation to risk and compliance management and shared lessons from those testifying; • “importan[ce] that this heightened focus remained once external scrutiny lessened”.184

 Ibid, section 13.9.2, p 105.  Ibid, section 13.9.3, p 105. 177  Ibid. 178  Ibid. 179  Ibid, section 13.9.4, p 105. 180  Ibid. 181  Ibid, section 13.9.5, p 105. 182  Ibid. 183  Ibid. 184  Ibid. 175 176

31.19  Westpac Reassessment Findings on Risk Culture

925

31.19 Westpac Reassessment Findings on Risk Culture For the 9 cultural traits in Sects. 31.10–31.18 above, the Westpac Reassessment185 finds that they continue to contribute to shortcomings.186 Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the negative (−) direction for risk culture, coverage/rating − 7/87.50 rprox: • [2020WBCCultNFRPriorityFocus] (−)  – Banks  – 2020WBCCultNFR  – Westpac Culture for Non-financial Risk – Non-financial Risk is a Priority but Requires More Focus – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (2020Westpac)187 including tendencies: –– –– –– –– –– ––

“Focus on individual issues rather than broader implications”; “Be reactive rather than proactive”; “Be too satisfied with a sense of success”; “The ‘voice of Risk’ being too faint”; “Be too insular in the approach to managing certain risks”; and “Be ineffective in escalating concerns and challenging assumptions”;188

• [2020WBCCultNFRSnrManLead] (−)  – Banks  – 2020WBCCultNFR  – Westpac Culture for Non-financial Risk – Senior Management Role in Leading Risk Management and Setting Tone is Key and Requires Enhancement  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (2020Westpac);189 • [2020WBCCultNFRCultivateComplexity] (−) – Banks – 2020WBCCultNFR – Westpac Culture for Non-financial Risk – “Tendency to Cultivate Complexity” – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (2020Westpac);190 • [2020WBCCultNFRBlameNotLearn] (−)  – Banks  – 2020WBCCultNFR  – Westpac Culture for Non-financial Risk – “Some Leaders React to Incidents with a Focus on Who is to Blame Rather than What to Learn” – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­ making, coverage/rating − 7/87.50 rprox (2020Westpac);191  Westpac Banking Corporation, Reassessment of the Culture, Governance and Accountability Remediation Plan, June 2020, accessed 20 November 2020, available at https://www.westpac. com.au/content/dam/public/wbc/documents/pdf/aw/media/WBC_CGA_Reassessment.pdf (‘Westpac Reassessment’). 186  Ibid, Chapter 4, Shortcomings in culture, governance and accountability frameworks and practices, Table 1, 2 Risk Culture, p 15. 187  Ibid. 188  Ibid. 189  Ibid. 190  Ibid. 191  Ibid. 185

926

31  NAB and Westpac Recommendations and Commentary on Culture

Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 in the positive (+) direction for risk culture, coverage/rating + 7/87.50 rprox: • [2020WBCCultNFRRiskCultureFramework] (+)  – Banks  – 2020WBCCultNFR – Westpac Culture for Non-financial Risk – Development of Risk Culture Framework with Ongoing Reporting to RISKCO and BRC  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (2020Westpac);192 • [2020WBCCultNFRRiskCultGroupExecRisk&HR] (+)  – Banks  – 2020WBCCultNFR  – Westpac Culture for Non-financial Risk  – “Group Executive Leadership and Clear Co-ordination of Risk and HR Expertise in Setting and Measuring Risk Behaviours” – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (2020Westpac);193 • [2020WBCCultNFRRiskCultRoleModelBehaviours] (+)  – Banks  – 2020WBCCultNFR – Westpac Culture for Non-financial Risk – Development of Role Model Behaviours for “Sound Risk Management and a Proactive and Systematic Risk Culture”  – Enhancement In Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (2020Westpac);194 • [2020WBCCultNFRRiskCultureDashboard] (+)  – Banks  – 2020WBCCultNFR  – Westpac Culture for Non-financial Risk  – Risk Culture Dashboard  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (2020Westpac);195 • [2020WBCCultNFRMaturitySelfAssessProcess] (+)  – Banks  – 2020WBCCultNFR – Westpac Culture for Non-financial Risk – Maturity SelfAssessment Process – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (2020Westpac);196 and • [2020WBCCultNFRPsycholSafety] (+)  – Banks  – 2020WBCCultNFR  – Westpac Culture for Non-financial Risk – “Define and Strengthen Psychological Safety and to Monitor and Mitigate Tendency to Blame Individuals”  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (2020Westpac).197

 Ibid.  Ibid. 194  Ibid. 195  Ibid. 196  Ibid. 197  Ibid. 192 193

Chapter 32

APRA Information Paper 2019 on Risk Culture

Abstract  In Chapter 32 of the Stage 2 Key Code and Advanced Handbook for the governance of Australian major banks, we examine the APRA Information Paper 2019 on risk culture. The APRA commentary is that: • risk culture is not always well understood and that significant scope for improvement and investment remains; • measurement and analysis of culture is still developing; • behaviours are overlooked in favour of formal mechanisms; and • a lack of a clear view of risk culture. Keywords  APRA Information Paper 2019 · Risk culture · Lack of understanding · Measurement · Analysis · Behaviours · Formal mechanisms · Lack of clear view

32.1 APRA’s “Risk culture is not always well understood”1 The APRA Information Paper 2019 observed as an emerging theme that “risk culture is not always well understood” and that “significant scope for improvement and investment remains”.2 The Stage 2 relational approach will construct disclosure variables identical to the [TransTimeMon] (+)3 variable but in the negative (−) direction, giving rise to a coverage/rating − 8/100.00 rprox. This reflects a decrease in the quality of risk   Australian Prudential Regulation Authority (APRA), Information Paper, Self-Assessments of  Governance, Accountability and  Culture, 22 May 2019, accessed 5 June 2019, available at  https://www.apra.gov.au/sites/default/files/information_paper_self-­assessment_of_governance_accountability_and_culture.pdf, (APRA Information Paper 2019’), p 21. 22   Ibid. 3  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in section 9.1.2.1 of Stage 1, pp 198–199. 1

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_32

927

928

32  APRA Information Paper 2019 on Risk Culture

management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the reduction in information flow as a result of APRA’s identification of ‘APRACult’-prefix culture variables. This gives rise to governance variables with a coverage/rating of −8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Alternatively, there is a decrease in the quality of decision-making negatively affecting Decision-making Factor No 7 and/or a reduction of clear lines of accountability/responsibility negatively affecting Responsibility Factor No 8 for each of the failings identified by APRA. APRA’s “Measurement and analysis of culture is still developing”4 The following variables in the negative (−) direction are modelled on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 in relation to measuring and analysis of culture.5 The variables represent a decrease/reduction in information flow and therefore a reduction in the quality of risk management and internal monitoring and decision-making, coverage/rating − 8/100.00 rprox: • [APRACultSurveySingleSource] (−)  – Banks  – APRACult  – Measurement and Analysis of Culture – “Rel[iance] on Surveys as Single Source to Support Self-Assessment Findings on Culture”6  – Reduction in Information Flow  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating  −  8/100.00 rprox (APRA Information Paper 2019) which may be remedied by:7 –– –– –– ––

surveys; focus groups; risk culture audits and interviews; and conducted by independent internal resources or external consultants.

• [APRACultFailRegularBrdReport] (−) – Banks – APRACult – Measurement and Analysis of Culture – Failure of “Regularity of Reporting to the Board on Risk Culture Issues”8  – Reduction in Information Flow  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­ making, coverage/rating − 8/100.00 rprox (APRA Information Paper 2019); and • [APRACultFailLinkRiskCultToRiskApp] (−)  – Banks  – APRACult  – Measurement and Analysis of Culture – Failure to “Link Risk Culture Outcomes

For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 4  APRA Information Paper 2019, above n 1, p 22. 5  Ibid. 6  Ibid. 7  Ibid. 8  Ibid.

32.1  APRA’s “Risk culture is not always well understood”

929

to Stated Risk Appetite”9 – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­ making, coverage/rating − 8/100.00 rprox (APRA Information Paper 2019). APRA’s “Behaviours overlooked in favour of formal mechanisms”10 The following variables are modelled on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 in the negative (−) direction in relation to overlooking behaviours11 and representing a decrease/reduction in information flow and therefore a reduction in the quality of risk management and internal monitoring and decision-­ making, coverage/rating − 8/100.00 rprox: • [APRACultFocusProcSystems] (−)  – Banks  – APRACult  – Overlooking Behaviours for Mechanisms  – “Actions…Focussed Primarily on Addressing Processes and Systems [rather than] Culture and Behaviours”12 – Reduction in Information Flow  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (APRA Information Paper 2019); • [APRACultFailIndicators] (−) – Banks – APRACult – Overlooking Behaviours for Mechanisms – “Failure to Use Indicators of Cultural Problems”13 – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (APRA Information Paper 2019) including indicators being:14 –– fear of speaking up; and –– failure to listen to customer voice/complaints; • [APRACultOpRegOrgComplexLimits] (−)  – Banks  – APRACult  – Overlooking Behaviours for Mechanisms  – Identification of Operational, Regulatory and Organisational Structure “Complexity as a Limit to Improving Risk Culture”15  – Reduction in Information Flow  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decisionmaking, coverage/rating − 8/100.00 rprox (APRA Information Paper 2019). APRA’s “Lack of a clear view of risk culture”16 The following variables are modelled on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 in the negative (−) direction in relation to lack of a clear view17 and representing a decrease/reduction in information flow and therefore a  Ibid.  Ibid. 11  Ibid. 12  Ibid. 13  Ibid. 14  Ibid. 15  Ibid. 16  Ibid. 17  Ibid. 9

10

930

32  APRA Information Paper 2019 on Risk Culture

reduction in the quality of risk management and internal monitoring and decision-­ making, coverage/rating − 8/100.00 rprox: • [APRACultFailBrdViewRiskCult] (−) – Banks – APRACult – Lack of Clear View of Risk Culture – Failure of Board “to Form a View of the Risk Culture in the Organisation”18  – Reduction in Information Flow  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­ making, coverage/rating  −  8/100.00 rprox (APRA Information Paper 2019) including:19 –– “extent to which that culture supports the ability of the institution to operate consistently within its risk appetite”; –– “responsibility to ensure that all persons within the business operations have awareness of the risk management framework”; and –– “[responsibility] for instilling an appropriate risk culture across the…business operations”; and • [APRACultFailArticulateTargetCult] (−)  – Banks  – APRACult  – Lack of Clear View of Risk Culture  – Failure to “Articulate a Target Culture”20  – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (APRA Information Paper 2019) including:21 –– failure to express views on extent to which the bank is “achieving the desired culture”; –– “enhancement of leadership skills to improve risk culture, particularly by effectively communicating lessons learnt”; and –– “to articulate what the board considered to be acceptable and unacceptable behaviours”.

 Ibid.  Ibid. 20  Ibid, p 23. 21  Ibid. 18 19

Chapter 33

Financial and Bank-Specific Expertise

Abstract  Chapter 33 examines financial and bank-specific expertise. We find that lack of financial expertise is predictive of bank failure and identify inadequate risk management and internal controls. We construct governance variables in the negative direction for a deficiency in knowledge of risk management processes, measurement and methodology and a deficiency in banking expertise before identifying banking-industry-specific knowledge, skills/competencies and professional qualities. There requires a mix of financial and non-financial industry knowledge for effective challenge and we examine how to determine the balance for effective challenge, testing and debate including composition of the board and relevant expertise and the board selection process. We move to examine the financial industry expertise and independence trade-off and construct a number of governance variables for the number and time commitment of non-executive directors for audit, remuneration and risk committees. We review the non-executive director independence variables from Stage 1 and construct relational effect paths for the NED number and time commitment for the Compensation/Remuneration and Risk Committees. Chapter 33 concludes with development, training and support of non-executives and new non-executive director mentoring by senior executives and the ‘senior independent director’. Keywords  Financial expertise · Bank-specific expertise · Bank-specific knowledge · Skills/competencies · Risk management process · Measurement and methodology · Composition of board · Expertise and Independence trade-off · Number and time commitment of NEDs · Development · Training and support of NEDs · Senior Independent Director

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_33

931

932

33  Financial and Bank-Specific Expertise

33.1 Lack of Financial Expertise Predictive of Bank Failure In the introduction to non-executive director independence and competence in Sect. 26.2 above, the Stage 2 relational approach examined two bank-specific variables exhibiting deficiency in banking industry knowledge and competence hypothesized to have an identical behaviour and relational effect path to the [BrdIndInfo] (−) variable examined in section 7.3.2.1.3 of Stage 1,1 coverage/rating − 4/50.00 rprox. There, Adams’ observations gave rise to two new governance variables reflecting the author’s view of a deficiency on the part of independent directors of the internal workings of banks and the securitisation process: • [NEDBankWorksInfo] (−) – Banks – Non-Executive Directors – Deficiency in Knowledge of Internal Workings of Banks – Reduction in Decision Quality (coverage/rating of – 4/50.00 rprox); and • [NEDBankSecurznInfo] (−) – Banks – Non-Executive Directors – Deficiency in Knowledge of Securitization Process – Reduction in Decision Quality (coverage/rating of – 4/50.00 rprox). As noted in Sect. 26.2 above, these two governance variables are based on a deficiency of knowledge which is hypothesized to reduce the decision-making quality of non-executive directors. Thus, these variables are hypothesized to have an identical behaviour and relational effect path to the [BrdIndInfo] (−) variable examined in section 7.3.2.1.3 of Stage 1,2 coverage/rating − 4/50.00 rprox. Thus, in the case of the [NEDBankWorksInfo] (−) variable and the [NEDBankSecurznInfo] (−) variable, again a deficiency of knowledge on the part of non-executive directors – this time on the internal workings of banks and the securitisation process – causes a reduction in the quality or effectiveness of the Decision-making Factor No 7. In other words, the internal workings of banks and the securitisation process are treated as a type of ‘firm-specific’ information flow to the board which is reduced or disrupted. Thus. the relational effect paths of the [NEDBankWorksInfo] (−) variable and the [NEDBankSecurznInfo] (−) variable are hypothesized to have an identical relational effect path to the [BrdIndInfo] (−) variable examined in section 7.3.2.1.3 of Stage 1. This gives rise to a coverage/rating for these two variables of −4/50.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in section 7.3.2.1.3 of Stage 1, pp 212–215. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 2  See discussion in section 7.3.2.1.3 of Stage 1, ibid, pp 212–215. 1

33.2  Inadequate Risk Management and Internal Controls

933

33.2 Inadequate Risk Management and Internal Controls Inadequate risk management and internal controls are examined in Part 6. But for our purposes here, the OECD Kirkpatrick Report 2009 found that many boards had some ‘broad’ knowledge of their firm’s risk management methodology but not a ‘detailed understanding’: [I]t is important to note that a majority of the banks indicated that their boards were broadly knowledgeable rather than extremely knowledgeable of their company’s risk measurement methodology. More importantly, only one third of the banks were confident that their strategy and planning functions had a detailed understanding of their companies’ risk measurement methodology…This would indicate that risk management is not deeply embedded in the organisation, a clear corporate governance weakness.3

Cheffins found that criticism of boards of directors involved inadequate risk management and lack of expertise.4 This included lack of financial expertise and deference to charismatic ‘command-and-control’ CEOs.5 Hopt, too, identifies a lack of financial expertise: Many bank board members were just not qualified enough to know, understand, and deal with the complexities and risks of modern banking. This led to failures, even in firms and banks where the board was composed according to all good corporate governance standards that were valid at the time…The correlation between the losses of the banks and the qualification and experience of the bank directors was statistically highly significant and indicated causality between the two.6

This may be exacerbated in the case of independent directors who lack information compared to their executive counterparts.7 Governance variables for these observations follow next.

 Grant Kirkpatrick, The Corporate Governance Lessons from the Financial Crisis, Report of the OECD Steering Group on Corporate Governance, 11 February 2009, Financial Market Trends, Vol 2009/1, ISSN 1995–2864, accessed 27 March 2017 at http://search.oecd.org/finance/financial-­ markets/42229620.pdf, (‘OECD Kirkpatrick Report 2009’), 19–20. 4  Brian R Cheffins, “Did Corporate Governance ‘Fail’ During the 2008 Stock Market Meltdown? The Case of the S&P 500” ECGI – Law Working Paper No. 124/2009, (1 May 2009), accessed 13 June 2017 at SSRN: http://ssrn.com/abstract=1396126, 25. 5  Ibid (footnotes omitted). 6  Klaus J Hopt, Better Governance of Financial Institutions, “Corporate Governance of Banks and Other Financial Institutions After the Financial Crisis”, (2013) 13(2) Journal of Corporate Law Studies 219–253 (Part B); “Corporate Governance of Banks after the Financial Crisis”, in E Wymeersch, K J Hopt and G Ferrarini, eds., Financial Regulation and Supervision, A post-crisis analysis, Oxford University Press 2012, pp. 337–367 (Part A); ECGI – Law Working Paper No. 207, (1 April 2013), accessed 14 June 2017 at SSRN: http://ssrn.com/abstract=2212198, 12 (footnotes omitted). 7  Ibid, 30–31. 3

934

33  Financial and Bank-Specific Expertise

[NEDBankRiskManInfo] (−) – Banks – Non-Executive Directors – Deficiency in Knowledge of Risk Management Processes, Measurement and Methodology – Reduction in Decision Quality – Coverage/rating − 4/50.00 rprox – relational effect path and [NEDBankNonExpertInfo] (−) – Banks – Non-Executive Directors – Deficiency in Banking Expertise  – Reduction in Decision Quality  – Coverage/rating − 4/50.00 rprox – relational effect path. The observations of the OECD Kirkpatrick Report 2009, Cheffins and Hopt give rise to the following variables in addition to the [NEDBankWorksInfo] (−) variable and the [NEDBankSecurznInfo] (−) variable and again based on the behaviour and relational effect path of the [BrdIndInfo] (−) variable: • [NEDBankRiskManInfo] (−) – Banks – Non-Executive Directors – Deficiency in Knowledge of Risk Management Processes, Measurement and Methodology – Reduction in Decision Quality, coverage/rating − 4/50.00 rprox; and • [NEDBankNonExpertInfo] (−)  – Banks  – Non-Executive Directors  – Deficiency in Banking Expertise – Reduction in Decision Quality, coverage/rating − 4/50.00 rprox. This gives rise to a coverage/rating for these variables of −4/50.00 in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Banking-Industry-Specific Knowledge, Skills/Competencies and Professional Qualities Having examined the effects of a deficiency in knowledge of the internal workings of banks, the securitisation process, risk management processes and banking expertise, what knowledge on the part of non-executive directors is desirable? This was examined in Chap. 26 on bank-specific skills and competencies and the ‘trade-off’ with independence. The approach was to add a governance variable based on an enhancement of the monitoring of the CEO, executives and management based on banking-industry-specific knowledge, skills/competencies and professional qualities in addition to independence. It was there hypothesized that enhancement in the monitoring function would reduce the effect of ‘board capture’ by management: • [NEDBankSkillsMon] (+) – Banks – Non-Executive Directors – Policies and Standards on Bank-Specific Competencies, Skills and Professional Qualities – Enhancement of Monitoring Effect – coverage/rating + 7/87.50 rprox (relational effect path in Sect. 26.3 above). Here, it is hypothesized that this variable will reduce the effect of ‘command-­ and-­control’ CEOs referred to above. Repeated here, the behaviour of the [NEDBankSkillsMon] (+) variable is hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/rating + 7/87.50 rprox, which in turn is identical to the [BrdSkills]

33.3  Mix of Financial and Non-financial Industry Knowledge for Effective Challenge

935

(+) variable in section 7.3.1.2.1 of Stage 1, again with a coverage/rating of +7/87.50 rprox. In this case, in addition to independence, the enhancement of the monitoring of the CEO, executives and management is based on banking-industry-specific knowledge and skills. Thus, the effect of the [NEDBankSkillsMon] (+) governance variable is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of this banking-industry-specific knowledge and skills in combination with independence. Thus, like the [BrdIndMon] (+) variable and the [BrdSkills] (+) variable, the [NEDBankSkillsMon] (+) governance variable affects all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 1). This equates to a coverage/rating of +7/87.50 rprox for the [NEDBankSkillsMon] (+) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Having identified the positive and negative variables for the ‘trade-off’ between independence and bank-specific skill and competence, how are the variables used in practice? This is discussed next.

33.3 Mix of Financial and Non-financial Industry Knowledge for Effective Challenge Determining the Balance for Effective Challenge, Testing and Debate For the Walker Review 2009, a balance was required – a mix of financial industry and less specific industry knowledge: Some NEDs on a BOFI board should have financial industry experience closely relevant to the business of the entity. But others, with less immediately specific industry knowledge, should bring other relevant experience, for example of senior management in a global business or in a major non-financial trading function, that will broaden and enrich the perspective of decision-taking in the board and challenge any tendency toward the emergence of a comfortable group-think between the executives and the more “industry-literate” NEDs.8

Again, focusing on challenge, testing and debate, the Walker Review 2009’s advice is “to give greater emphasis to challenge in a board environment in which constructive challenge is expected and could be encouraged.”9 What was rejected, however, was the suggestion that non-executive directors should focus on audit, remuneration and nomination leaving “core decisions” on risk and strategy to executive directors.10 Instead, the role of non-executive directors in strategy and  David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), Para 2.9, p 36. 9  Ibid, Para 2.10, p 36. 10  Ibid, Para 2.11, p 36 8

936

33  Financial and Bank-Specific Expertise

oversight was in general likely to result in better firm performance, with banks with “little external input to their decision-taking” having “fared materially worse than those where there was opportunity for effective challenge within the boardroom.”11 Composition of Board and Relevant Expertise The BCBS requires – without specifying any proportion – that there be “a sufficient number of independent directors” on the board to carry out its responsibilities.12 For the BCBS, the “collective suitability” of the board required the following considerations: • board members should have a range of knowledge and experience in relevant areas and have varied backgrounds to promote diversity of views. Relevant areas of competence may include, but are not limited to capital markets, financial analysis, financial stability issues, financial reporting, information technology, strategic planning, risk management, compensation, regulation, corporate governance and management skills; • the board collectively should have a reasonable understanding of local, regional and, if appropriate, global economic and market forces and of the legal and regulatory environment. International experience, where relevant, should also be considered; and • individual board members’ attitude should facilitate communication, collaboration and critical debate in the decision-making process.13

How is this translated into the board selection process? This is considered next. Board Selection Process For the BCBS, the selection process for board candidates centres on knowledge, skills, experience and independence (for non-executive directors) as well as integrity, time and good interaction with other board members: The selection process should include reviewing whether board candidates: (i) possess the knowledge, skills, experience and, particularly in the case of non-executive directors, independence of mind given their responsibilities on the board and in the light of the bank’s business and risk profile; ﴾ii) have a record of integrity and good repute; ﴾iii) have sufficient time to fully carry out their responsibilities; and ﴾iv) have the ability to promote a smooth interaction between board members.14

 Ibid, Para 2.12, p 37.  The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’), Para 48, p 13. 13  Ibid, Para 49, p 13. 14  Ibid. Para 51, p 13. 11 12

33.4  Financial Industry Expertise and Independence Trade-Off

937

33.4 Financial Industry Expertise and Independence Trade-Off The OECD Kirkpatrick Report 2009 noted that some boards had been prevented from recruiting non-executive directors with ‘high level’ financial industry expertise due to, in summary here: • candidates already working for competitors; • candidates with other directorships; and • governance code (in the US, SOX) requirements as to independence.15 But, for the Walker Review 2009, the presence of systemic risk for banks and financial firms would require a greater presence of financial industry expertise among non-executive directors than in non-banks,16 and that banks and financial firms should use the “comply and explain” feature of the UK Combined Code17 to increase financial industry expertise rather than independence: The need for financial industry expertise among NEDs on a BOFI board will be greater, the greater the prospective risk appetite of the entity and the greater the complexity of the instruments at the heart of its business. In any event, this need for a substantial leavening of financial industry experience on a BOFI board will require one or both of: adaptation of the relevant Code provision (to give greater weight to experience alongside the independence criteria), and greater readiness of boards to depart from the current independence criterion where they believe this to be appropriate.18

Indeed, the use of former executives of banks as non-executive directors was an advantage which should be explained under the comply or explain regime for independence: None of these “independence” issues necessarily call for amendment of the Combined Code. But they emphasise the responsibility of the board, where a new or continued NED appointment is judged to be in the best interest of the entity even though not in compliance with the Code independence criteria, to be ready to make the appointment and to explain why they have done so. Where such an appointment is made and a clear justification is provided, shareholders and fund managers should be expected to show a reciprocal readiness to interpret the Code flexibly.19

Relevant financial experience for non-executive directors was described: They should bring to bear sufficient familiarity with and understanding of the company’s business and the overall sensitivity of overall group outcomes to potential developments and performance in different business areas, so as to be able to contribute effectively to

 OECD Kirkpatrick Report 2009, above n 3, 22 (footnotes omitted).  Walker Review 2009, above n 8, Para 3.7, p 43. 17  See Table 6.6, UK National Corporate Governance Codes, Item 8, Enforcement/Disclosure of non-compliance with best practice, Stage 1, above n 1, p 175. 18  Walker Review 2009, above n 8, Para 3.8, p 44. 19  Ibid, Para 3.10, p 44. 15 16

938

33  Financial and Bank-Specific Expertise

strategic discussion and ultimately judgement about the likely sustainability of a strategy, the need for modification or disengagement from it or for a wholly new approach.20

While such financial experience was needed in the case of a majority of non-­ executive directors, there was still a need for diversity of “skill sets” and experience.21 Skill updating was required through training and business awareness programs.22 These were examined in Sect. 23.4 above.

33.5 Number and Time Commitment of Non-executive Directors for Audit, Remuneration and Risk Committees – Relational Effect Paths Most important for the Walker Review 2009 was that there were sufficient non-­ executive directors in number and time commitment to fill three important committees  – Audit Committee, Remuneration Committee and the Board Risk Committee23 – even if this needed to be “explained” under the independence rules under the UK Combined Code: [W]here a chair[person] and board members believe that a NED continues to make a significant contribution, possibly enhanced by the build-up of experience, there should be greater readiness to extend NED tenures beyond their three three-year terms (the so-called “nine-­ year rule”) and, if this leads to a change in the balance of the board since the NED would no longer be formally regarded as independent, boards should (as indicated in paragraph 3.10) be ready to justify and explain any imbalance that has arisen without feeling pressured to increase the size of the board.24

The Walker Review 2009 noted that the average time commitment of non-­ executive directors on UK boards was 25 days but that this needed to be increased significantly for work on committees – particularly audit – and for a more specifically focused risk function at board level.25 More time was called for on the part of the Chairs of the Audit, Remuneration and Board Risk Committees, the Chairperson and the senior independent director.26 The number of outside appointments was also examined in Stage 1.27 The increased time commitment should reduce the number of outside appointments that a non-executive director of a bank or financial firm can hold.28 Certainly the EC  Ibid, Para 3.12, p 45.  Ibid, Para 3.13, p 45. 22  Ibid. 23  Ibid, Para 3.14, p 45. The Board Risk Committee (BRC) is discussed in Chaps. 43 and 44 below. 24  Ibid. 25  Ibid, Para 3.19, p 47. 26  Ibid, Para 3.19, pp 47–48. 27  See discussion in sections 8.2.3–8.2.3.1 of Stage 1, above n 1, pp 229–232. 28  Walker Review 2009, above n 8, Paras 3.21–3.22. 20 21

33.5  Number and Time Commitment of Non-executive Directors for Audit…

939

Second Green Paper 2011 saw merit in limiting the number of outside board position of non-executive directors to enhance monitoring and supervision: Member States have sought to establish the principle that non-executive directors should dedicate sufficient time to their duties. Some Member States have gone further and recommend or limit the number of board mandates a director may hold. Limiting the number of mandates could be a simple solution to help ensure non-­ executive directors devote sufficient time to monitoring and supervising their particular companies.29

In the end, a time commitment of 30–36 days was to be expected of non-­ executives of major banks.30 But the OECD 2010 Conclusions and Practices ruled-out full-time independent directors on the ground of lack of independence, instead focusing on the number of outside board positions: The system based on part-time board members is under pressure from the burden of work especially with respect to audit, risk and remuneration committees at major financial and non-financial companies. This has led to proposals for full time, independent directors. This does not appear to be plausible, not the least objection being the contradiction between full time employment dependent on the company and independence. The question of availability might be more related to the number of directorships…Other memberships should be disclosed to shareholders.31

Non-executive Director Independence Variables from Stage 1 Relevant non-executive director variables relating to board independence established from Stage 1 are: • [AudIndInfo] (−) – Audit Committee – Independence – Information Flow and Decision Quality ‘Trade-off’, −4/50.00 rprox32; • [AudIndMon] (+)  – Audit Committee  – Independence  – Monitoring Effect, +7/87.50 rprox33; • [BrdIndInfo] (−) – Board Independent Director: Executive Director Proportion – Information Flow and Decision Quality ‘Trade-off’, −4/50.00 rprox34;

 European Commission, Green Paper, The EU Corporate Governance Framework, COM (2011) 164 final, Brussels, 5 April 2011, accessed 1 May 2017 at ec.europa.eu/internal_market/company/ docs/modern/com2011-164_en.pdf, (‘EC Second Green Paper 2011’), section 1.2, p 8. 30  Ibid, Recommendation 3, Para 3.23, p 49. 31  OECD Directorate for Financial and Enterprise Affairs, OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis, Conclusions and emerging good practices to enhance implementation of the Principles, 24 February 2010, accessed 11 May 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/44679170.pdf, (‘OECD 2010 Conclusions and Practices’), Para 59, p 21. 32  See discussion in section 8.4.3 of Stage 1, above n 1, pp 242–244. 33  Ibid. 34  See discussion in section 7.3.2.1.3 of Stage 1, above n 1, pp 212–215. 29

940

33  Financial and Bank-Specific Expertise

• [BrdIndMon] (+) – Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox35; and • [OutBrdPos] (−)  – Outside Board Positions of Independent Directors, −6/75.00 rprox.36 An increase in the number/proportion of non-executive directors on the Board and the Audit Committee is treated in the relational approach as an enhancement of the [BrdIndMon] (+) and [AudIndMon] (+) variables respectively, each with a coverage/rating of +7/87.50 rprox. NED Number and Time Commitment for Compensation/Remuneration and Risk Committees – Relational Effect Paths Corresponding variables for non-executive director number/proportion on the Compensation Committee and Board Risk Committee (BRC) track the behaviour and relational paths of the above ‘Info (−)’ and ‘Mon (+)’ variables from Stage 1. This gives rise to the new governance variables: • [BRCIndInfo] (−)  – Banks  – Board Risk Committee  – Independence  – Information Flow and Decision Quality ‘Trade-off’, −4/50.00 rprox; • [BRCIndMon] (+)  – Banks  – Board Risk Committee  – Independence  – Enhancement in Monitoring Effect, +7/87.50 rprox; • [CompIndInfo] (−) – Compensation Committee – Independence – Information Flow and Decision Quality ‘Trade-off’, −4/50.00 rprox; and • [CompIndMon] (+) – Compensation Committee – Independence – Enhancement in Monitoring Effect, +7/87.50 rprox. Section 9.2.1 of Stage 137 also introduced a factor which recurred in combination with the independence factor which appeared to affect the likelihood of earnings manipulation due to the time spent in review or number of audit committee meetings: • [AudIndFreq] (+)  – Audit Committee  – Independence in combination with Frequency of Meeting – Reduction in Earnings Manipulation Effect, +7/87.50 rprox (relational effect path in section 9.2.1 of Stage 1). The zone of effect of the [AudIndFreq] (+) variable, coverage/rating + 7/87.50 rprox, was hypothesized to be identical to the [AudIndMon] (+) and, in turn, [BrdIndMon] (+) variables, each with a coverage/rating of +7/87.50 rprox. The corresponding variables for the BRC and Compensation Committee for time spent in review or the number of BRC or Compensation Committee meetings is hypothesized to track this ‘Freq (+)’ variable from Stage 1, although their effect is in relation to enhancing risk management and/or internal monitoring rather than reducing earnings manipulation:

 See discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, above n 1, pp 208–212.  See discussion in sections 8.2.3–8.2.3.1 of Stage 1, above n 1, pp 229–232. 37  See discussion in section 9.2.1 of Stage 1, above n 1, pp 267–273. 35 36

33.6  Development, Training and Support of Non-executives and New Non-executive…

941

• [BRCIndFreq] (+) – Banks – Board Risk Committee – Independence in combination with Frequency of Meeting  – Enhancement in Risk Management and Internal Monitoring, coverage/rating + 7/87.50 rprox; and • [CompIndFreq] (+) – Compensation Committee – Independence in combination with Frequency of Meeting  – Enhancement in Internal Monitoring, +7/87.50 rprox.

33.6 Development, Training and Support of Non-executives and New Non-executive Director Mentoring by Senior Executives Taking the themes in Sects. 23.4, 26.5 and 29.1 into account, the Walker Review 2009s first recommendation was that non-executive directors be provided with induction, training and development to meet the needs of bank and financial firm boards and this should be reviewed annually: [A] substantive personalised approach to induction, training and development to be reviewed annually with the chair[person]. Appropriate provision should be made similarly for executive board members in business areas other than those for which they have direct responsibility.38

The Review favoured mentoring of new non-executive directors – by a senior executive  – supplemented with external programs in specific areas such as risk management.39 The Review suggested that boards provide support to non-executives through the company secretarial function: [T]hrough installation of a dedicated resource under the group secretary – which can also coordinate arrangements for induction and training. Where the group secretariat is the focal point for such support, adequate resourcing in terms of available time commitment and capability will be required.40

The BCBS also emphasises director knowledge and skill through induction programmes, ongoing training and both internal and external resources, but additional guidance is provided for those without relevant financial experience: In order to help board members acquire, maintain and enhance their knowledge and skills, and fulfil their responsibilities, the board should ensure that members participate in induction programmes and have access to ongoing training on relevant issues which may involve internal or external resources. The board should dedicate sufficient time, budget and other resources for this purpose, and draw on external expertise as needed. More extensive efforts

 Walker Review 2009, above n 8, Recommendation 1, Para 3.16, p 46.  Ibid, Para 3.16, p 46. 40  Ibid, Para 3.18, p 47. 38 39

942

33  Financial and Bank-Specific Expertise

should be made to train and keep updated those members with more limited financial, regulatory or risk-related experience.41

In Sect. 23.4 of this Stage 2 above, the relational approach established governance variables for NED induction, training, development programs, ‘dedicated support’ and financial industry awareness based on the recommendations of the Walker Review 2009 and giving rise to five governance variables, all tied to the independent nature of the bank’s NEDs: • [BankNEDInduct] (+) variable – banks – induction of non-executive directors – enhancement of monitoring effect – coverage/rating + 7/87.50 rprox; • [BankNEDTrain] (+) variable – banks – training of non-executive directors – enhancement of monitoring effect – coverage/rating + 7/87.50 rprox; • [BankNEDDevelopProg] (+) variable  – banks  – development programs for non-executive directors  – enhancement of monitoring effect  – coverage/rating + 7/87.50 rprox; • [BankNEDSupport] (+) variable  – banks  – ‘dedicated support’ for non-­ executive directors for information and advice in addition to the normal board process  – enhancement of monitoring effect  – coverage/rating  +  7/87.50 rprox; and • [BankNEDFinAwareProg] (+) variable  – banks  – development programs for financial industry awareness of non-executive directors on risk strategy and management – enhancement of monitoring effect – coverage/rating + 7/87.50 rprox. The relational effect paths of these variables are hypothesized to be identical to the [BrdIndMon] (+) variable giving rise to a coverage/rating for these variables of +7/87.50 in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). In addition, the Walker Review 2009’s recommendation for mentoring of new non-executive directors by senior executives suggests a further governance variable for non-executive directors with a relational effect path hypothesized to be identical to the [BrdIndMon] (+) variable and the [BrdSkills] (+) variable, again both with a coverage/rating of +7/87.50 rprox. Again, the mentoring of the non-executive director enhances the quality of risk management and monitoring (Risk Management, Monitoring & Audit Factor No 5) derived from the independence element in the [BrdIndMon] (+) variable. Alternatively, it may be considered as an enhancement of the quality of decision-making (Decision-making Factor No 7) on account of bank-specific skills and knowledge: • [BankNEDMentor] (+)  – Banks  – Mentoring of Non-Executive Directors by Senior Executives  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox.

41

 BCBS Guidelines 2015, above n 12, Para 55, p 14.

33.7  The Senior Independent Director

943

This gives rise to a coverage/rating for the [BankNEDMentor] (+) variable of +7/87.50 in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

33.7 The Senior Independent Director Hitherto not considered in the relational approach in Stage 1, the Walker Review 2009 considered the role of the ‘Senior Independent Director’ (SID). The SID is a “sounding board” for the Chairperson and a conduit or intermediary for the non-­ executive directors.42 The need or use of the SID appears to be in difficult circumstances, such as an overbearing CEO who stifles enquiry and challenge: Given the inevitable tendency toward collegiality in boards, but which ceases to be healthy where excessive deference to colleagues, in particular the CEO, stifles critical enquiry and challenge, the SID should be the potentially negative charge on the board.43

The use of the SID also contemplates tension in the relationship between Chairperson and CEO, closeness of the Chairperson and CEO stifling the challenge and contribution of non-executive directors and where the Chairperson does not take action to effect change on an ineffective board.44 Recommendation 11 also provides for shareholder access to the SID “in the event that communication with the chair[person] becomes difficult or inappropriate”.45 So, for the Stage 2 relational approach, the SID is a ‘strong form’ monitoring version of the non-executive director: • [BankNEDSID] (+) – Banks – Non-Executive Directors – Senior Independent Director – Enhancement of Monitoring Effect – coverage/rating + 7/87.50 rprox. The behaviour of the [BankNEDSID] (+) variable is hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/rating  +  7/87.50 rprox, which in turn is identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, again with a coverage/rating of +7/87.50 rprox. In this case, the enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient of non-executive directors. Thus, the effect of the [BankNEDSID] (+) governance variable is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of this ‘strong form’ independence ingredient. Thus, like the [BrdIndMon] (+) variable and the [BrdSkills] (+) variable, the [BankNEDSID] (+) governance variable

 Walker Review 2009, above n 8, Para 4.28, p 62. See also Recommendation 11, p 63.  Ibid, Para 4.28, p 62. 44  Ibid, Para 4.27, p 62 45  Ibid, Recommendation 11, Para 4.29, p 63. 42 43

944

33  Financial and Bank-Specific Expertise

affects all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 1). This equates to a coverage/rating of +7/87.50 rprox for the [BankNEDSID] (+) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

Chapter 34

Role, Responsibilities and Time Commitment for the Chairperson

Abstract  Chapter 34 examines the role, responsibilities and time commitment for the Chairperson. We begin by reviewing the division in CEO/Chairperson roles from Stage 1 and the OECD recommendations in Stage 2. There follows discussion of agenda items, access to information and promoting alternative views. Moving further into the Chapter, we examine outside meetings for non-executive directors, CEO entrenchment, time commitment for the Chairperson and demarcation of the Chairperson and the CEO. Chapter 34 concludes with the conditions and criteria for the Chairperson and annual election. Keywords  Chairperson · Role of Chairperson · Responsibilities · Time commitment · Division in CEO/Chairperson roles · Agenda items · Access to information · Outside meetings for NEDs · Conditions and criteria for Chairperson

The ASX Principles and Recommendations Fourth Edition envisage that the Chairperson will be: • responsible for leading the board; • facilitating the effective contribution of all directors; • promoting constructive and respectful relations between directors and between the board and management; [and] • will also usually be responsible for approving board agendas and ensuring that adequate time is available for discussion of all agenda items, including strategic issues.1

 Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition, February 2019, accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-principles-and-recommendationsfourth-­edn.pdf (‘2019ASX’), Commentary to Rec 1.1, p 7(format altered). 1

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_34

945

946

34  Role, Responsibilities and Time Commitment for the Chairperson

34.1 Division in CEO/Chairperson Roles from Stage 1 and OECD Recommendations in Stage 2 In Stage 1, ‘division’ in the CEO and Chairperson’s roles was examined in section 8.6.2 The relational approach there explained the potential problem with ‘duality’: Indeed, the governance effects of combining these roles appear to be opposing and requiring a balancing of the improvements in the quality of board decision-making which inside/ specific knowledge of the firm brings on the one hand with possible deficiencies in the quality of the monitoring of management on the other. In this respect, Weir, Laing and McKnight explain the opposing arguments in the case of CEO and chairperson ‘duality’: [t]he potential advantage…is that they should exhibit a greater understanding and knowledge of the company’s operating environment. In contrast, Fama and Jensen (1983) argue that boards dominated by inside directors are more difficult to control, a situation that would clearly apply to duality.3

Stage 1 thus assigned a dual-direction marker to: • [DualTrade] (+/−)  – Duality of CEO/Chair positions  – Monitoring and Decision-­Quality ‘Trade-off’, coverage/rating +/−7/87.50 (relational effect path in section 8.6.2 of Stage 1). [DualTrade] (+/−) has an identical relational effect path to [BrdIndMon] (+)4 but with a dual-direction marker (+/−) which equates to a coverage/rating of +/−7/87.50 rprox. However, [DualTrade] (+/−) is not based on the independence ingredient of non-executive directors but, instead, inside or specific knowledge of the firm: Of course, the two governance variables depict a different facet to the aspect of decision-­ making quality (Decision-making Factor No 7). [BrdIndMon] (+) is concerned with enhancing decision quality by the application of the more impartial judgment that independence is said to bring. The [DualTrade] (+/-) variable also concerns enhancing

 Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in section 8.6 of Stage 1, pp 251–256. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 3  Ibid, section 8.6.1 of Stage 1, pp 251–252 citing C Weir, D Laing and P J McKnight, ‘An Empirical Analysis of the Impact of Corporate Governance Mechanisms on the Performance of UK Firms”, accessed 4 March 2015 at SSRN: http://ssrn.com/abstract=286440, 7. The authors cite Eugene F Fama and Michael C Jensen, ‘Separation of Ownership and Control’ (1983) 26 Journal of Law and Economics 301–49. 4  Board Independent Director: Executive Director Proportion – Monitoring Effect – see discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, above n 2, pp 208–212. 2

34.2  Agenda Items, Access to Information and Promoting Alternative Views

947

d­ecision-­making  – but by the application of judgment more familiar with the firm’s operations, particularly where those operations are highly specialised or cannot be externally verified.5

However, further to recommendations in the OECD Key Findings 2009 and the OECD 2010 Conclusions and Practices in Sect. 26.3 above,6 the following variables assume a separation in the CEO/Chair positions. Indeed, the OECD 2010 Conclusions and Practices give a warning on account of ‘duality’: It is important for the Chair of the board to play a key role in ensuring an effective board by setting the agenda and ensuring that the board tackles the most important issues, whether it is on strategy, risk, management succession, ethics or relations with shareholders. When the roles of CEO and the Chair are not separated, it is important in larger, complex companies to explain the measures that have been taken to avoid conflicts of interest and to ensure the integrity of the chairman function.7

Thus the Stage 2 relational approach will assume that the Chairperson is a non-­ executive as recommended by the Walker Review 20098 and therefore construct “NEChair”-prefix variables based on the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/rating + 7/87.50 rprox.

34.2 Agenda Items, Access to Information and Promoting Alternative Views Agenda Items and Access to Information Following on from the discussion of encouraging challenge and testing in Sect. 23.1 above, the Chairperson should provide for time and priority of agenda items by promoting alternative views or outcomes through documentation and presentation of items.9 Recommendation 9 of the Walker Review 2009 provided in part that: The chairman should facilitate, encourage and expect the informed and critical contribution of the directors in particular in discussion and decision-taking on matters of risk and strategy and should promote effective communication between executive and non-executive

 See discussion in section 8.6.2 of Stage 1, above n 2, p 254.  See discussion in Sect. 26.3 of this Stage 2 citing OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis: Key Findings and Main Messages, June 2009, approved for publication 29 May 2009, accessed 12 April 2017 at www.oecd.org/corporate/ca/ corporategovernanceprinciples/43056196.pdf, (‘OECD Key Findings 2009’), p  46 and OECD Directorate for Financial and Enterprise Affairs, OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis, Conclusions and emerging good practices to enhance implementation of the Principles, 24 February 2010, accessed 11 May 2017 at www.oecd. org/corporate/ca/corporategovernanceprinciples/44679170.pdf, (‘OECD 2010 Conclusions and Practices’), p 17. 7  OECD 2010 Conclusions and Practices, ibid., Para 49, p 19. 8  David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), Para 4.19, p 58. 9  Ibid, Para 4.15, p 56. 5 6

948

34  Role, Responsibilities and Time Commitment for the Chairperson

directors. The chairman is responsible for ensuring that the directors receive all information that is relevant to discharge of their obligations in accurate, timely and clear form.10

The discussion therefore raises two ‘Chair’ variables based on the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1 with a coverage/rating of +7/87.50 rprox. The first represents the agenda-setting function of the Chair: • [NEChairAgenda] (+)  – Banks  – Non-Executive Chair  – Agenda-Setting Function and Time for Deliberation – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox. As noted by the OECD 2010 Conclusions and Practices, the agenda-setting function relevant to this variable is extensive and covers matters including: • • • • •

strategy; risk; management succession; ethics; and relations with shareholders.

The second variable represents measures for the access of information to all directors: • [NEChairAccess] (+) – Banks – Non-Executive Chair – Access of Information to All Directors  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox. The behaviours of the [NEChairAgenda] (+) variable and the [NEChairAccess] (+) variable are hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/rating + 7/87.50 rprox which in turn is identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, again with a coverage/rating of +7/87.50 rprox. In this case, the enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient of the Chair as a non-executive which is enhanced in the absence of ‘duality’. This equates to a coverage/rating of +7/87.50 rprox for the [NEChair Agenda] (+) variable and the [NEChairAccess] (+) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Outside Meetings for Non-executive Directors The Walker Review 2009 also called for more meetings for non-executive directors in the absence of executives before and after main board meetings.11 The discussion therefore raises the following variable: • [NEChairNEDMeet] (+) – Banks – Non-Executive Chair – Meetings for Non-­ Executive Directors in Absence of Executive Directors  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox. The behaviour of the [NEChairNEDMeet] (+) variable is hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/ 10 11

 Ibid, Recommendation 9, p 60.  Ibid. Para 4.15, p 56.

34.2  Agenda Items, Access to Information and Promoting Alternative Views

949

rating + 7/87.50 rprox, which in turn is identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, again with a coverage/rating of +7/87.50 rprox. In this case, the enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient which is enhanced  – in the absence of ‘duality’ – by the number of meetings and/or the time in deliberation in the absence of executive directors. This equates to a coverage/rating of +7/87.50 rprox for the [NEChairNEDMeet] (+) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). CEO Entrenchment The Walker Review 2009 also warned that the “embedding of authority” of the CEO may require the Board to remove the CEO as, ultimately, a responsibility of the Chairperson: The CEO will need to establish and maintain his authority in the company – and failure to do so may mean that he or she is not up to the job. But if the embedding of authority, perhaps based on some early success or reputation, makes the CEO become effectively unchallengeable (and possibly a control freak), the CEO will be a major source of risk and will probably need to be removed. Albeit with the support of the board, this would be a matter ultimately for the chairman.12

The discussion therefore raises the following variable: • [NEChairRemoveCEO] (+)  – Banks  – Non-Executive Chair  – Removal of CEO with Support of Board – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox. This new variable is consistent with the [BrdIndMon] (+) variable in Stage 1, coverage/rating + 7/87.50 rprox, where the relational approach observed in relation to ‘CEO turnover’ that more independent directors are more likely to dismiss the CEO in times of falling profitability.13 Thus, the behaviour of the [NEChairRemoveCEO] (+) variable is hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/rating + 7/87.50 rprox, which in turn is identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, again with a coverage/rating  +  7/87.50 rprox. In this case, the enhancement of the monitoring of the CEO, executives and management – evidenced by removal/turnover of the CEO – is based on the independence ingredient which is again enhanced in the absence of ‘duality’. This equates to a coverage/rating of +7/87.50 rprox for the [NEChair RemoveCEO] (+) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Time Commitment for Chairperson Ultimately, the Walker Review 2009 considered that a Chairperson should commit two-thirds of his or her time to a major bank with priority given to this role in case

12 13

 Ibid, Para 4.16, p 57.  See discussion in section 7.3.2.1.1 of Stage 1, above n 2, pp 208–209.

950

34  Role, Responsibilities and Time Commitment for the Chairperson

of a critical situation.14 Despite the increased time commitment, a Chairperson should remain a non-executive.15 The BCBS Guidelines 2015 require that the chairperson give “sufficient time” to his or her responsibilities without giving a time proportion.16 Here, for the enhancement of monitoring of the CEO, executives and management, the relational approach will adopt the ‘two-thirds’ time commitment as a minimum. The discussion therefore raises the following variable based on the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1 with a coverage/rating of +7/87.50 rprox: • [NEChairTwoThirds] (+) – Banks – Non-Executive Chair – Proportion of Time Commitment (Minimum)  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox. Given the time stipulation, this variable is consistent with the [OutBrdPos] (−) variable  – Outside Board Positions of Independent Directors  – in sections 8.2.3–8.2.3.1 of Stage 1.17 Thus, the behaviour of the [NEChairTwoThirds] (+) variable is hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/rating + 7/87.50 rprox, which in turn is identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, again with a coverage/rating of +7/87.50 rprox. In this case, the enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient (again enhanced in the absence of ‘duality’) which is enhanced by increases in the time commitment and deliberation of the non-executive Chair. This equates to a coverage/rating of +7/87.50 rprox for the [NEChairTwoThirds] (+) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Demarcation of Chairperson and CEO A warning accompanies the preceding [NEChairTwoThirds] (+) variable  – the OECD 2010 Conclusions and Practices noted that, while the Chairperson role was substantial in terms of time, this could involve a demarcation issue with the CEO: An issue of potentially wider importance has also been raised by the Walker Report: the time commitment of board chairmen is likely to be substantial and this could involve unclear demarcation with the CEO. To address this problem, some best practice guidelines recommend that the chair should not be a full-time employee of the company and that boards should develop terms of reference for key positions, including the chair and CEO roles.18

 Walker Review 2009, above n 8, Para 4.18 and Recommendation 7, pp 57–58.  Ibid, Para 4.19, p 58. 16  The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’), Para 61, p 61. 17  See discussion in sections 8.2.3–8.2.3.1 of Stage 1, above n 2, pp 229–232. 18  OECD 2010 Conclusions and Practices, above n 6, Para 48, p 18. 14 15

34.2  Agenda Items, Access to Information and Promoting Alternative Views

951

Thus, to avoid demarcation disputes, the relational approach adopts as a variable the OECD recommendation that terms of reference be developed and used for the position of Chairperson based on the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1 with a coverage/rating of +7/87.50 rprox: • [NEChairTermsofRef] (+) – Banks – Non-Executive Chair – Terms of Reference for Chair Position  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox. Given the terms of reference, this variable is consistent with avoiding CEO/Chair ‘duality’ in Sect. 34.1 above. In other words, failure to adhere to the terms of reference – or to make an appropriate demarcation – will raise the spectre of the four duality variables from Stage 1: • [DualEarn] (−)  – Duality of CEO/Chair Positions  – Probability of Earnings Manipulation, coverage/rating − 7/87.50 rprox (relational effect path in section 9.2.1.1.3 of Stage 1); • [DualTrade] (+/−)  – Duality of CEO/Chair Positions  – Monitoring and Decision-­ Quality ‘Trade-off’, coverage/rating +/− 7/87.50 rprox (relational effect path in section 8.6.2 of Stage 1); • [DualDismiss] (−)  – Duality of CEO/Chair Positions  – CEO Dismissal Probability, coverage/rating  −  7/87.50 rprox (relational effect path in section 8.6.3 of Stage 1); and • [DualStrat] (−) – Duality of CEO/Chair Positions – CEO Effect on Strategic Decision-Making, coverage/rating − 4/50.00 rprox (relational effect path in section 8.6.3 of Stage 1). Thus, the behaviour of the [NEChairTermsofRef] (+) variable is hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/rating + 7/87.50 rprox, which in turn is identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, again with a coverage/rating of +7/87.50 rprox. In this case, the enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient which is enhanced by avoiding ‘duality’ through adherence to the terms of reference of the non-executive Chair. This equates to a coverage/rating of +7/87.50 rprox for the [NEChairTermsofRef] (+) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Conditions and Criteria for Chairperson In the end, for the Walker Review 2009, two “desirable conditions”19 and two “necessary criteria”20 summed-up the qualifications for the Chairperson as follows. The two conditions were “abilities to lead the board and to draw on substantial relevant financial industry experience, preferably…from an earlier senior executive role in

19 20

 Walker Review 2009, above n 8, Para 4.20, p 58.  Ibid, Para 4.21, pp 58–59.

952

34  Role, Responsibilities and Time Commitment for the Chairperson

banking.”21 But the necessary criteria trumped the desirable conditions – a need for “proven senior boardroom capability” and “wholly exceptional experience of leadership” in the absence of financial industry experience: But two “necessary criteria”, harder than the “desirable conditions”, deserve emphasis. First, while relevant financial industry experience is very desirable, a candidate with such experience but who does not bring proven senior boardroom capability – possibly as a SID [Senior Independent Director], chairman of a board committee or a CEO – is unlikely to succeed. Second, a candidate without substantial relevant financial industry experience will need to be able to demonstrate wholly exceptional experience of leadership in another major board situation (or situations) sufficient to compensate for the deficiency in financial industry experience.22

The Walker Review 2009 discussion therefore raises the following four variables for the Stage 2 relational approach based on the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1 with a coverage/rating of +7/87.50 rprox: • [NEChairLeader] (+)  – Banks  – Non-Executive Chair  – Board Leadership Skills – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [NEChairBankExper] (+) – Banks – Non-Executive Chair – Level of Banking Industry Experience (High) – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [NEChairSnrBrdCapable] (+)  – Banks  – Non-Executive Chair  – Senior Boardroom Capability as Senior Independent Director, Committee Chair or CEO – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; and • [NEChairNonBankLeader] (+)  – Banks  – Non-Executive Chair  – Level of Non-Financial Industry Leadership in Absence of Banking Experience (‘Exceptional’)  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox. The behaviours of these variables are hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/rating + 7/87.50 rprox, which in turn is identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, again with a coverage/rating of +7/87.50 rprox. In this case, the enhancement of the monitoring of the CEO, executives and management is based on the independence element of non-executive directors in combination with, respectively (and in the absence of ‘duality’): • board leadership skills; • high or significant/substantial banking industry experience; • senior boardroom capability as Senior Independent Director, Committee Chair or CEO; and • ‘exceptional’ non-financial industry leadership in the absence of banking experience. This equates to a coverage/rating of +7/87.50 rprox for these “NEChair” prefix variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). 21 22

 Ibid, Para 4.20, p 58. See also Recommendation 8, p 60.  Ibid, Para 4.21, pp 58–59. See also Recommendation 8, p 60.

34.2  Agenda Items, Access to Information and Promoting Alternative Views

953

Annual Election for Chairperson The Walker Review 2009 also recommended “election on an annual basis” for the Chairperson of a bank or financial organisation23 but recommended against this for all board members as this “might be seen as setting such accountability in too short a timeframe”.24 However, the Review suggested boards should “keep under review the possibility of transitioning to annual election of all board members”.25 Here, the Stage 2 relational approach is to avoid the independence of the Chair declining over time: • [NEChairAnnualElect] (+) – Banks – Non-Executive Chair – Annual Election of Chairperson, coverage/rating + 7/87.50 rprox. This new variable is consistent with the [BrdIndMon] (+) variable in section 7.3.2.1.1 of Stage 1, coverage/rating + 7/87.50 rprox, where the relational approach noted the observations of Weisbach and Hermalin in relation to ‘CEO turnover’ that “board independence declines over the course of a CEO’s tenure”.26 Thus, the behaviour of the [NEChairAnnualElect] (+) variable is hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/rating + 7/87.50 rprox, which in turn is identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, again with a coverage/rating  +  7/87.50 rprox. In this case, the enhancement of the monitoring of the CEO, executives and management is based on ‘sustaining’ or ‘refreshing’ the independence ingredient of the non-executive Chair over the time of the CEO’s tenure. This equates to a coverage/rating of +7/87.50 rprox for the [NEChairAnnual Elect] (+) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

 Ibid, Recommendation 10, p 62.  Ibid, Para 4.25, p 61. 25  Ibid, Recommendation 10, p 62. 26  See discussion in section 7.3.2.1.1 of Stage 1, above n 2, p 209 citing M S Weisbach and B E Hermalin, ‘Boards of Directors as an Endogenously Determined Institution: A Survey of the Economic Literature’ (15 June 2000), accessed 3 March 2015 at SSRN: http://ssrn.com/ abstract=233111, 9–10. 23 24

Chapter 35

Size and Composition of the Board

Abstract Chapter 35 of the Stage 2 Key Code and Advanced Handbook examines the size and composition of the board. This begins with the proportion of executive and non-executive directors on the board. We then move to some evaluation/review variables – evaluation of the board and board renewal. In particular, we examine the board review of performance for the board and committees and renewal of the board including the ASX board and executive review variables. There follows an evaluation statement of the skills and experience of the board, communication with major shareholders and cooperation of the board and committees including the agenda-setting function. Keywords  Size of board · Composition of board · Proportion of executive and non-executive directors · Evaluation of the board and board renewal · Board review of performance for board and committees · ASX board and executive review · Evaluation statement of skills and experience of board · Communication with major shareholders · Agendas

35.1 Proportion of Executive and Non-executive Directors on the Board The Walker Review 2009 opined that there was no general rule for “optimum board size” and made no recommendation in that respect.1 However, there was concern that boards should not concentrate their executive presence in only the CEO and CFO – suggested as happening in the US, Canada and Australia – as this may harm information flow and “constructive challenge”:

 David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), Para 3.2, p 41.

1

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_35

955

956

35  Size and Composition of the Board

Argument in support of the UK model includes, in particular, concern that a board in which the CEO and possibly the Chief Finance Officer (CFO) are the only executive members puts the CEO in an unduly strong position in controlling information flow to and from the board, materially increasing vulnerability to overdependence on one individual on major strategy and risk issues. This vulnerability will be amplified still further in a situation in which the style and entrenchment of the CEO blocks the possibility of constructive challenge from within the executive team. But recent experience of cataclysmic outcomes encountered by boards on both sides of the Atlantic does not point to any particular board composition as consistently preferable.2

Similar problems could arise where “major business unit heads” concentrated executive presence: [T]he stronger the executive presence in any board, whether as one dominant individual as CEO (possibly flanked by the CFO) or through participation by major business unit heads, the greater the risk that overall board decisions come to be unduly influenced by what has been described as “executive groupthink” (see also Annex 4). It will accordingly be a high priority for a chair[person] to ensure that there is open debate and challenge within both the executive team and the whole board, which should not be dominated by a single voice.3

For the Stage 2 relational approach, this discussion gives rise to concerns about the quality of information flowing to the board through the CEO (and CFO if the only other executive board member). The hypothesized result is that ‘bank-specific’ and ‘manager-specific’ information is filtered or withheld in an echo of the [BrdIndInfo] (−) variable4 examined in section 7.3.2.1.3 of Stage 1 and Sect. 26.2 of Stage 2, with a coverage/rating of –4/50.00 rprox. In the case of that variable, Adams and Ferreira found that “independent boards monitor more intensively” with the result that “the CEO will not communicate firm specific information to a board which is too independent”.5 Here, a similar withholding or filtering of information is contemplated, this time as a result of the ‘control’ exercised by a CEO who is the sole executive board member. Thus, this gives rise to the following variable based on the [BrdIndInfo] (−) variable examined in section 7.3.2.1.3 of Stage 1 with a coverage/rating of −4/50.00 rprox:

 Ibid, Para 3.4, p 42.  Ibid, Para 3.5, p 42. 4  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See Board Independent Director: Executive Director Proportion  – Information Flow and Decision Quality ‘Trade-off. See discussion in section 7.3.2.1.3 of Stage 1, pp 212–215. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. Board Independent Director: Executive Director Proportion – Information Flow and Decision Quality ‘Trade-off. 5  Renee B Adams and Daniel Ferreira, ‘A Theory of Friendly Boards’ (2007) 62(1) Journal of Finance 217–50, available at SSRN: http://ssrn.com/abstract=866625,2. 2 3

35.2  Evaluation of the Board, Board Renewal and Communication with Major…

957

• [BankBrdCEOSoleInfo] (−)  – Banks  – Board of Directors  – CEO is Sole Executive Board Member – Information Flow and Decision Quality ‘Trade-off’, coverage/rating − 4/50.00 rprox. As noted above, this variable is also operative where, in addition to the CEO, the CFO is the only other executive board member and/or where executive board members are ‘major business unit heads’ as contemplated by the Walker Review 2009 above. In the case of the [BankBrdCEOSoleInfo] (−) variable, again a deficiency of knowledge on the part of non-executive directors – this time on account of dependency on the CEO as the sole executive board member and difficulties with access to information and ‘constructive challenge’ – causes a similar reduction in the quality or effectiveness of the Decision-making Factor No 7 as occurs in the [BrdIndInfo] (−) variable, with a coverage/rating of −4/50.00 rprox. Thus, the relational effect path of the [BankBrdCEOSoleInfo] (−) variable is hypothesised to have an identical relational effect path to the [BrdIndInfo] (−) variable examined in section 7.3.2.1.3 of Stage 1. This gives rise to a coverage/rating for the [BankBrdCEOSoleInfo] (−) variable of −4/50.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

35.2 Evaluation of the Board, Board Renewal and Communication with Major Shareholders Board performance assessments and board renewal are set out in APRA’s Prudential Standard CPS 510 Governance.6 The provisions provide: 44. The Board of a locally incorporated APRA-regulated institution must have procedures for assessing, at least annually, the Board’s performance relative to its objectives. It must also have in place a procedure for assessing, at least annually, the performance of individual directors.7 45. The Board of a locally incorporated APRA-regulated institution must have in place a formal policy on Board renewal. This policy must provide details of how the Board intends to renew itself in order to ensure it remains open to new ideas and independent thinking, while retaining adequate expertise. The policy must give consideration to whether directors have served on the Board for a period that could, or could reasonably be perceived to, materially interfere with their ability to act in the best interests of the institution. The policy must include the process for appointing and removing directors, including the factors that will determine when an existing director will be re-appointed.8

 Australian Prudential Regulation Authority, Prudential Standard CPS 510 Governance, July 2019, accessed 22 September 2019, available at: https://www.legislation.gov.au/Details/ F2019L00662/Download (‘CPS 510’), sections 44–45, pp 11–12. 7  Ibid, section 44, pp 11–12. 8  Ibid, section 45, p 12. 6

958

35  Size and Composition of the Board

35.3 Board Review of Performance for Board and Committees and Renewal of Board The Walker Review 2009 called for greater “rigour and disclosure” in the case of evaluation of board and committee performance.9 In an annual internal review, director views critical of the board’s processes, chairperson, CEO or other directors should be anonymous through the use of an external facilitator, the company secretary or general counsel to prepare a “reporting document” raising these issues.10 The Review also recommended an external review every second or third year: Where a board is ready to commit time and effort to an external review process, it seems clear that a qualified external reviewer can make a substantial critical input so that the overall review process becomes a catalyst for board awareness and improvement in the areas identified in the review – which are likely to include strategic development and risk management, board composition and individual contributions, levels of board process and support and the effectiveness of delegated committees.11

The evaluation should be “a dedicated section of the chair[person]’s statement or as a separate section of the annual report.”12 The OECD 2010 Conclusions and Practices also favoured board evaluation for improving board performance: Anecdotal evidence (e.g. interviews with chair[persons]) indicates that when conducted in a robust professional manner, board evaluation can be an effective tool to improve board performance. It provides an opportunity for board members to set collective and individual goals and subsequently measure their performance against them in a constructive and reflective manner. In addition, the use of an external facilitator can improve board evaluation by bringing an objective perspective and sharing best practices from other organisations.13

The OECD 2010 Conclusions and Practices concluded that there should be ongoing access to training programs for board members and periodic external evaluations with the results disclosed to shareholders.14 Access to induction, training and development programs were examined in Sect. 23.4 of Chap. 23 above. In Stage 1, the relational approach examined the board review governance variable. The [BrdReview] (+) (Board  – Annual Review) variable was ascribed a

 Walker Review 2009, above n 1, Para 31, pp 63–64.  Ibid, Para 4.31, p 64. 11  Ibid, Para 4.32, p 64. See also Recommendation 12, p 65 12  Ibid, Recommendation 12, p 65. 13  OECD Directorate for Financial and Enterprise Affairs, OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis, Conclusions and emerging good practices to enhance implementation of the Principles, 24 February 2010, accessed 11 May 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/44679170.pdf, (‘OECD 2010 Conclusions and Practices’), Para 52, pp 19–20. 14  Ibid. 9

10

35.3  Board Review of Performance for Board and Committees and Renewal of Board

959

relational proximity rating of +7/87.50 rprox.15 The [BrdReview] (+) variable is a ‘strong-form’ of the [BrdIndMon] (+) variable, also with a coverage/rating of +7/87.50 rprox: The term ‘strong-form’ here means that the monitoring effect of the variable is greater or more escalated than in the case of the [BrdIndMon] (+) variable. This is because [BrdReview] (+) concentrates on the monitoring or supervision ([Risk Management,] Monitoring & Audit Factor No. 5) of the board itself while the monitoring function of [BrdIndMon] (+) is applied to all levels of the company which is an expansive area. Having a stronger or more concentrated monitoring effect than [BrdIndMon] (+), it therefore has a positive directional marker identical to that for [BrdIndMon] (+) and with an identical relational effect path.16

For the content of a review variable for bank boards, the BCBS also requires that the board carry out such reviews (although these are described as “regular” without specifying the interval) so that board member suitability is assessed annually and that external experts are an option to assist in the review: To support its own performance, the board should carry out regular assessments – alone or with the assistance of external experts – of the board as a whole, its committees and individual board members. The board should: • periodically review its structure, size and composition as well as committees’ structures and coordination; • assess the ongoing suitability of each board member periodically ﴾at least annually), also taking into account his or her performance on the board; • either separately or as part of these assessments, periodically review the effectiveness of its own governance practices and procedures, determine where improvements may be needed, and make any necessary changes; and • use the results of these assessments as part of the ongoing improvement efforts of the board and, where required by the supervisor, share results with the supervisor.17

The EC Second Green Paper 2011 also addressed board evaluation with a board review to be annual and the use of an “external facilitator (e.g. every third year).”18 APRA’s CPS 510 and the reviews and reports above give rise to the following variables for the relational approach identical in behaviour and relational effect path to the [BrdReview] (+) variable in section 7.3.2.1.2 of Stage 1 with a coverage/rating of +7/87.50 rprox. These variables are thus also ‘strong-forms’ of the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1 with a coverage/rating of +7/87.50 rprox: • [BankBrdReview] (+)  – Banks  – Board of Directors  – Annual Review  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox;  See discussion in section 7.3.2.1.2 of Stage 1, above n 4, p 211.  Ibid. 17  The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’), Para 59, p 15. 18  European Commission, Green Paper, The EU Corporate Governance Framework, COM (2011) 164 final, Brussels, 5 April 2011, accessed 1 May 2017 at ec.europa.eu/internal_market/company/ docs/modern/com2011-164_en.pdf, (‘EC Second Green Paper 2011’), section 1.3, p 8. 15 16

960

35  Size and Composition of the Board

• [BankBrdExtRev] (+)  – Banks  – Board of Directors  – Board Review with External Experts (Every 2 or 3 Years) – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [510BrdReviewAnnualObjectivesReview] (+) – CPS 510BrdReview – Board of Directors – Annual Review of Board Performance Relative to Objectives – Enhancement of Monitoring Effect, coverage/rating  +  7/87.50 rprox (APRA CPS 510);19 • [510BrdReviewAnnualIndivDirReview] (+) – CPS 510BrdReview – Board of Directors  – Annual Review of Performance of Individual Directors  – Enhancement of Monitoring Effect, coverage/rating  +  7/87.50 rprox (APRA CPS 510);20 • [510BrdReviewBrdRenewalPolicy] (+)  – CPS 510BrdReview  – Board of Directors  – Formal Policy for Board Renewal  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox (APRA CPS 510),21 including: –– remaining open to new ideas and independent thinking; –– retaining expertise; –– “whether directors have served on the Board for a period that could, or could reasonably be perceived to, materially interfere with their ability to act in the best interests of the institution”; and –– “the policy must include the process for appointing and removing directors, including the factors that will determine when an existing director will be re-appointed”.22 Thus, the relational effect path of these variables – like [BrdReview] (+) with a coverage/rating of +7/87.50 rprox – is hypothesized to have an identical relational effect path to a ‘strong-form’ of the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1. This gives rise to a coverage/rating for these variables of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). ASX Board and Executive Review For ASX Listed Entities, the ASX Principles and Recommendations Fourth Edition23 give rise to the following variables for the relational approach identical in behaviour and relational effect path to the [BrdReview] (+) variable in section 7.3.2.1.2 of Stage 1 with a coverage/rating of +7/87.50 rprox. These variables are thus also ‘strong-forms’ of the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1 with a coverage/rating of +7/87.50 rprox:

 CPS 510, above n 6, section 44, pp 11–12.  Ibid. 21  Ibid, section 45, p 12. 22  Ibid. 23  Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition, February 2019, accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-principles-and-recommendationsfourth-­edn.pdf (‘2019ASX’). 19 20

35.3  Board Review of Performance for Board and Committees and Renewal of Board

961

• [2019ASXBrdCmIndivReview] (+)  – 2019ASXBrd  – Board  – Have and Disclose Periodic Review for Board, Committees and Individual Directors24 – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating + 7/87.50 rprox (2019ASX); • [2019ASXDisclosePerformEval] (+)  – 2019ASX  – Board  – Disclosure of Performance Evaluation for Each Reporting Period25  – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating + 7/87.50 rprox (2019ASX); • [2019ASXReviewExtFacilitate] (+) – 2019ASX – Board – Periodic Reviews by External Facilitators26 – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-­ making – coverage/rating + 7/87.50 rprox (2019ASX); • [2019ASXReviewChair] (+)  – 2019ASX  – Board  – Performance Review of Chair by Deputy Chair or Senior Independent Director27 – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating + 7/87.50 rprox (2019ASX); • [2019ASXSnrExecReview] (+)  – 2019ASX  – Board  – Have and Disclose Periodic Review for Senior Executives at Least Once Per Reporting Period28 – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating + 7/87.50 rprox (2019ASX); and • [2019ASXSnrExecDisclosePerformEval] (+) – 2019ASX – Board – Disclosure of Performance Evaluation for Senior Executives for Each Reporting Period29 – Enhancement in Roles and Responsibilities, Quality of Bank Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating + 7/87.50 rprox (2019ASX). This equates to a coverage/rating of +7/87.50 rprox for these ASX board and senior executive review variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

 Ibid, Rec 1.6(a), p 11.  Ibid, Rec 1.6(b), p 11. 26  Ibid, Commentary to Rec 1.6, p 11. 27  Ibid. 28  Ibid, Rec 1.7(a), p 11. 29  Ibid, Rec 1.7(b), p 11. 24 25

962

35  Size and Composition of the Board

35.4 Evaluation Statement of the Skills and Experience of the Board Further Recommendations were made by the Walker Review 2009 on the functioning of the board and evaluation of performance, including in relation to an evaluation statement of the skills and experience of the board to address and challenge key risks and decisions, including “an indication of the nature and extent of communication with major shareholders” and confirmation that their views were taken into account.30 Thus, communication with major shareholders is discussed in the following Sect. 35.5. For this Sect. 35.4, this recommendation gives rise to the following variable for the relational approach: • [BankDirEvalState] (+)  – Banks  – Board of Directors  – Director Evaluation Statement of Skills and Experience (Annual) – Enhancement of Monitoring and Review Effect, coverage/rating + 7/87.50 rprox. The behavior and relational effect path for this variable are identical to the [BrdReview] (+) (Board – Annual Review) variable described in section 7.3.2.1.2 of Stage 131 and the preceding Sect. 35.3. There, the [BrdReview] (+) variable is a ‘strong-form’ of the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/rating + 7/87.50 rprox. Thus the relational effect path of the [BankDirEvalState] (+) variable is hypothesized to have an identical relational effect path to the [BrdReview] (+) variable examined in section 7.3.2.1.2 of Stage 1, which is in turn based on the relational effect path of the [BrdIndMon] (+) variable also in section 7.3.2.1.2 of Stage 1, coverage/rating + 7/87.50 rprox. This gives rise to a coverage/rating for the [BankDirEvalState] (+) variable of +7/87.50 in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

35.5 Communication with Major Shareholders For the Walker Review 2009, the evaluation statement should also include communication with major shareholders including the “nature and extent of communication with major shareholders and confirmation that the board were fully apprised of views indicated by shareholders in the course of such dialogue”.32 But the Review

 Walker Review 2009, above n 1, Recommendation 13, p 16–17.  See discussion in section 7.3.2.1.2 of Stage 1, above n 4, p 211. 32  Walker Review 2009, above n 1, Recommendation 13, p 66. 30 31

35.6  Cooperation of the Board and Committees

963

left open the question of whether the evaluation statement should be the subject of an advisory resolution by shareholders.33 The communication with major shareholders element of the annual director evaluation statement will be considered in a proposed future Key Field – Shareholder Empowerment and Institutional Shareholders. In the meantime, the Stage 2 relational approach will raise an interim governance variable tracking the [BankDirEvalState] (+) variable in the previous Sect. 35.4, coverage/rating + 7/87.50 rprox: • [BankDirEvalStateMajor*] (+)  – Banks  – Board of Directors  – Director Evaluation Statement of Skills and Experience (Annual) – Communication with Major Shareholders – Enhancement of Monitoring and Review Effect, coverage/ rating + 7/87.50 rprox. Thus, like the preceding [BankDirEvalState] (+) variable, coverage/rating + 7/87.50 rprox, the relational effect path of the [BankDirEvalStateMajor*] (+) variable is hypothesized to be identical to the relational effect path of the [BrdReview] (+) variable examined in section 7.3.2.1.2 of Stage 1, which is in turn based on the relational effect path of the [BrdIndMon] (+) variable also in section 7.3.2.1.2 of Stage 1, coverage/rating + 7/87.50 rprox. This gives rise to a coverage/rating for the [BankDirEvalStateMajor*] (+) variable of +7/87.50 in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

35.6 Cooperation of the Board and Committees Agendas The NAB Board designs its agenda around two concepts. The first  – ‘Run the Bank’  – is for day-to-day operations and performance. ‘Change the bank’ is for strategy and initiatives to transform the bank.34 Stage 2 hypothesises that NAB’s agenda-setting function governance variables are identical to the [BrdReview] (+) (Board – Annual Review) variable described in section 7.3.2.1.2 of Stage 135 and the preceding Sect. 35.3, coverage/rating + 7/87.50 rprox. There, the [BrdReview] (+) variable is a ‘strong-form’ of the [BrdIndMon] (+) variable also with a coverage/rating of +7/87.50 rprox. Thus the relational effect path of the following agenda-setting variables is hypothesized to have an identical relational effect path to the [BrdReview] (+)  Ibid, Para 4.38, p 66.  National Australia Bank, NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/content/dam/ nabrwd/documents/reports/corporate/nab-self-assessment-2018.pdf (‘NAB Self-Assessment 2018’), p 13. 35  See discussion in section 7.3.2.1.2 of Stage 1, above n 4, p 211. 33 34

964

35  Size and Composition of the Board

variable, coverage/rating + 7/87.50 rprox, examined in section 7.3.2.1.2 of Stage 1, which is in turn based on the relational effect path of the [BrdIndMon] (+) variable also in section 7.3.2.1.2 of Stage 1, also with a coverage/rating of +7/87.50 rprox. This gives rise to a coverage/rating for the following agenda-setting variables of +7/87.50 in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • [NABBrdAgendaRun] (+)  – Banks  – NABBrd  – ‘Run the Bank’  – Agenda-­ setting Function for Day-to-Day Operations and Performance – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making  – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); • [NABBrdAgendaChange] (+)  – Banks  – NABBrd  – ‘Change the Bank’  – Agenda-setting Function for Strategy and Initiatives to Transform the Bank  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); • [NABBrdAgendaFn] (+)  – Banks  – NABBrd  – Agenda-setting Function (Generally)  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating  +  7/87.50 rprox (NAB); • [NABBrdAgendaTimeAllocate] (+)  – Banks  – NABBrd  – Agenda-setting Function -Time Allocation for Key Topics36 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); • [NABBrdAgendaTimeDash&Score] (+) – Banks – NABBrd – Agenda-setting Function  – Dashboards and Scorecards for Progress of Time Allocation37  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); • [NABBrdAgendaDeepDives] (+)  – Banks  – NABBrd  – Agenda-setting Function  – Design of Agendas for Deep Dives38  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making  – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); and  NAB Self-Assessment 2018, above n 34, p 13.  Ibid. 38  Ibid. 36 37

35.6  Cooperation of the Board and Committees

965

• [NABBrdAgendaJointWorkshops] (+) – Banks – NABBrd – Agenda-setting Function  – Joint Board/Management Workshops and Business Immersion Activities39  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating  +  7/87.50 rprox (NAB).

39

 Ibid.

Chapter 36

Board Committees

Abstract Chapter 36 of this Stage 2 Key Code and Advanced Handbook examines board committees. This begins with the Audit Committee with a review of Audit Committee variables from Stage 1 including a review of the [AudCom] (+) variable relational effect path from Stage 1 with a coverage/rating of +6/75.00 rprox. We then examine the ASX’s safeguarding of the integrity of corporate reports and the APRA Prudential Standard 510 on the Board Audit Committee. There follows the requirements of the BCBS Audit Committee and NAB Self-Assessment 2018. We then move to the APRA shortcomings in the operation of the audit committee, ‘red’ audit reports failings in audit committee practice, APRA audit committee reporting weaknesses and reliance on key individuals and conclude with the Westpac audit committee reporting from group audit. Other committees examined include the Board Risk Committee (BRC), Compensation/Remuneration Committee and other committees including the Nomination and Governance Committee, the Ethics, Compliance and Reputation Committee and NAB’s Customer Outcomes Committee. The examination then turns to consider APRA’s failings in board committees including failings in communication between board committees, failings in the candour of messaging to the board and its committees, over-confidence and lack of benchmarking. There follows APRA’s failings in senior executive leadership giving rise to a Non-Financial Risk Committee (NFRCm) and examining the Executive Committee and Non-Financial Risk Committee. We conclude with APRA’s improvements in non-financial risk management in relation to operational, compliance and conduct risks (NFRMan) and APRA’s observations that acknowledged weaknesses are already known (NFRWeak). Keywords  Board committees · Audit committee · APRA shortcomings in audit committee · Board Risk Committee (BRC) · Compensation/Remuneration Committee · Other committees · APRA failings · Senior executives · Non-financial risk committee · Operational · Compliance and conduct risks

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_36

967

968

36  Board Committees

36.1 Audit Committee Under the BCBS Guidelines 2015, a committee chair must be an independent, non-­ executive director.1 A number of committee variables are now considered. Review of Audit Committee Variables from Stage 1 Of course, a significant number – eight out of thirty-nine – governance variables were introduced in relation to the Audit Committee in Stage 1:2 • [AudAccEarn] (+)  – Audit Committee  – Accounting Expertise  – Earnings Manipulation Reduction Effect, coverage/rating + 6/75.00 (relational effect path in section 9.2.1.1.2 of Stage 1); • [AudCom] (+) – Audit Committee – Presence, Operation and Frequency, coverage/rating + 6/75.00 (relational effect path in section 8.4.2 of Stage 1); • [AudExpAcc] (+) – Audit Committee – Financial Expertise (Accounting), coverage/rating + 6/75.00 (relational effect path in section 8.4.4 of Stage 1); • [AudFree] (−) – Audit Committee – Non-Accounting Expertise – ‘Free Rider’ Effect, coverage/rating − 6/75.00 (relational effect path in section 9.2.1.1.2 of Stage 1); • [AudIndFreq] (+)  – Audit Committee  – Independence in Combination with Frequency of Meeting – Reduction in Earnings Manipulation Effect, coverage/ rating + 7/87.50 (relational effect path in section 9.2.1 of Stage 1); • [AudIndInfo] (−) – Audit Committee – Independence – Information Flow and Decision Quality ‘Trade-off’, coverage/rating − 4/50.00 (relational effect path in section 8.4.3 of Stage 1); • [AudIndMon] (+) – Audit Committee – Independence – Monitoring Effect, coverage/rating + 7/87.50 (relational effect path in section 8.4.3 of Stage 1); and • [AudShortOpts] (−)  – Audit Committee  – Short-term Options Granted to Outside Directors – Reduction in Monitoring Effect, coverage/rating − 7/87.50 (relational effect path in section 10.2.5.1 of Stage 1).

  The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’), Para 67, p 16. 2  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 1

36.1 Audit Committee

969

Review of [AudCom] (+)3 Variable Relational Effect Path from Stage 1 – Coverage/Rating + 6/75.00 Rprox The relational effect path of the [AudCom] (+) variable, coverage/rating + 6/75.00 rprox, was set out in section 8.4.2 of Stage 1 and is repeated here to introduce the new governance variables related to the Audit Committee introduced by the BCBS: …the [AudCom] (+) variable should exert a positive effect on six Governance Factors with a Coverage/Rating of +6/75.00 rprox in the Coverage Table and the Relational Proximity Table. Corporate governance statutes and Governance Codes contain – as depicted in the Governance Code Tables in chapter 6 – significant input and guidance in relation to audit committee powers and functions. Thus, the themes in the Compliance Factor No. 24 have significant effect on the audit committee. If, following the results of some of the above studies, the presence and frequency of meeting of the audit committee enhances the quality of monitoring, the starting point for this relational effect path is the [Risk Management,] Monitoring & Audit Factor No. 5.5 The most direct or proximate links are two-pronged. First is the reflexive relationship between the Monitoring & Audit Factor No. 5 and the Decision-making Factor No. 7.6 The second prong is the also reflexive relationship between (again) the Monitoring & Audit Factor No. 5 and the Reporting Factor No. 1.7 The Decision-making Factor No. 7 itself has two other reflexive relationships depicted in the Shareholder Primacy Interrelationship Scheme in Figure 2.6. The first is an important reflexive link with the Alignment Factor No. 38 that represents  – through the enhancing effect of the [AudCom] (+) variable – the ‘alignment’ between insider and outside interests. The other relevant link of the Decision-making Factor No. 7 for the purposes of the [AudCom] (+) variable is the reflexive relationship with the Compensation Factor No. 4.9 This reflects the significance of the audit committee in disclosing – and therefore (theoretically) exposing to market and reputational constraints  – the compensation and incentive themes within the Compensation Factor No. 4. In the absence of more targeted studies and therefore following an intuitive line, it is difficult to hypothesise that the Stakeholders Factors No. 6 and the Responsibility Factor No. 8 will be influenced by the functions undertaken by the audit committee to the same order or magnitude as the other Governance Factors influenced by the [AudCom] (+) variable. Implied in this respect is that audit committee-level decision-making may be more removed

 Audit Committee - Presence, Operation and Frequency.  Corporate Governance and Legal Compliance – see sect. 2.6.2 of chap. 2, Stage 1, above n 2. 5  Risk Management, Internal and External/Audit Monitoring Quality – see discussion in sect. 2.6.5 of chap. 2, Stage 1, above n 2. 6  Quality of Board, CEO and Management Decision-making – see discussion in sect. 2.6.7 of chap. 2, Stage 1, above n 2. 7  Transparency, Timing and Integrity of Financial and Other Reports – see discussion in sect. 2.6.1 of chap. 2, Stage 1, above n 2. 8  Alignment of Management and Shareholder Interests – see discussion in sect. 2.6.3 of chap. 2, Stage 1, above n 2. 9  Board, CEO and Management Compensation and Incentives  – see discussion in sect. 2.6.4 of chap. 2, Stage 1, above n 2. 3 4

36  Board Committees

970

GF 2

GF 5 GF 4

GF 1

GF 7

GF 3

Fig. 36.1  Reproduction of Fig. 8.3: [AudCom] (+) variable relational effect path or indirect in relation to these two Governance Factors (but not others) than the effect of board-level decision-making inherent in variables such as the [BrdIndMon] (+)10 variable.

The [AudCom] (+) variable relational effect path is presented in Fig. 36.1 above. ASX Safeguard the Integrity of Corporate Reports Audit committee variables are imported into the Stage 2 Key Code and Advanced Handbook by the ASX Principles and Recommendations Fourth Edition.11 Thus, new bank-specific governance variables modelled on the [AudCom] (+) variable are introduced by the ASX Principles and Recommendations Fourth Edition. However, in the Stage 1 Model, Stakeholders Factor No. 6 and Responsibility Factor No 8 are hypothesised not to be active as the variable concentrates on the Audit Committee’s presence, operation and frequency. In this Stage 2 bank-specific Model, we examine the Audit Committee’s roles and responsibilities, thus affecting Responsibility Factor No. 8 and, in particular, its reflexive relationships with both Risk Management, Monitoring & Audit Factor No. 5 and Decision-making Factor No 7. For the ASX, this gives rise to a coverage/rating of +7/87.50 rprox for the following Audit Committee roles and responsibilities variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above):

 Board Independent Director: Executive Director Proportion – Monitoring Effect. See discussion in sections 7.3.2.1.1–2 of chap. 7, Stage 1, above n 2. 11  Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition, February 2019, accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-principles-and-recommendationsfourth-­edn.pdf (‘2019ASX’). 10

36.1 Audit Committee

971

• [2019ASXAudCom] (+) – 2019ASX Audit Committee – Presence, Operation and Frequency,12 coverage/rating + 7/87.50 rprox (2019ASX) including: –– has at least 3 members all of whom are non-executive directors;13 –– majority are independent directors;14 –– “is chaired by an independent director, who is not the chair of the board”;15 • [2019ASXAudComDisclose] (+)  – 2019ASX Audit Committee  – Disclosure Requirements for Audit Committee, coverage/rating + 7/87.50 rprox (2019ASX) including: –– –– –– ––

charter16; qualifications and experience of members;17 number of times committee has met during reporting period;18 and number of individual attendances during reporting period;19

• [2019ASXAudComRoles&Resps] (+)  – 2019ASX Audit Committee  – Roles and Responsibilities for Audit Committee, coverage/rating  +  7/87.50 rprox (2019ASX) including making Recommendations to the Board on: • the adequacy of the entity’s corporate reporting processes and internal control framework; • whether the entity’s financial statements reflect the understanding of the committee members of, and otherwise provide a true and fair view of, the financial position and performance of the entity; –– the appropriateness of the accounting judgements or choices exercised by management in preparing the entity’s financial statements; –– the appointment or removal of the external auditor; –– the fees payable to the auditor for audit and non-audit work; –– the rotation of the audit engagement partner; –– the scope and adequacy of the external audit; –– the independence and performance of the external auditor; –– any proposal for the external auditor to provide non- audit services and whether it might compromise the independence of the external auditor; –– if the entity has an internal audit function: • the appointment or removal of the head of internal audit;  Ibid, Rec 4.1(a)(1), p 19.  Ibid. 14  Ibid. 15  Ibid, Rec 4.1(a)(2). 16  Ibid, Rec 4.1(a)(3). 17  Ibid, Rec 4.1(a)(4). 18  Ibid, Rec 4.1(a)(5). 19  Ibid. 12 13

972

36  Board Committees

• the scope and adequacy of the internal audit work plan; and • the independence, objectivity and performance of the internal audit function.20 • [2019ASXAudComPowers] (+)  – 2019ASX Audit Committee  – Powers of Audit Committee, coverage/rating + 7/87.50 rprox (2019ASX) including: –– –– –– ––

right to obtain information; interview management; interview internal and external auditors; and seek advice from external consultants or specialists;21

• [2019ASXAudComFinAccIndustExpert] (+) – 2019ASX Audit Committee – Accounting and Financial Expertise and Knowledge of Industry of Audit Committee,22 coverage/rating + 7/87.50 rprox (2019ASX); • [2019ASXAudComDeclareCEO&CFO] (+)  – 2019ASX Audit Committee  – Audit Committee to Obtain Declarations from CEO and CFO,23 coverage/rating + 7/87.50 rprox (2019ASX) including: –– the financial records of the entity have been properly maintained and that the financial statements comply with the appropriate accounting standards; and –– give a true and fair view of the financial position and performance of the entity; and –– that the opinion has been formed on the basis of a sound system of risk management and internal control which is operating effectively;24 and • [2019ASXAudComVerifyIntegCorpReport] (+)  – 2019ASX Audit Committee  – Entity to Disclose Process for Verifying any Corporate Report Released to the Market that is NOT Audited or Reviewed by External Auditor,25 coverage/rating + 7/87.50 rprox (2019ASX). APRA Prudential Standard 510 on the Board Audit Committee26 For APRA, the roles and responsibilities of the Audit Committee in CPS 510 are extensive, and here track the [AudCom] (+) variable again, as in the case of the ASX variables, with the additional Responsibility Factor No. 8 giving rise to a coverage/rating of +7.87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above):  Ibid, Commentary to Rec 4.1, p 19.  Ibid, p 20. 22  Ibid. 23  Ibid, Rec 4.2, p 20. 24  Ibid. 25  Ibid, Rec 4.3, p 20. 26  Australian Prudential Regulation Authority, Prudential Standard CPS 510 Governance, July 2019, accessed 22 September 2019, available at: https://www.legislation.gov.au/Details/F2019L00662/Download (‘CPS 510’), sections 73–89, pp. 17–19. 20 21

36.1 Audit Committee

973

• [510AudComRequirements] (+)  – Banks  – CPS 510AudCom  – Audit Committee Requirements – Enhancement in Risk Management, Monitoring and Audit  – Enhancement in Internal and External Reporting  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (APRA CPS 510), including: –– Audit Committee “which assists the Board by providing an objective non-­ executive review of the effectiveness of the institution’s financial reporting and risk management framework”;27 –– “must have sufficient powers to enable it to obtain all information necessary for the performance of its functions”;28 –– must have at least three members;29 –– “all members of the Committee must be non-executive directors of the APRA-­ regulated institution”;30 –– “A majority of the members of the Committee must be independent”;31 –– Chairperson of Audit Committee must be an independent director”;32 –– “Chairperson of the Board may be a member of the…Audit Committee, but may not chair the Committee”;33 –– written charter that outlines its roles, responsibilities and terms of operation including: • • • • •

all APRA statutory reporting requirements; other financial reporting requirements; professional accounting requirements; internal and external audit; and the appointment and removal of that institution’s Auditor and Head of Internal Audit.34

• [510AudComRoles&Resps] (+) – Banks – CPS 510AudCom – Audit Committee Roles and Responsibilities – Enhancement in Risk Management, Monitoring and Audit  – Enhancement in Internal and External Reporting  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (APRA CPS 510), including: –– “prior endorsement for the appointment or removal of the institution’s auditor and Head of Internal Audit…[including]…the reasons for removal must be

 Ibid, section 73, p 17.  Ibid, section 74, p 17. 29  Ibid, section 75, p 17. 30  Ibid. 31  Ibid. 32  Ibid, section 76, p 17. 33  Ibid, section 77, p 17. 34  Ibid, sections 78(a)-(e), p 18. 27 28

974

––

–– –– –– ––

36  Board Committees

discussed with APRA as soon as practicable, and no more than 10 business days, after the Committee’s endorsement is agreed upon”;35 “must review the engagement of the auditor at least annually, including making an assessment of whether the auditor meets the Audit Independence tests set out in APES 110 Code of Ethics for Professional Accountants, as well as the additional auditor independence requirements set out in this [CPS 510]”;36 “must regularly review the internal and external audit plans, ensuring that they cover all material risks and financial reporting requirements of the institution”;37 “must also regularly review the findings of audits, and ensure that issues are being managed and rectified in an appropriate and timely manner”;38 “must ensure the adequacy and independence of both the internal and external audit functions”;39 “the members of the…Audit Committee must, at all times, have free and unfettered access to: • • • •

senior management; the internal auditor; the heads of all risk management functions; and the auditor and the Appointed Actuary and vice versa”;40

• [510AudComWhistleblower] (+)  – Banks  – CPS 510AudCom  – Audit Committee to Ensure Whistle-blower Procedures  – Enhancement in Risk Management, Monitoring and Audit  – Enhancement in Internal and External Reporting  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (APRA CPS 510), including: –– “must ensure that the APRA-regulated institution maintains policies and procedures for employees of the institution to submit, confidentially, information about accounting, internal control, compliance, audit, and other matters about which the employee has concerns”;41 and –– “must also ensure that the APRA-regulated institution has a process for ensuring employees are aware of these policies and for dealing with matters raised by employees under these policies”;42 • [510AudComMeetAPRA] (+) – Banks – CPS 510AudCom – Audit Committee Members to be Available to Meet with APRA on Request – Enhancement in Risk  Ibid, section 79, p 18.  Ibid, section 80, p 18. 37  Ibid, section 82, p 18. 38  Ibid. 39  Ibid, section 83, p 18. 40  Ibid, section 84, p 18. 41  Ibid, section 85, pp. 18–19. 42  Ibid. 35 36

36.1 Audit Committee

975

Management, Monitoring and Audit  – Enhancement in Internal and External Reporting  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (APRA CPS 510);43 • [510AudComInviteAuditor&Actuary] (+)  – Banks  – CPS 510AudCom  – Audit Committee Must Invite Auditor and Appointed Actuary to Committee Meetings  – Enhancement in Risk Management, Monitoring and Audit  – Enhancement in Internal and External Reporting – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox (APRA CPS 510);44 • [510AudComReportLineInternalAuditor] (+) – Banks – CPS 510AudCom – Internal Auditor Must Have Reporting Line and Unfetterred Access to Audit Committee  – Enhancement in Risk Management, Monitoring and Audit  – Enhancement in Internal and External Reporting – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (APRA CPS 510);45 • [510AudComInternalAuditFn] (+)  – Banks  – CPS 510AudCom  – APRA-­ regulated Institution to have Independent and Adequately Resourced Internal Audit Function – Enhancement in Risk Management, Monitoring and Audit – Enhancement in Internal and External Reporting – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (APRA CPS 510),46 including: –– “the objectives of the internal audit function must include evaluation of the adequacy and effectiveness of the financial and risk management framework of the institution”;47 and –– “to fulfil its functions, the internal auditor must, at all times, have unfettered access to the institution’s business lines and support functions”.48 Requirements of BCBS Audit Committee and NAB Self-Assessment 2018 For the BCBS, the Audit Committee’s composition should: • be required for systemically important banks and is strongly recommended for other banks based on an organisation’s size, risk profile or complexity; • be distinct from other committees; • have a chair who is independent and is not the chair of the board or of any other committee; • be made up entirely of independent or non-executive board members; and • include members who have experience in audit practices, financial reporting and accounting.49 Extensive responsibilities for the Audit Committee are envisaged by the BCBS: • framing policy on internal audit and financial reporting, among other things; • overseeing the financial reporting process;

 Ibid, section 86, p 19.  Ibid, section 87, p 19. 45  Ibid, section 88, p 19. 46  Ibid, section 90, p 19. 47  Ibid, section 91, p 19. 48  Ibid. 49  BCBS Guidelines 2015, above n 1, Para 68, p 16. 43 44

976

36  Board Committees

• providing oversight of and interacting with the bank’s internal and external auditors; • approving, or recommending to the board or shareholders for their approval, the appointment, remuneration and dismissal of external auditors; • reviewing and approving the audit scope and frequency; • receiving key audit reports and ensuring that senior management is taking necessary corrective actions in a timely manner to address control weaknesses, non-­compliance with policies, laws and regulations, and other problems identified by auditors and other control functions; • overseeing the establishment of accounting policies and practices by the bank; and • reviewing the third-party opinions on the design and effectiveness of the overall risk governance framework and internal control system.50

For the NAB Self-Assessment 2018,51 the responsibilities of the Audit Committee are • the integrity of NAB’s accounting and financial statements; • internal and external audit activities; and • NAB’s Whistleblower policy and program.52 Thus, new bank-specific governance variables modelled on the [AudCom] (+) variable are introduced by the BCSS Guidelines 2015 and the NAB Self-Assessment 2018. Again, however, in the Stage 1 Model, Stakeholders Factor No. 6 and Responsibility Factor No 8 are hypothesised not to be active as the variable concentrates on the Audit Committee’s presence, operation and frequency. In this Stage 2 bank-specific Model, we examine the Audit Committee’s roles and responsibilities, thus affecting Responsibility Factor No. 8 and, in particular, its reflexive relationships with both Risk Management, Monitoring & Audit Factor No. 5 and Decision-­ making Factor No 7. This gives rise to a coverage/rating of +7/87.50 rprox for the following Audit Committee roles and responsibilities variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2) above: • [AudComPolicyIntAudFinRep] (+)  – Banks  – Audit Committee  – Framing Policy on Internal Audit and Financial Reporting  - Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making  – Enhancement in Quality of Accountability and Lines of Responsibility – coverage/rating of +7/87.50 rprox (BCBS); • [AudComOseeFinRep] (+)  – Banks  – Audit Committee  – Overseeing the Financial Reporting Process - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility  – coverage/rating of +7/87.50 rprox (BCBS);

 Ibid, Para 69, pp. 16–17 (footnote omitted).  National Australia Bank, NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/content/dam/ nabrwd/documents/reports/corporate/nab-self-assessment-2018.pdf (‘NAB Self-­ Assessment 2018’). 52  Ibid, p12. 50 51

36.1 Audit Committee

977

• [AudComOseeIntAudExtAud] (+)  – Banks  – Audit Committee  - Providing Oversight of and Interacting with the Bank’s Internal and External Auditors  Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility – coverage/rating of +7/87.50 rprox (BCBS); • [AudComAppRemDismissExtAud] (+)  – Banks  – Audit Committee  – Approving Appointment, Remuneration and Dismissal of External Auditors  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility – coverage/rating of +7/87.50 rprox (BCBS); • [AudComAudScope&Freq] (+) – Banks – Audit Committee – Reviewing and Approving the Audit Scope and Frequency – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility – coverage/rating of +7/87.50 rprox (BCBS); • [AudComKeyAudRep] (+) – Banks – Audit Committee – Receiving Key Audit Reports - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making  – Enhancement in Quality of Accountability and Lines of Responsibility  – coverage/rating of +7/87.50 rprox (BCBS); • [AudComCorrActionWeakness] (+) – Banks – Audit Committee – Ensuring That Senior Management Is Taking Necessary Corrective Actions in a Timely Manner to Address Control Weaknesses, Identified by Auditors and Other Control Function - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility  – coverage/rating of +7/87.50 rprox (BCBS); • [AudComCorrActionNonComply] (+) – Banks – Audit Committee – Ensuring That Senior Management Is Taking Necessary Corrective Actions in a Timely Manner to Address Non-Compliance with Policies, Laws and Regulations, And Other Problems Identified by Auditors and Other Control Function - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility – coverage/rating of +7/87.50 rprox (BCBS); • [AudComOseeAccPolicy&Pract] (+) – Banks – Audit Committee – Overseeing the Establishment of Accounting Policies and Practices by the Bank  Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility – coverage/rating of +7/87.50 rprox (BCBS); • [AudComDesignEffectRisk&IntCont] (+)  – Banks  – Audit Committee  – Reviewing the Design and Effectiveness of the Overall Risk Governance Framework and Internal Control System  - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility – coverage/rating of +7/87.50 rprox (BCBS);

978

36  Board Committees

• [NABAudComAcc&FinStatements] (+) – Banks – Audit Committee – Integrity of the Bank’s Accounting and Financial Statements  - Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making  – Enhancement in Quality of Accountability and Lines of Responsibility – coverage/rating of +7/87.50 rprox (NAB); • [NABAudComInt&ExtAud] (+)  – Banks  – Audit Committee  – Internal and External Audit Activities  - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility  – coverage/rating of +7/87.50 rprox (NAB); and • [NABAudComWhistle] (+) – Banks – Audit Committee – Whistleblower Policy and Program  - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility  – coverage/rating of +7/87.50 rprox (NAB). Auditor Independence Beyond Scope APRA’s Prudential Standard CPS 510 Governance contains significant provisions53 relating to the independence of the external auditor which are beyond the scope of this Stage 2 Key Code and Advanced Handbook.

36.2 APRA Shortcomings in Operation of Audit Committee ‘Red’ Audit Reports Failings in Audit Committee Practice On the part of the Audit Committee, APRA found insufficient “rigour and urgency in holding management to account in addressing and closing out audit issues.”54 In this respect, APRA noted shortcomings in the Audit Committee treatment of ‘Red’ audit reports which “encapsulate the highest impact or highest risk weaknesses as identified by the internal audit function.”55 These failings included: • the due dates for remediation of issues being extended on two or more occasions and without the Audit Committee reviewing or approving extensions; • reopening of issues after further internal audit; • failure to report back to the Audit Committee on issues which were granted extensions; • failure of Audit Committee members to be supplied Red audit reports rather than summaries;

 CPS 510, above n 26, sections 92–100, pp. 19–21.  Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (‘APRA Final Report’), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-Report_30042018.pdf, p 15. 55  Ibid. 53 54

36.2 APRA Shortcomings in Operation of Audit Committee

979

• failure of those issuing Red audit reports to appear in person before the Audit Committee; and • failure of the Audit Committee to follow-up Red audit reports in a timely fashion.56 Accordingly, the following “RedAud”-prefix variables are introduced here by the Stage 2 relational approach to identify these failings identified by APRA in relation to the Audit Committee. In Sect. 38.6 of Chap. 38 below, the relational approach introduces a governance variable modelled on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1, coverage/rating + 8/100.00 rprox – but negative (−) in effect – representing failure or deficiency in the flow of information to escalate problems or ‘red flags’ upward through the bank to senior management and/or the board. This variable represents a failing in the Board’s responsibilities or functions in the oversight of the risk management function by failing to escalate problems or red flags, coverage/ rating − 8/100.00 rprox: • [FailRedFlag] (−) – Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (OECD Key Findings 2009), (OECD Kirkpatrick Report 2009), (EC Green Paper 2010)(relational effect path in Sect. 38.6). This ‘red flag’ variable is a (failure of) disclosure variable identical to the [TransTimeMon] (+)57 variable except in the negative (−) direction to reflect a reduction in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the deficiency in information flow giving rise to a coverage/rating of −8/100.00 rprox. Alternatively, there is a reduction in the quality of decision-making – Decision-making Factor No 7 and/or a failure of clear lines of accountability/responsibility affecting negatively Responsibility Factor No 8. The Stage 2 relational approach turns in this section to consider the above failings in Red audit reports and issues by the Audit Committee and the consequent reduction in information flow to both the Audit Committee and, in turn, the board, modelled on the [FailRedFlag] (−) variable in Sect. 38.6 of Chap. 38 below and, in turn, the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 (but negative (−) in effect) with a coverage/rating of −8/100.00 rprox): • [RedAudExtendDueDates] (−)  – Banks  – Audit Committee and Board Oversight of Risk Management – Extension of Due Dates for Red Audit Reports and Issues  – Reduction in Information Flow  - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  - Reduction in

56 57

 Ibid.  See discussion in sect. 9.1.2.1 of Stage 1, above n 2, pp. 198–199.

980

•

•

•

•

•

36  Board Committees

Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox, (APRA Final Report); [RedAudFailApproveExt] (−) – Banks – Audit Committee and Board Oversight of Risk Management – Failure of Audit Committee to Approve Extensions for Red Audit Reports and Issues – Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report); [RedAudFailReportBack] (−) – Banks – Audit Committee and Board Oversight of Risk Management – Failure to Report Back to Audit Committee for Extension Issues  – Reduction in Information Flow  - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  - Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox, (APRA Final Report); [RedAudSummaries] (−) – Banks – Audit Committee and Board Oversight of Risk Management  – Audit Committee Supplied with Summaries Rather than Actual Reports – Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  - Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox, (APRA Final Report); [RedAudFailAppear] (−) – Banks – Audit Committee and Board Oversight of Risk Management  – Failure of Issuer of Red Audit Report to Appear Before Audit Committee  – Reduction in Information Flow  - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making - Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox, (APRA Final Report); and [RedAudFailFollowUp] (−) – Banks – Audit Committee and Board Oversight of Risk Management  – Failure of Audit Committee to Follow-up Red Audit Reports in a Timely Fashion  – Reduction in Information Flow  - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report).

APRA Audit Committee Reporting Weaknesses and Reliance on Key Individuals The APRA Final Report identified a number of weaknesses in the reporting of the Audit Committee below ‘industry practice’: the BAC did not receive nor demand metrics showing the closure status of the highest rated audit issues. Standard practice, both internationally and domestically, is that the BAC receives formal metrics and reporting articulating the number of audit reports, the owners, remediation timetables, extensions granted and whether the findings were repeat issues. Audit issues for which remediation timetables are overdue or extended would be highlighted. While summaries are provided, detailed audit reports would be made available.58

58

 APRA Final Report, above n 54, p 15.

36.2 APRA Shortcomings in Operation of Audit Committee

981

As in this Sect. 36.2 above, the Stage 2 relational approach will construct a failure of disclosure variable identical to the [FailRedFlag] (−)59 variable and the [TransTimeMon] (+)60 variable, coverage/rating  +  8/100.00 rprox (except in the negative (−) direction) to reflect a reduction in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the deficiency in information flow giving rise to a coverage/rating of −8/100.00 rprox. Alternatively, there is a reduction in the quality of decision-­ making – Decision-making Factor No 7 – and/or a failure of clear lines of accountability/responsibility affecting negatively Responsibility Factor No 8: • [AudFailMetricsIssueStatus] (−)  – Banks  – Audit Committee and Board Oversight of Risk Management – Audit Committee Failure of Metrics for Closure Status of Issues – Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox, (APRA Final Report). The content for such metrics set out in the quotation from APRA above includes: • • • • • • • •

the closure status of the highest rated audit issues; the number of audit reports; the owners; remediation timetables; extensions granted; whether the findings were repeat issues: audit issues for which remediation timetables are overdue or extended; and detailed audit reports rather than summaries.

For reliance on key individuals, APRA noted that the Audit Committee “relied to a large part on the summary information prepared by internal audit and introduced by the Chair and internal audit to the other members” criticizing the funnelling of information through a single director and the failure to provide detailed reports.61 For the Stage 2 relational approach, this gives rise to the following variable again modelled on the [FailRedFlag] (−) variable in Sect. 38.6 of Chap. 38 below and, in turn, the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 (but negative (−) in effect), coverage/rating − 8/100.00 rprox: • [AudRelyOnChair] (−)  – Banks  – Audit Committee and Board Oversight of Risk Management  – Audit Committee Reliance on Chair  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal

 Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox. See discussion in Sect. 38.6 below. 60  See discussion in section 9.1.2.1 of Stage 1, above n 2, pp. 198–199. 61  APRA Final Report, above n 54, p 17. 59

982

36  Board Committees

Monitoring and Decision-making  - Reduction in Quality of Accountability/ Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report). A negative/failing variable for the use of summaries instead of detailed reports was introduced in this Sect. 36.2 above as the [RedAudSummaries] (−) variable.

36.3 Westpac Audit Committee Reporting from Group Audit62 As in the previous Sect. 36.2, the Stage 2 relational approach will construct a failure of disclosure variable identical to the [FailRedFlag] (−)63 variable and the [TransTimeMon] (+)64 variable (except in the negative (−) direction) giving rise to a coverage/rating of −8/100.00 rprox to reflect a reduction in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the deficiency in information flow. Alternatively, there is a reduction in the quality of decision-making – Decision-making Factor No 7 and/ or a failure of clear lines of accountability/responsibility affecting negatively Responsibility Factor No 8: • [WBCAudFailRedAudits] (−) – Banks – Audit Committee and Board Oversight of Risk Management  – Reporting From Group Audit  - Failure of Reports to Include Every ‘Red’ Audit or Actions and Deadlines to Address Issues in ‘Red’ Audits65  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox, (Westpac); • [WBCAudFailAmberAudits] (−)  – Banks  – Audit Committee and Board Oversight of Risk Management  – Reporting From Group Audit  - Failure of Reports to Include Summary or Thematic Information on All Amber Audits66 – Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making - Reduction in Quality of Accountability/ Responsibility, coverage/rating − 8/100.00 rprox, (Westpac) including:  Westpac Banking Corporation, Review Team, Governance, Accountability and  Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-Assessment_Report_pdf (‘Westpac Review Team 2018’), sections 5.2.19–5.2.22, p 35. 63  Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox. See discussion in Sect. 38.6 below. 64  See discussion in section 9.1.2.1 of Stage 1, above n 2, pp. 198–199. 65  Westpac Review Team 2018, above n 62, section 5.2.21, p 35. 66  Ibid. 62

36.6 Other Committees

983

–– identification of weaknesses; –– agreed remedial actions; and –– resolution timeframes;67 and • [WBCAudFailInformExtend] (−)  – Banks  – Audit Committee and Board Oversight of Risk Management  – Reporting From Group Audit  - Failure of Reports to Include Extensions to Agreed Due Dates to Resolve ‘High-Rated Issues’68  – Reduction in Information Flow  - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making - Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox, (Westpac).

36.4 Board Risk Committee (BRC) The BRC is examined in Chap. 43 below of this Stage 2.

36.5 Compensation/Remuneration Committee Director, CEO, executive and “high end” employee remuneration, equity compensation and incentives were discussed in Part 4 above of this Stage 2.

36.6 Other Committees Nomination and Governance Committee Other Committees contemplated by the BCBS include a “nomination/human resources/governance committee” to recommend new board members and members of senior management.69 To this end (with a re-naming to reflect the governance aspect), the Nomination and Governance Committee governance variables introduced in Stage 1 are: • [NomGovCom] (+/−)  – Nomination and Governance Committee  – Presence Operation and Frequency, coverage/rating +/−7/87.50 rprox (relational effect path in section 7.3.1.2.2 of Stage 1); and • [NomGovInd] (+) – Nomination and Governance Committee – Independence Proportion, coverage/rating  +  7/87.50 rprox (relational effect path in section 7.3.1.2.2 of Stage 1).

 Ibid.  Ibid, section 5.2.22 and Recommendation G4, p 35. 69  BCBS Guidelines 2015, above n 1, Para 77, p 18. 67 68

984

36  Board Committees

Each of these variables (previously [NomCom] (+/−) and [NomInd] (+)) precipitate the operation of the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 as explained in section 7.3.1.2.2 of Stage 1. As noted there, the structure and operation of the [BrdSkills] (+) variable, coverage/rating + 7/87.50 rprox, is itself dependent on the operation and structure of the (previously) [NomCom] (+/−) variable as the composition – and therefore skills mix – of the board flows from the Nominating Committee. Thus they both have an identical relational effect path to the [BrdSkills] (+) variable (in both directions for (now) the [NomGovCom] (+/−) variable). For the NAB Self-Assessment 2018,70 the roles and responsibilities of the Nomination and Governance Committee are: • reviewing the size and composition of the Board and succession plans to maintain an appropriate mix of experience, skills and diversity; • evaluating the performance of the Board; • recommending Board appointments and renewal; and • reviewing relevant corporate governance principles and policies for the bank.71 These roles and responsibilities give rise to the following variables modelled on the relational effect path of the [NomGovCom] (+/−) variable and, in turn, the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, but in the positive (+) direction. This gives rise to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the following variables: • [NABNomGovSize&CompBrd] (+)  – Banks  – Nomination and Governance Committee – Reviewing the Size and Composition of the Board - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); • [NABNomGovSuccessPlan] (+)  – Banks  – Nomination and Governance Committee – Reviewing Succession Plans - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); • [NABNomGovExperSkillsDiv] (+)  – Banks  – Nomination and Governance Committee – Maintaining an Appropriate Mix of Experience, Skills and Diversity (Generally) - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making  – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); • [NABNomGovEvalPerformBrd] (+)  – Banks  – Nomination and Governance Committee – Evaluating the Performance of the Board - Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of

70 71

 NAB Self-Assessment 2018, above n 51.  Ibid, p 12.

36.6 Other Committees

985

Decision-­making  – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); • [NABNomGovBrdAppointRenew] (+) – Banks – Nomination and Governance Committee – Recommending Board Appointments and Renewal - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating + 7/87.50 rprox (NAB); and • [NABNomGovReviewPrin&Policy] (+) – Banks – Nomination and Governance Committee – Reviewing Relevant Corporate Governance Principles and Policies for the Bank  - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating  +  7/87.50 rprox (NAB). ASX Nomination and Governance Committee For the Nomination and Governance Committee of a listed entity, the ASX Principles and Recommendations Fourth Edition72 give rise to the following variables modelled on the relational effect path of the [NomGovCom] (+/−) variable and, in turn, the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, but in the positive (+) direction. This gives rise to a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for the following variables: • [2019ASXNomGovCompose] (+)  – 2019ASXNomGov  – Nomination and Governance Committee  – Composition of Nomination and Governance Committee - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making  – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating  +  7/87.50 rprox (2019ASX) including: –– at least 3 members with majority of independent directors;73 –– chaired by independent director;74 –– disclosure of: • charter;75 • members;76 • at end of reporting period, the number of meetings and attendance of members.77

 2019ASX, above n 11.  Ibid, Rec 2.1(a)(1), p 12. 74  Ibid, Rec 2.1(a)(2), p 12. 75  Ibid, Rec 2.1(a)(3), p12. 76  Ibid, Rec 2.1(a)(4), p 12. 77  Ibid, Rec 2.1(a)(5), p 12. 72 73

986

36  Board Committees

• [2019ASXNomGovRoles&Resps] (+) – 2019ASXNomGov – Nomination and Governance Committee  – Roles and Responsibilities of Nomination and Governance Committee78  - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability and Lines of Responsibility, coverage/rating + 7/87.50 rprox (2019ASX) including: –– –– –– –– –– –– –– –– –– –– ––

board succession planning; induction and professional development for directors; evaluation process for board, committees and directors; process for recruitment of new directors; appointment and re-election of directors; succession plans for CEO and senior executives; charter with roles and powers including advice from external consultants; sufficient size, independence and diversity; may be chaired by the chair of board; time requirements for NEDs and whether that requirement is being met; and NEDs to inform chair of board and committee before accepting outside positions of listed entities or position requiring significant time.79

Ethics, Compliance and Reputation Committee For the BCBS, an ‘Ethics and Compliance Committee’ promotes “proper decision-­ making, due consideration of the risks to the bank’s reputation, and compliance with laws, regulations and internal rules”.80 The need for such a Committee is also recognised by the NAB Self-­ Assessment 2018: Following the global financial crisis and partly in response to the Group of Thirty (G30)‘s ‘A Call for Sustained and Comprehensive Reform’ in banking conduct and culture, many large European and US banks established a separate board committee focused on matters such as conduct, compliance, ethics and reputation. This recognised that these matters required time, information and a style of oversight that existing committees were not equipped to provide without compromising their prevailing priorities.81

Codes of ethics, conduct and compliance would be the responsibility of non-­ executive directors on such an Ethics, Compliance and Reputation Committee. Thus, ‘interim’ (*) status governance variables for codes of conduct and ethics were introduced in sect. 29.2 above of this Stage 2 pending the examination of these codes in a proposed future Key Field – Governance Variables in Corporate Social Responsibility or CSR.

 Ibid, Commentary to Rec 2.1, p 12.  Ibid, pp. 12–13. 80  BCBS Guidelines 2015, above n 1, Para 77, p 18. 81  NAB Self-Assessment 2018, above n 51, p 13. 78 79

36.6 Other Committees

987

In Sect. 29.2 above, a coverage/rating of +7/87.50 rprox was assigned for these six ‘code of conduct and ethics’ variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • [CodesNEDIllegalActs*] (+)  – Bank Codes of Conduct and Ethics  – Non-­ Executive Directors – Review and Oversight of Codes of Conduct and Ethics for Illegal Activity  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [CodesNEDEthics*] (+) – Bank Codes of Conduct and Ethics – Non-Executive Directors – Review and Oversight of Codes of Conduct and Ethics for Ethical Conduct – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [CodesNEDDueCare*] (+)  – Bank Codes of Conduct and Ethics  – Non-­ Executive Directors  - Review and Oversight of Codes of Due Care, Skill and Diligence – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [CodesNEDComply*] (+) – Bank Codes of Conduct and Ethics – Non-­Executive Directors  - Review and Oversight of Codes of Conduct for Compliance with Laws, Regulations and Company Policies – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [CodesNEDWhistle*] (+) – Bank Codes of Conduct and Ethics – Non-­Executive Directors  – Review and Oversight of Whistle-Blower Policy and Procedure  – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; • [CodesNEDIndInvestigate*] (+) – Bank Codes of Conduct and Ethics – Non-­ Executive Directors  – Review and Oversight of Policy and Procedure for Independent Investigation of Legitimate Material Concerns – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox; and • [CodesNEDConflicts*] (+) - Bank Codes of Conduct and Ethics  – Non-­ Executive Directors – Review and Oversight of Written Policies for Conflicts of Interest – Enhancement of Monitoring Effect, coverage/rating + 7/87.50 rprox. As noted in Sect. 29.2, the behaviour of these six corporate ‘code of conduct and ethics’ variables is hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/rating + 7/87.50 rprox, which in turn is identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, also with a coverage/rating of +7/87.50 rprox. Like those variables, the enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient of non-executive directors. Thus, the effect of these governance variables is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of the independence of non-executive directors. Thus, like the [BrdIndMon] (+) variable and the [BrdSkills] (+) variable, these governance variables affect all governance factors except the overriding effect of

988

36  Board Committees

Compliance Factor No 2 (as described in section 2.6.2 of Stage 182), giving rise to a coverage/rating of +7/87.50 rprox. Similarly to the [BrdIndMon] (+) variable and the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the codes, conduct and ethics decisions of the board. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of +7/87.50 rprox for these six ‘code of conduct and ethics’ variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). For the same reasons, a coverage/rating of +7/87.50 rprox is ascribed to the Ethics, Compliance and Reputation Committee itself: • [CodesNEDEthicsComplyReputCm*] (+)  - Bank Codes of Conduct and Ethics  – Non-Executive Directors  – Ethics, Compliance and Reputation Committee  – Enhancement of Monitoring Effect, coverage/rating  +  7/87.50 rprox (BCBS Guidelines 2015). NAB Customer Outcomes Committee Following its comments in the previous sub-section, NAB established a ‘Customer Outcomes Committee’ to “ensure appropriate customer outcomes”.83 Indeed, this was the content of Action #1 of its Self-Assessment: The Board will require and oversee a significant lift in the importance given to the voice of the customer and a more intense focus on customer outcomes, and is instituting structural (e.g. Board committee) changes to support this.84

It is hypothesised in this Stage 2 Key Code and Advanced Handbook that this governance variable will also track the ‘interim’ (*) status governance variables for codes of conduct and ethics, coverage/rating  +  7/87.50 rprox, which were introduced in sect. 29.2 above of this Stage 2: • [NABCodesNEDCustOutcomesCm*] (+)  – NABCodes  - Bank Codes of Conduct and Ethics  – Non-Executive Directors  – Customer Outcomes Committee  – Enhancement of Monitoring Effect, coverage/rating  +  7/87.50 rprox (NAB). This variable – again drawing on the independence ingredient of non-executive directors  – is again based on the enhanced risk management, monitoring and decision-­ making aspects of the [BrdIndMon] (+) variable in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, coverage/rating + 7/87.50 rprox.85 Thus, like the [BrdIndMon] (+) variable and the [BrdSkills] (+) variable, both with a coverage/rating + 7/87.50 rprox, the [NABCodesNEDCustOutcomes*] (+) variable affects all governance factors except the overriding effect of Compliance  See discussion in sect. 2.6.2 of Stage 1, above n 2, pp. 41–43.  NAB Self-Assessment 2018, above n 51, section 2.3.2, p 13. 84  Ibid. 85  See discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, above n 2, pp. 208–212. 82 83

36.7 APRA Failings in Board Committees

989

Factor No 2 (as described in section 2.6.2 of Stage 186). Similarly to the [BrdIndMon] (+) variable and the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the codes and customer outcome decisions of the board. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of +7/87.50 rprox for the [NABCodesNEDCustOutcomes*] (+) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Westpac Effects of a “Proliferation of Governance Committees”87 Section 5.6 of the Westpac Self-Assessment 2018 contains a diagram of an extensive “Group-wide risk governance committee structure”.88 The Review Team observed this increased “complexity and bureaucracy” and time commitments to prepare and attend multiple committees.89 For the Review Committee this highlighted: Westpac’s tendency to perpetuate complexity, by introducing, amongst other things, new committees, which can lead to capacity and execution constraints, a lack of clarity regarding decision makers or issue owners, employee feelings of disempowerment, lack of clarity of accountabilities and introduction of additional risk.90

The Review Team thus recommends a review and rationalisation of committees and “other governance forums”.91

36.7 APRA Failings in Board Committees92 APRA Failings in “Communication Between Board Committees”93 As in Sect. 36.2 above, the Stage 2 relational approach will construct failure of disclosure variables identical to the [FailRedFlag] (−)94 variable and the [TransTimeMon] (+)95 variable in section 9.1.2.1 of Stage 1 (except in the negative (−) direction) giving rise to a coverage/rating of −8/100.00 rprox. These variables  See discussion in sect. 2.6.2 of Stage 1, above n 2, pp. 41–43.  Westpac Review Team 2018, above n 62, section 5.6, p 39. 88  Ibid, section 5.6.1, Figure 5B, p 39. 89  Ibid, section 5.6.2, p 39. 90  Ibid, section 5.6.3, p 39. 91  Ibid, Recommendation G10, p 39. 92  APRA Final Report, above n 54, section 2.2.4, p 19. 93  Ibid. 94  Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox. See discussion in sect. 38.6 below. 95  See discussion in sect. 9.1.2.1 of Stage 1, above n 2, pp. 198–199. 86 87

990

36  Board Committees

reflect a reduction in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the deficiency in information flow as a result of APRA’s identification of “inadequate communication between board committees”: Despite overlapping Committee memberships, the linkages between Committees of the Board have been inadequate.96

Alternatively, there is a reduction in the quality of decision-making  – Decision-­ making Factor No 7 – and/or a failure of clear lines of accountability/responsibility affecting negatively Responsibility Factor No 8 for each of the failings identified by APRA with a coverage/rating of −8/100.00 rprox: • inadequate communication between committees:97 –– [CmFailCommunicate] (−)  – Banks  – Board Committees  – Inadequate Communication Between Committees  – Reduction in Information Flow  Reduction in Quality of Risk Management and Internal Monitoring and Decision-­making  – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report);98 • failure to delineate roles and responsibilities of committees: 99 –– [CmFailRoles&Respon] (−)  – Banks  – Board Committees  – Failure to Delineate Roles and Responsibilities of Committees  – Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making - Reduction in Quality of Accountability/ Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report);100 and • failure to identify control gaps affecting risk management: 101 –– [CmFailControlGaps] (−) – Banks – Board Committees – Failure to Identify Control Gaps Affecting Risk Management – Reduction in Information Flow Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  - Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report).102 APRA identifies an important variable – this time positive in the same direction as the [TransTimeMon] (+)103 variable in section 9.1.2.1 of Stage 1 with a

 APRA Final Report, above n 54, section 2.2.4, p 19.  Ibid. 98  Ibid. 99  Ibid. 100  Ibid. 101  Ibid. 102  Ibid. 103  See discussion in sect. 9.1.2.1 of Stage 1, above n 2, pp. 198–199. 96 97

36.7 APRA Failings in Board Committees

991

coverage/rating of +8/100.00 rprox for “joint and overlapping meetings” of the Audit Committee and BRC for audit issues: Some institutions hold joint and overlapping meetings of their Audit and Risk Committees where relevant audit findings can be discussed.104

This variable is expressed here as: • [CmJointMeet] (+)  – Banks  – Board Committees  – Joint and Overlapping Meetings of Audit Committee and BRC – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-­making  – Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox, (APRA Final Report).105 Flowing from this, the NAB Self-Assessment 2018106 identifies a number of conditions for effective communication and coordination between the Board and its Committees again positive in the same direction as the [CmJointMeet] (+) variable and, in turn, the [TransTimeMon] (+)107 variable in section 9.1.2.1 of Stage 1 with a coverage/rating of +8/100.00 rprox: • [NABBrdCmOverlapMembers] (+)  – Banks  – Board and Committees  – NABBrdCm  – Overlapping of Memberships between Committees108  – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making  – Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox, (NAB); • [NABBrdCmChairUpdateIssue] (+)  – Banks  – Board and Committees  – NABBrdCm  – Updates at Board Meeting by Each Committee Chair on Key Issues109 – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox, (NAB); • [NABBrdCmJointMeetAudBRC] (+)  – Banks  – Board and Committees  – NABBrdCm  – Joint Committee Meetings for Combined Discussion of Audit Committee and BRC110 – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox, (NAB); • [NABBrdCmJointMeetBRCComp] (+)  – Banks  – Board and Committees  – NABBrdCm – Joint Committee Meetings for Combined Discussion of BRC and  APRA Final Report, above n 54, section 2.2.4, p 19.  Ibid. 106  NAB Self-Assessment 2018, above n 51. 107  See discussion in sect. 9.1.2.1 of Stage 1, above n 2, pp. 198–199. 108  NAB Self-Assessment 2018, above n 51, p 13 109  Ibid. 110  Ibid. 104 105

992

36  Board Committees

Compensation/Remuneration Committee111  – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox, (NAB); and • [NABBrdCmQrtlyChairMeet (+)  – Banks  – Board and Committees  – NABBrdCm – Quarterly Meetings of Board Chair and Committee Chairs112 – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making  – Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox, (NAB). APRA Failings in “Candour of Messaging to the Board and Its Committees”113 As in Sect. 36.2, the Stage 2 relational approach will construct a failure of disclosure variable identical to the [FailRedFlag] (−)114 variable and the [TransTimeMon] (+)115 variable in section 9.1.2.1 of Stage 1 (except in the negative (−) direction) giving rise to a coverage/rating of −8/100.00 rprox. These variables reflect a reduction in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the deficiency in information flow as a result of APRA’s identification of inadequate “candour of messaging to the board and its committees.” Alternatively, there is a reduction in the quality of decision-making – Decision-­ making Factor No 7 – and/or a failure of clear lines of accountability/responsibility affecting negatively Responsibility Factor No 8 for each of the failings identified by APRA, coverage/rating − 8/100.00 rprox: • “over-emphasised positive aspects and progress, and de-emphasised more negative elements of risk issues and incidents”:116 –– [CmFailOverEmphasisPos] (−)  – Banks  – Board Committees  – Over-­ Emphasis of Positive Aspects and Progress – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report);117 and –– [CmFailUnderEmphasisNeg] (−)  – Banks  – Board Committees  – De-­ emphasis of Negative Elements of Risk Issues and Incidents – Reduction in

 Ibid.  Ibid. 113  APRA Final Report, above n 54, section 2.2.4, p 19. 114  Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox. See discussion in sect. 38.6 below. 115  See discussion in sect. 9.1.2.1 of Stage 1, above n 2, pp. 198–199. 116  APRA Final Report, above n 54, section 2.2.5, p 19. 117  Ibid. 111 112

36.7 APRA Failings in Board Committees

993

Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/ Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report).118 APRA identifies an important variable – this time positive (+) in the same direction as the [TransTimeMon] (+)119 variable in section 9.1.2.1 of Stage 1, coverage/ rating + 8/100.00 rprox for: • “deliberately engaging with specialists and employees at more operational levels in the organisation” to enhance risk-management capabilities: –– [CmOperatSpecialists] (+)  – Banks  – Board Committees  – Engage Specialists and Employees at Operational Levels  – Enhancement in Information Flow - Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/ Responsibility, coverage/rating + 8/100.00 rprox, (APRA Final Report). APRA Failings for “Over-confidence and Lack of Benchmarking”120 and “Board Assessment of Risk Culture”121 As in Sect. 36.2, the relational approach will construct a failure of disclosure variable identical to the [FailRedFlag] (−)122 variable and the [TransTimeMon] (+)123 variable in section 9.1.2.1 of Stage 1 (except in the negative (−) direction) giving rise to a coverage/rating of −8/100.00 rprox. These variables reflect a reduction in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the deficiency in information flow as a result of APRA’s identification of “over-confidence and lack of benchmarking.” Alternatively, there is a reduction in the quality of decision-making – Decision-­ making Factor No 7 - and/or a failure of clear lines of accountability/responsibility affecting negatively Responsibility Factor No 8 for each of the failings identified by APRA, coverage/rating − 8/100.00 rprox: • failure of benchmarking of governance practices:124 –– [CmFailBenchmark] (−)  – Banks  – Board Committees  – Failure in Benchmarking Governance Practices  – Reduction in Information Flow  Reduction in Quality of Risk Management and Internal Monitoring and  Ibid.  See discussion in sect. 9.1.2.1 of Stage 1, above n 2, pp. 198–199. 120  APRA Final Report, above n 54, section 2.2.6, p 20. 121  Ibid, section 2.2.7, p 20. 122  Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox. See discussion in sect. 38.6 below. 123  See discussion in sect. 9.1.2.1 of Stage 1, above n 2, pp. 198–199. 124  APRA Final Report, above n 54, section 2.2.6, p 20. 118 119

994

36  Board Committees

­ ecision-­making  - Reduction in Quality of Accountability/Responsibility, D coverage/rating − 8/100.00 rprox, (APRA Final Report);125 • failure to have mature understanding/assessment of risk culture:126 –– [CmFailAssessRiskCult] (−)  – Banks  – Board Committees  – Failure in Mature Understanding/Assessment of Risk Culture – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report).127 APRA identifies two important variables – this time positive (+) – in the same direction as the [TransTimeMon] (+)128 variable, coverage/rating + 8/100.00 rprox. These variables are for: • “robust metrics in place that recognise business unit specific needs” in relation to risk culture:129 –– [CmMetricsBURiskCult] (+)  – Banks  – Board Committees  – Metrics for Business Unit Risk Culture – Enhancement in Information Flow - Enhancement in Quality of Risk Management and Internal Monitoring and Decision-­ making  - Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox, (APRA Final Report)130; and • external assessments/reviews in relation to risk culture:131 –– [CmExtAssessRiskCult] (+)  – Banks  – Board Committees  – External Assessments/Reviews of Risk Culture – Enhancement in Information Flow Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox, (APRA Final Report).132

36.8 APRA Failings in Senior Executive Leadership APRA describes as ‘relatively common’ a ‘federated’ organizational structure with an ‘Executive Committee’ which is comprised of a Group Executive of each business unit and the bank’s support functions:  Ibid.  Ibid, section 2.2.7, p 20. 127  Ibid. 128  See discussion in section 9.1.2.1 of Stage 1, above n 2, pp. 198–199. 129  APRA Final Report, above n 54, section 2.2.7, p 20. 130  Ibid. 131  Ibid. 132  Ibid. 125 126

36.8 APRA Failings in Senior Executive Leadership

995

Within CBA, the Executive Committee is the most senior management forum and comprises the Group Executives of business units and central support functions. The Executive Committee’s stated purpose is to ‘materially enhance customer satisfaction, people engagement, shareholder value and the Group’s reputation.’ The Executive Committee meets on a weekly basis.133

APRA reserved some strong criticism for the Executive Committee’s lack of performance against its charter: A review of agendas and papers from its meetings in 2017 did not provide evidence of a genuine focus on the following areas mandated under its Charter: • • • •

agreeing common action where cross-Group coordination was critical to value creation; requiring and ensuring an environment of constructive and open challenge; sharing information on emerging risks; or clarifying and monitoring accountability for delivery of key business outcomes.

In the Panel’s view, the Executive Committee did not collectively provide a strong counterbalance to the prevailing views of individual business unit executives, nor did it effectively mobilise the institution when confronted with issues affecting multiple business units.134

Amongst the failings, APRA identified ‘data management’ and the ‘validity and accuracy of data’ as well as recommending: enhanced senior level governance and risk reporting for systems resilience, recovery, data storage and integrity, and risk management and culture.135

Governance Variables for APRA’s Failings in Senior Executive Leadership Giving Rise to a Non-Financial Risk Committee (NFRCm) Executive Committee As in Sect. 36.2, the relational approach will construct a failure of disclosure variable identical to the [FailRedFlag] (−)136 variable and the [TransTimeMon] (+)137 variable in section 9.1.2.1 of Stage 1 (except in the negative (−) direction) giving rise to a coverage/rating of −8/100.00 rprox. These variables reflect a reduction in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the deficiency in information flow as a result of APRA’s identification of failings in the Executive Committee. Alternatively, there is a reduction in the quality of decision-making negatively affecting Decision-making Factor No 7 and/or a failure of clear lines of

 Ibid, section 3, 3.1 Background, p 22.  Ibid, section 3.2.1 Operation of the Executive Committee, p 23. 135  Ibid, pp. 23–24. 136  Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox. See discussion in Sect. 38.6 below. 137  See discussion in section 9.1.2.1 of Stage 1, above n 2, pp. 198–199. 133 134

996

36  Board Committees

accountability/responsibility affecting negatively Responsibility Factor No 8 for each of the failings identified by APRA, coverage/rating − 8/100.00 rprox: • “data risk and data quality” issues:138 –– [ECmFailDataRisk&Quality] (−)  - Banks  – Executive Committee  – Failings in Oversight of Data Risk and Data Quality – Reduction in Information Flow  – Reduction in Quality of Board and Committee Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Final Report)139; • “validity and accuracy of data”:140 –– [ECmFailDataValidAccurate] (−)  - Banks  – Executive Committee  – Failings in Validity and Accuracy of Data – Reduction in Information Flow Reduction in Quality of Board and Committee Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Final Report)141; • “risk reporting for systems resilience, recovery, data storage and integrity”:142 –– [ECmFailRiskReportSystems] (−)  - Banks  – Executive Committee  – Failings in Risk Reporting for Systems Resilience, Recovery, Data Storage and Integrity  – Reduction in Information Flow  - Reduction in Quality of Board and Committee Risk Management, Internal Monitoring and Decision-­ making – coverage/rating − 8/100.00 rprox (APRA Final Report)143; and • “risk reporting for…risk management and culture”:144 –– [ECmFailRiskReportRiskCult] (−)  - Banks  – Executive Committee  – Failings in Risk Reporting for Risk Management and Culture – Reduction in Information Flow  - Reduction in Quality of Board and Committee Risk Management, Internal Monitoring and Decision-making  – coverage/rating − 8/100.00 rprox (APRA Final Report).145

 APRA Final Report, above n 54, section 3.2.1 Operation of the Executive Committee, p 23.  Ibid. 140  Ibid, p 24. 141  Ibid. 142  Ibid. 143  Ibid. 144  Ibid. 145  Ibid. 138 139

36.8 APRA Failings in Senior Executive Leadership

997

Non-Financial Risk Committee Importantly, APRA recommended the establishment of a ‘Non-Financial Risk Committee (NFRCm) at the Group Executive level’146 to remediate failings in relation to the oversight of risk. Again, the Stage 2 relational approach will be to construct a failure of disclosure variable identical to the [FailRedFlag] (−)147 variable and the [TransTimeMon] (+)148 variable in section 9.1.2.1 of Stage 1 (except in the negative (−) direction), giving rise to a coverage/rating of −8/100.00 rprox: • “operational and compliance risk profile”:149 –– [NFRCmFailOp&CompRiskProfile] (−)  - Banks  – Non-Financial Risk Committee – Failings in Operational and Compliance Risk Profile – Reduction in Information Flow  - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-­making – coverage/rating − 8/100.00 rprox (APRA Final Report);150 –– [NFRCmFailOp&CompRiskUpdates] (−)  - Banks  – Non-Financial Risk Committee  – Failings in Formal Updates on Operational and Compliance Risk Profile – Reduction in Information Flow - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Final Report);151 –– [NFRCmFailOp&CompRiskDetails] (−)  - Banks  – Non-Financial Risk Committee – Failings in Details on Operational and Compliance Risk Profile – Reduction in Information Flow - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-­making – coverage/rating − 8/100.00 rprox (APRA Final Report);152 –– [NFRCmFailScopeCharter&Resp] (−)  - Banks  – Non-Financial Risk Committee – Failings in Scope, Charter and Responsibilities of Committee – Reduction in Information Flow - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Final Report);153 –– [NFRCmFailOp&CompRiskDevelops] (−) - Banks – Non-Financial Risk Committee – Failings in Engagement with Developments in Operational and

 Ibid, Recommendation 8, p 26.  Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox. See discussion in sect. 38.6 below. 148  See discussion in sect. 9.1.2.1 of Stage 1, above n 2, pp. 198–199. 149  APRA Final Report, above n 54, p 25. 150  Ibid. 151  Ibid. 152  Ibid. 153  Ibid, pp. 25–26. 146 147

998

36  Board Committees

Compliance Risk – Reduction in Information Flow - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating  −  8/100.00 rprox (APRA Final Report);154 and –– [NFRCmFailAnnualReview] (−)  – Banks  – Non-Financial Risk Committee – Failings in Annual Review of Operational Risk and Compliance Management Framework  – Reduction in Information Flow  – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Final Report).155

36.9 APRA’s Improvements in Non-Financial Risk Management in Relation to Operational, Compliance and Conduct Risks (NFRMan) The APRA Information Paper 2019 identified non-financial risk management as an emerging theme from industry self-assessments requiring improvement in relation to operational, compliance and conduct risk frameworks.156 As in Sect. 36.2, the relational approach will construct a failure of disclosure variable identical to the [FailRedFlag] (−)157 variable and the [TransTimeMon] (+)158 variable in section 9.1.2.1 of Stage 1 (except in the negative (−) direction) giving rise to a coverage/rating of −8/100.00 rprox. These variables reflect a reduction in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the deficiency in information flow as a result of APRA’s identification of failings in the management of non-­ financial risks. Alternatively, there is a reduction in the quality of decision-making negatively affecting Decision-making Factor No 7 and/or a failure of clear lines of accountability/responsibility affecting negatively Responsibility Factor No 8 for each of the failings identified by APRA.

 Ibid, p 26.  Ibid. 156  Australian Prudential Regulation Authority (APRA), Information Paper, Self-Assessments of Governance, Accountability and Culture, 22 May 2019, accessed 5 June 2019, available at https:// www.apra.gov.au/sites/default/files/information_paper_self-­assessment_of_governance_accountability_and_culture.pdf, (APRA Information Paper 2019′), p 15. 157  Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox. See discussion in sect. 38.6 below. 158  See discussion in sect. 9.1.2.1 of Stage 1, above n 2, pp. 198–199. 154 155

36.9 APRA’s Improvements in Non-Financial Risk Management in Relation…

999

Both views result in a coverage/rating of −8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) for: • “blurring [of responsibility] between first and second line functions”159: –– [NFRManBlurredFirst&SecLineResps] (−) – Banks – Non-Financial Risk Management – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks  – Blurring of Roles and Responsibilities Between First and Second Lines – Reduction in Information Flow  - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);160 and –– [NFRManLackFirstLineOshipRisk] (−)  – Banks  – Non-Financial Risk Management – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks – “Lack of Risk Ownership by First Line Leading to Second Line Stepping In” – Reduction in Second Line Capability for Comprehensive Risk and Assurance Activities - Reduction in Information Flow  - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);161 • “elevate the organisational status and influence of risk and compliance functions”:162 –– [NFRManLackStatusInfluence] (−)  – Banks  – Non-Financial Risk Management – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks – “Lack of Status and Influence of the Risk and Compliance Functions” - Reduction in Information Flow Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);163 and –– [NFRManLackSkills&Headcount] (−)  – Banks  – Non-Financial Risk Management – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks – Lack of “Skills and Headcount” in Risk and Compliance Functions  - Reduction in Information Flow  Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);164  APRA Information Paper 2019, above n 156, p 15.  Ibid. 161  Ibid. 162  Ibid. 163  Ibid. 164  Ibid. 159 160

1000

36  Board Committees

• “gaps and control weaknesses that are magnified by complex systems and processes:”165 –– [NFRManGaps&ControlWeak] (−)  – Banks  – Non-Financial Risk Management – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks – Gaps and Control Weaknesses Reduction in Information Flow - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);166 –– [NFRManFailEndToEndProc] (−)  – Banks  – Non-Financial Risk Management – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks – Failure to “Understand End-toEnd Processes Across” Business Units  – Reduction in Information Flow  Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);167 –– [NFRManIncon&ReactRiskID] (−)  – Banks  – Non-Financial Risk Management – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks  – “Inconsistent and Reactive Risk Identification Processes” - Reduction in Information Flow - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);168 –– [NFRManDataQualControlClass&Assess] (−)  – Banks  – Non-Financial Risk Management  – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks – Failings in “Data Quality and Control Classification and Assessment Processes” - Reduction in Information Flow  - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);169 –– [NFRManSTFixesNotLTStrategicSolns] (−)  – Banks  – Non-Financial Risk Management  – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks  – “Short-term Tactical Fixes Rather than Long-Term Strategic Solutions”  - Reduction in Information Flow  - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);170

 Ibid, p 16.  Ibid. 167  Ibid. 168  Ibid. 169  Ibid. 170  Ibid. 165 166

36.9 APRA’s Improvements in Non-Financial Risk Management in Relation…

1001

• “need to improve data, measurement and reporting for non-financial risks”:171 –– [NFRManDataMeas&Report] (−)  – Banks  – Non-Financial Risk Management – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks –- “Need to Improve Data, Measurement and Reporting for Non-financial Risks”  – Reduction in Information Flow  - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);172 –– [NFRManFailIDEmerg&SystemicRisks] (−)  – Banks  – Non-Financial Risk Management  – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks – Failure to “Identify Emerging or Systemic Risks” – Reduction in Information Flow - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);173 –– [NFRManFailEscal&ManageIssues] (−)  – Banks  – Non-Financial Risk Management – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks – Failure to “Escalate and Manage Issues” – Reduction in Information Flow - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating  −  8/100.00 rprox (APRA Information Paper 2019);174 –– [NFRManFailAnalseRisk&CustOutcomes] (−)  – Banks  – Non-Financial Risk Management  – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks –- Failure to “Analyse Why Sub-optimal Risk and Customer Outcomes Have Occurred” Reduction in Information Flow  – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating  −  8/100.00 rprox (APRA Information Paper 2019);175 –– [NFRManFailConsolReport] (−)  – Banks  – Non-Financial Risk Management – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks – Failure to have a “Consolidated Report [for] all Key Audit, Risk, Regulatory and Customer Issues” Including Remediation Work Required and Status  - Reduction in Information Flow  Reduction in Quality of Board and Committee Effectiveness, Risk

 Ibid.  Ibid. 173  Ibid. 174  Ibid. 175  Ibid. 171 172

1002

36  Board Committees

Management, Internal Monitoring and Decision-making  – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);176 –– [NFRManFailBasicIndicators&Metrics] (−)  – Banks  – Non-Financial Risk Management  – Failings in Non-Financial Risk Management of ­Operational, Compliance and Conduct Risk Frameworks  – Only Basic and Not Complex “Indicators and Metrics for Measuring and Monitoring Non-­ financial Risks” – Reduction in Information Flow - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);177 and –– [NFRManFailStandaloneConductRisk] (−) – Banks – Non-Financial Risk Management – Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks  – Failure of “Standalone Monitoring of ‘Conduct Risk’…with No Analysis or Reporting of Complaints Data…as a Lead Indicator” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019).178

36.10 APRA’s Observations That Acknowledged Weaknesses Are Already Known (NFRWeak) As in Sect. 36.2, the Stage 2 relational approach will construct a failure of disclosure variable identical to the [FailRedFlag] (−)179 variable and the [TransTimeMon] (+)180 variable in section 9.1.2.1 of Stage 1 (except in the negative (−) direction) giving rise to a coverage/rating of −8/100.00 rprox. These variables reflect a reduction in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the deficiency in information flow as a result of APRA’s identification of failings of “insufficient information and challenge”181 for acknowledged weaknesses in non-financial risks.

 Ibid.  Ibid. 178  Ibid. 179  Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox. See discussion in sect. 38.6 below. 180  See discussion in sect. 9.1.2.1 of Stage 1, above n 2, pp. 198–199. 181  APRA Information Paper 2019, above n 156, pp. 20–21. 176 177

36.10 APRA’s Observations That Acknowledged Weaknesses Are Already Known…

1003

In relation to APRA’s identification of failings of “ineffective solutions”,182 there is a reduction in the quality of decision-making negatively affecting Decision-­ making Factor No 7 and/or a failure of clear lines of accountability/responsibility affecting negatively Responsibility Factor No 8 for each of the failings identified by APRA, coverage/rating − 8/100.00 rprox: • “ineffective solutions”:183 –– [NFRWeakRegScrut&EventMaterialising] (−)  – Banks  – Non-Financial Risk Weaknesses  – Failings in Non-Financial Risks  – Reactive Issue Recognition Only “under Regulatory Scrutiny, or After an Event Materialises” Reduction in Information Flow - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-­making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);184 –– [NFRWeakTactFixNotStratSoln] (−)  – Banks  – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – “Tendency to Apply Tactical Fixes to Issues rather than Implement More Strategic Solutions”  – Issues Subsequently Recurring  - Reduction in Information Flow  - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);185 –– [NFRWeakInadeqRootCause] (−)  – Banks  – Non-Financial Risk Weaknesses  – Failings in Non-Financial Risks  – “Inadequate Root-Cause Analysis” - Reduction in Information Flow - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-­making  – coverage/rating  −  8/100.00 rprox (APRA Information Paper 2019);186 –– [NFRWeakIDSystIssues] (−) – Banks – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – “Poor Identification of Systemic Issues” – Reduction in Information Flow  – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-­making  – coverage/rating  −  8/100.00 rprox (APRA Information Paper 2019);187 –– [NFRWeakComplexSolns] (−) – Banks – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – Complexity “in Designing and Implementing Solutions” – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and

 Ibid, p 20.  Ibid. 184  Ibid. 185  Ibid. 186  Ibid. 187  Ibid. 182 183

1004

36  Board Committees

Decision-making  – coverage/rating  −  8/100.00 rprox (APRA Information Paper 2019);188 • “insufficient information and challenge”:189 –– [NFRWeakInadeqAttention] (−)  – Banks  – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – Inadequate Attention/Focus on Non-financial Risks  – Reduction in Information Flow  – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);190 –– [NFRWeakQualInfo&Report] (−)  – Banks  – Non-Financial Risk Weaknesses  – Failings in Non-Financial Risks  – Inadequate Quality of Information or Reporting  - Reduction in Information Flow  – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);191 –– [NFRWeakKeyInsights&Issues] (−)  – Banks  – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – Inadequate Focus/Attention on Key Insights and Issues – Reduction in Information Flow – Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019);192 –– [NFRWeakAssump&Risks] (−) – Banks – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – Inadequate Focus/Attention on “Underlying Assumptions and Risks Including Risks Associated with Investment Allocation” – Reduction in Information Flow - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-making  – coverage/rating  −  8/100.00 rprox (APRA Information Paper 2019);193 and –– [NFRWeakMaterialityNFRConseq] (−)  – Banks  – Non-Financial Risk Weaknesses – Failings in Non-Financial Risks – Inadequate Understanding/ Focus/Attention on Materiality of Non-financial Risk Consequences  – Reduction in Information Flow - Reduction in Quality of Board and Committee Effectiveness, Risk Management, Internal Monitoring and Decision-­making – coverage/rating − 8/100.00 rprox (APRA Information Paper 2019).194

 Ibid.  Ibid. 190  Ibid. 191  Ibid. 192  Ibid. 193  Ibid. 194  Ibid, p 21. 188 189

Chapter 37

Complexity of Bank Structures, Off-­Balance Sheet Entities, Disclosure and Transparency Abstract  Chapter 37 of the Stage 2 Key Code and Advanced Handbook examines the complexity of bank structures, off-balance sheet entities, disclosure and transparency. We begin with a discussion of off-balance sheet entities and the relational approach and identify that the separate legal entity principle can affect group-wide risk policy and disclosure. We then move to consider complex and opaque bank structures including the complexity of bank structures and directors’ duties to the entity, boards of parent companies and that complexity makes oversight by non-­ executive directors problematic. We then construct the [NEDBankStructInfo] (−) variable for non-executive directors recognising that complex and opaque bank, group and entity structures result in a reduction in decision quality and delineation and disclosure of powers, duties and lines of responsibility with a coverage/rating of −4/50.00 rprox. There follows a discussion of complex and opaque bank financial instruments including complexity of financial products and lack of control. Focus then shifts to bank (continuous) disclosure and transparency and structured products including ASX continuous disclosure obligations and ASX information and facilities for security holders. We recognise that information asymmetry extends beyond shareholders and consider principles for transparency and disclosure. For disclosure at the structured-­ product level, we review deficiencies in the quality of decision-making by non-executive directors and deficiencies in the transparency and timing of reporting and internal and external monitoring. For disclosure at the financial institution level, we recognise risk disclosure, valuation disclosure and liquidity disclosure. Keywords  Complexity · Opaque bank structures · Off-balance sheet entities · Complexity and NED oversight · Complex and opaque financial instruments · Continuous disclosure · Transparency · Disclosure at structured-product level · Disclosure at financial institution level

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_37

1005

1006

37  Complexity of Bank Structures, Off-Balance Sheet Entities, Disclosure…

37.1 Off-Balance Sheet Entities and the Relational Approach In Chapter 5 of Stage 1, the relational approach explained that problems measuring the profitability and solvency of Enron was exacerbated by the complex and interrelated group structure, complex business model and the use of off-balance sheet entities.1

37.2 Separate Legal Entity Principle Can Affect Group-­Wide Risk Policy and Disclosure The factors in Sect. 37.1 also played a part in the financial crisis as discussed next.

37.3 Complex and Opaque Bank Structures 37.3.1 Complexity of Bank Structures and Directors’ Duties to the Entity The BCBS identifies reasons for such structures to be legal, regulatory and tax.2 For Hopt, “[c]omplex and opaque corporate and bank structures” reduced the clarity of lines of responsibility, especially within bank groups3  – in an echo of Responsibility Factor No 84 – as the directors of each parent and subsidiary were  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See, for example, the discussion in sections 5.2.3.1 (pp 118–119), 5.2.5.1 (pp 128–129) and 5.2.5.2 (p 129) of Stage 1. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 2   The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’), Para 100, p 23. 3  Klaus J Hopt, Better Governance of Financial Institutions, “Corporate Governance of Banks and Other Financial Institutions After the Financial Crisis”, (2013) 13(2) Journal of Corporate Law Studies 219–253 (Part B); “Corporate Governance of Banks after the Financial Crisis”, in E Wymeersch, K J Hopt and G Ferrarini, eds., Financial Regulation and Supervision, A post-crisis analysis, Oxford University Press 2012, pp 337–367 (Part A); ECGI - Law Working Paper No. 207, (1 April 2013), accessed 14 June 2017 at SSRN: http://ssrn.com/abstract=2212198, 12. 4  Responsibility Factor No 8  – Delineation and Disclosure of Powers, Duties and Lines of Responsibility. See discussion in section 2.6.8 of Stage 1, above n 1, pp 54–59. 1

37.3  Complex and Opaque Bank Structures

1007

required to act in the interests of each particular entity and not the group as a whole with a reduction in the efficacy of group-wide risk policy.5 Similarly, the BCBS found such structures to pose financial, legal and reputational risk to the bank.6 That this should be so is no surprise in the relational approach as one of the eight governance factors is the Responsibility Factor No 8 – Delineation and Disclosure of Powers, Duties and Lines of Responsibility. A reduction in the efficacy of this governance factor will reduce the long-term efficiency and survival/sustainability of the bank: The themes encapsulated in the Responsibility Factor No. 8 are critical to the effectiveness and efficiency of many of the other Governance Factors – in particular, the Decision-making Factor No. 7, the Monitoring & Audit Factor No. 5 and, through the interrelationships discussed above in relation to both those Factors, the Reporting Factor No. 1.7

Opaque bank structures also led Hopt to consider there had been a reduction in disclosure and transparency which harmed the efficient market hypothesis and the market for corporate control.8 The BCBS Guidelines 2015 require senior management and the Board to: • avoid complicated structures without business purpose; • have and review appropriate policies and processes for establishing such structures including identifying and managing associated risks; and • have a centralized process for creating new entities.9 There are further BCBS requirements on senior management and the board for these structures established around specific risks and internal and external audit: • establishing adequate procedures and processes to identify and manage all material risks arising from these structures, including lack of management transparency, operational risks introduced by interconnected and complex funding structures, intragroup exposures, trapped collateral and counterparty risk. The bank should only approve structures if the material risks can be properly identified, assessed and managed; and • ensuring that the activities and structure are subject to regular internal and external audit reviews.10

 Hopt, above n 3, 12–13.  BCBS Guidelines 2015, above n 2, Para 100, p 23. 7  See discussion in section 2.6.8 of Stage 1, above n 1, p 54. 8  Hopt, above n 3, 13. 9  BCBS Guidelines 2015, above n 2, Para 102, p 24. 10  Ibid. 5 6

1008

37  Complexity of Bank Structures, Off-Balance Sheet Entities, Disclosure…

37.3.2 Boards of Parent Companies To avoid these problems of opaque structures, for the BCBS, parent companies have a significant list of responsibilities, only summarized here. Importantly, the list centres around risk: • • • • • • • • • •

establishing a group structure with clearly defined roles at parent and subsidiary level; defining a subsidiary board and management structure which takes account of risks assessing the group’s policies, processes and controls around risk; processes and controls for “intragroup conflicts of interest”; clear policies and strategies around establishing new entities; assessing systems for exchange of information between entities to manage risk; monitoring legal, regulatory and governance compliance by subsidiaries; an effective relationship between the group and home and subsidiary regulators; establishing an effective internal audit function for the subsidiaries and group; and ensuring the group’s governance framework identifies intragroup conflicts of interest arising from intragroup transactions.11

Risk management for banks is examined in the following Part 6.

37.3.3 Complexity Makes Oversight by Non-executive Directors Problematic For the OECD 2010 Conclusions and Practices, complexity of bank structures can interfere with non-executive director oversight: Complexity has particular implications for non-executive board members and their oversight of executives, senior management and assurance duties (e.g. risk management and internal audit). It will also need to be reflected in the structure and operation of the board and its resources. It is important that the board responds in an appropriate manner in terms of specifying controls and assurance functions rather than interfering in day to day management of the company and its subsidiaries.12

In response, the OECD 2010 Conclusions and Practices concluded that boards should continuously review the internal structure of the company for clear lines of responsibility and accountability for management, to ensure the integrity of essential reporting and monitoring systems and to ensure there is appropriate oversight by senior management as suggested by the annotations to the OECD Principles VI.D.2 and VI.D.7.13

 Ibid, Para 96, pp 22–23.  OECD Directorate for Financial and Enterprise Affairs, OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis, Conclusions and emerging good practices to enhance implementation of the Principles, 24 February 2010, accessed 11 May 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/44679170.pdf, (‘OECD 2010 Conclusions and Practices’), Para 60, p 22. 13  Ibid, Para 61, p 22. 11 12

37.4  [NEDBankStructInfo (−) Variable – Banks – Non-Executive Directors…

1009

37.4 [NEDBankStructInfo] (−) Variable – Banks – Non-­Executive Directors – Complex and Opaque Bank, Group and Entity Structures – Reduction in Decision Quality and Delineation and Disclosure of Powers, Duties and Lines of Responsibility – Coverage/Rating −4/50.00 rprox – Relational Effect Path In Sect. 26.2 above of this Stage 2, the relational approach introduced two governance variables based on a deficiency of knowledge (on the internal workings of banks and the securitisation process) which are hypothesized to reduce the decision-­ making quality of non-executive directors: • [NEDBankWorksInfo] (−) variable – banks – non-executive directors – deficiency in knowledge of internal workings of banks – reduction in decision quality, coverage/rating − 4/50.00 rprox (relational effect path in Sect. 26.2); and • [NEDBankSecurznInfo] (−) variable – banks – non-executive directors – deficiency in knowledge of securitisation process  – reduction in decision quality, coverage/rating −4/50.00 rprox (relational effect path in Sect. 26.2). Those variables were hypothesized to have a similar behaviour and relational effect path to the [BrdIndInfo] (−) variable, coverage/rating  −  4/50.00 rprox, examined in section 7.3.2.1.3 of Stage 1. The internal workings of banks and the securitization process were treated as a type of ‘firm-specific’ information flow to the board which is reduced or disrupted. Here, the [NEDBankStructInfo] (−) variable, coverage/rating − 4/50.00 rprox, is again based on a deficiency of knowledge which affects the decision-making quality of non-executive directors – but, this time, on account of the complexity and opaqueness of bank structures, groups and entities. This causes a similar reduction in the quality or effectiveness of the Decision-making Factor No 7. In other words, the details – and specific consequences – of bank, group and entity structures are treated as a type of ‘firm-specific’ information flow to the board which is reduced or disrupted. Alternatively, the relational effect path could be considered  – as suggested by Hopt in Sect. 37.3 above – as commencing with a reduction in the objectives of Responsibility Factor No. 8 – Delineation and Disclosure of Powers, Duties and Lines of Responsibility. Thus, the relational effect path of the [NEDBankStructInfo] (−) variable is hypothesized to have an identical relational effect path to the [BrdIndInfo] (−) variable, coverage/rating − 4/50.00 rprox, examined in section 7.3.2.1.3 of Stage 1. This gives rise to a coverage/rating for the [NEDBankStructInfo] (−) variable of −4/50.00  in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). To remedy the deficiency of knowledge which affects the decision-making quality of non-executive directors on account of the complexity and opaqueness of bank

1010

37  Complexity of Bank Structures, Off-Balance Sheet Entities, Disclosure…

structures, groups and entities, the board should undertake the measures identified in the preceding discussion in Sect. 37.3 by the BCBS, Hopt and the OECD.

37.5 Complex and Opaque Bank Financial Instruments 37.5.1 Complexity of Financial Products and Lack of Control Grosse examines the financial crisis from a behavioural perspective.14 For the author, two contributing causes of the crisis were the failure of regulators to understand the value of collateralised debt obligations (CDOs) while the other was the failure of banks to place controls on those who dealt in these CDOs: Two particular behavioral elements of the US financial markets in the early 21st century, both under the heading of the psychology of the market, contributed importantly to the crisis. They can both be grouped under the heading of inadequate institutional oversight. In specific, this institutional failure refers to both (1) inability of financial market regulators to understand the values of complex financial instruments such as collateralized debt obligations (CDOs); and (2) inability of major financial institutions to place controls on the activities of their salesmen and traders who dealt in securitizations and in sales of CDOs and underlying assets such as mortgages, who then exposed both these institutions and the market more broadly to unrecognized risks.15

Two further elements of Grosse’s behavioural finance explanation of the crisis also flow from CDOs. First was the irrational ‘bubble’ in US house prices and CDOs.16 Second – again linked to the complexity of CDOs – was the need of banks to act very quickly to raise capital to cover the fall in the value of mortgages which in turn resulted from the rapid decline in underlying US house prices.17 For Grosse, apart from regulators, the financial institutions themselves could not properly value the CDOs leading to inadequate risk control.18 Again, the failure of risk management is on account of a lack of oversight on those dealing with the CDOs due to the opaque nature of the CDO instruments themselves.19 The discussion gives rise to the following governance variable: • [NEDFinProdInfo] (−)  – Banks  – Non-Executive Directors  – Complex and Opaque Financial Products  – Reduction in Decision-making Quality and Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating −4/50.00 rprox.  Robert E Grosse, “The Global Financial Crisis  – A Behavioral View”, (16 January 2010), accessed 5 April 2017 at SSRN: http://ssrn.com/abstract=1537744 15  Ibid, 4–5. 16  Ibid, 9 (footnote and Figure 3 omitted). 17  Ibid, 11. 18  Ibid, 13. 19  Ibid, 14–15. 14

37.6  Separation of Deposit-Based Banking Beyond Scope of Walker Review 2009

1011

The [NEDFinProdInfo] (−) variable, is similar to the immediately preceding [NEDBankStructInfo] (−) variable in Sect. 37.4 and the [NEDBankWorksInfo] (−) and [NEDBankSecurznInfo] (−) variables both in Sect. 26.2 above, each with a coverage/rating of −4/50.00 rprox. It is again based on a deficiency of knowledge which affects the decision-making quality of non-executive directors – but, this time, on account of the complexity and opaqueness of financial products such as securitised mortgages and CDOs. This causes a similar reduction in the quality or effectiveness of the Decision-making Factor No 7. Alternatively, the relational effect path could be considered – as suggested by Grosse above – as a lack of control over those who dealt in CDOs. This translates in the Stage 2 relational approach to the relational effect path commencing with a reduction in the objectives of Responsibility Factor No. 8 – Delineation and Disclosure of Powers, Duties and Lines of Responsibility. Thus, the relational effect path of the [NEDFinProdInfo] (−) variable is hypothesized to have an identical relational effect path to the [NEDBankWorksInfo] (−) and [NEDBankSecurznInfo] (−) variables both in Sect. 26.2 above and, in turn, the [BrdIndInfo] (−) variable examined in section 7.3.2.1.3 of Stage 1, each with a coverage/rating of −4/50.00 rprox. This gives rise to a coverage/rating for the [NEDFinProdInfo] (−) variable of −4/50.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

37.6 Separation of Deposit-Based Banking Beyond Scope of Walker Review 2009 While beyond the scope of the Review, the Walker Review 2009 opined that any “forced break-up” of banks into “deposit-based banking…on a much more conservative basis” with riskier activities detached would not reduce the need for emphasis on corporate governance given the continuing level of financial products and services provided to non-financial organizations20: Such an outcome could have profound implications for non-financial business in terms of the cost of capital, the ability to hedge financial risks and access to the capital markets for debt and equity financing.21

A consideration of this question is beyond the scope of this Stage 2 Key Code and Advanced Handbook for Australian major banks.

 David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), Para 2.14, pp 37–38. 21  Ibid. 20

1012

37  Complexity of Bank Structures, Off-Balance Sheet Entities, Disclosure…

37.7 Bank (Continuous) Disclosure and Transparency and Structured Products 37.7.1 ASX Continuous Disclosure Obligations The Stage 2 relational approach will construct disclosure variables identical to the [TransTimeMon] (+)22 variable in section 9.1.2.1 of Stage 1 (and in the same positive (+) direction) giving rise to a coverage/rating of +8/100.00 rprox. These variables reflect an enhancement in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the increase in information flow as a result of the ASX’s identification of continuous disclosure obligations. Alternatively, there is an enhancement in the quality of decision-making  – Decision-making Factor No 7 – and/or an enhancement of clear lines of accountability/responsibility affecting positively Responsibility Factor No 8 for each of the obligations identified by the ASX, coverage/rating +8/100.00 rprox: • [2019ASXCDWritePolicyContDiscloseObs] (+)  – 2019ASX Continuous Disclosure – Board – Written Policy for Complying with Continuous Disclosure Obligations under Listing Rule 3.123  – Enhancement in Information Flow  – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility  – coverage/rating  +  8/100.00 rprox (2019ASX); • [2019ASXCDContentsContDiscloseBox5.1] (+)  – 2019ASX Continuous Disclosure  – Board  – Suggested Contents for Policy for Complying with Continuous Disclosure Obligations under Listing Rule 3.1  in Box 5.124  – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility – coverage/ rating + 8/100.00 rprox (2019ASX); • [2019ASXCDBrdCopiesMarketAnnounce] (+)  – 2019ASX Continuous Disclosure  – Board  – Board to Receive Copies of all Market Announcements Promptly After They Are Made25  – Enhancement in Information Flow  – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility  – coverage/rating +8/100.00 rprox (2019ASX);

 See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 198–199.  Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition, February 2019, accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-principles-and-recommendationsfourth-­edn.pdf (‘2019ASX’), Rec 5.1, p 21. 24  Ibid, Commentary to Rec 5.1, p 21. 25  Ibid, Rec 5.2, p 21. 22 23

37.7  Bank (Continuous) Disclosure and Transparency and Structured Products

1013

• [2019ASXCDBrdCopiesPresentationMaterials] (+)  – 2019ASX Continuous Disclosure  – Board  – New and Substantial Investor or Analyst Presentation Materials on ASX Market Announcements Platform Before the Presentation26 – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility – coverage/ rating + 8/100.00 rprox (2019ASX); • [2019ASXCDBrdPresentationInvestorLink] (+)  – 2019ASX Continuous Disclosure – Board – Where Practicable Entity to Provide Security Holders with Dial-in or Link to Participate in Presentation27  – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-­ making and Accountability/Responsibility  – coverage/rating  +  8/100.00 rprox (2019ASX); • [2019ASXCDBrdPresentationRecord] (+)  – 2019ASX Continuous Disclosure  – Board  – Entity to Provide Security Holders with Recording or Transcript of Presentation28 – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility – coverage/rating + 8/100.00 rprox (2019ASX);

37.7.2 ASX Information and Facilities for Security Holders • [2019ASXRightsBrdInfoGovWebsite] (+)  – 2019ASX Rights for Security Holders – Board – Entity to Provide Investors with Information about Itself and Governance on Website29 – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/ Responsibility – coverage/rating + 8/100.00 rprox (2019ASX) including; –– giving them ready access to information about the entity and its governance; –– communicating openly and honestly with them; and –– encouraging and facilitating their participation in meetings of security holders30;

• [2019ASXRightsCorpGovLandPage] (+)  – 2019ASX Rights for Security Holders  – Board  – Entity to Provide Investors with Corporate Governance Landing Page on Website31 – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility – coverage/rating +8/100.00 rprox (2019ASX); • [2019ASXRightsCorpGovLandPageContents] (+)  – 2019ASX Rights for Security Holders – Board – Contents of Corporate Governance Landing Page on  Ibid, Rec 5.3, p 22.  Ibid, Commentary to Rec 5.3, p 22. 28  Ibid. 29  Ibid, Rec 6.1, p 23. 30  Ibid, Commentary to Rec 6.1, p 23. 31  Ibid, Rec 6.1, p 23. 26 27

1014

37  Complexity of Bank Structures, Off-Balance Sheet Entities, Disclosure…

Website32  – Enhancement in Information Flow  – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/ Responsibility – coverage/rating +8/100.00 rprox (2019ASX); • [2019ASXRightsInvestorRelsProgram] (+)  – 2019ASX Rights for Security Holders  – Board  – Entity to Have Investor Relations Program for Two-way Communication with Investors33  – Enhancement in Information Flow  – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility  – coverage/rating +8/100.00 rprox (2019ASX); • [2019ASXRightsDiscloseParticMeetSecHolders] (+)  – 2019ASX Rights for Security Holders – Board – Entity to Disclose How It Facilitates and Encourages Participation at Meetings of Security Holders34 – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-­ making and Accountability/Responsibility  – coverage/rating  +  8/100.00 rprox (2019ASX); • [2019ASXRightsSubstantResolutionPoll] (+) – 2019ASX Rights for Security Holders – Board – Entity to Ensure All Substantive Resolutions at Meeting of Security Holders Decided by Poll Rather than Show of Hands35 – Enhancement in Information Flow – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility  – coverage/rating +8/100.00 rprox (2019ASX) including: –– “one security one vote”36; and • [2019ASXRightsElectronicCommsEntity&Registry] (+)  – 2019ASX Rights for Security Holders – Board – Entity to Give “Security Holders the Option to Receive Communications from, and Send Communications to, the Entity and its Security Registry Electronically”37  – Enhancement in Information Flow  – Enhancement in Risk Management, Internal Monitoring and Decision-making and Accountability/Responsibility  – coverage/rating  +  8/100.00 rprox (2019ASX).

 Ibid, Commentary to Rec 6.1, pp 23–24.  Ibid, Rec 6.2, p 24. 34  Ibid, Rec 6.3, p 24. 35  Ibid, Rec 6.4, p 24. 36  Ibid, Commentary to Rec 6.4, pp 24–25. 37  Ibid, Rec 6.4, p 24. 32 33

37.7  Bank (Continuous) Disclosure and Transparency and Structured Products

1015

37.7.3 Information Asymmetry Extends Beyond Shareholders Given the problems for transparency raised by complex and opaque bank structures, the BCBS Guidelines 2015 devote an entire Principle 12 to disclosure and transparency for shareholders, depositors, relevant stakeholders and market participants who, essentially, suffer information asymmetry: Transparency is consistent with sound and effective corporate governance. As emphasised in existing Committee guidance on bank transparency, it is difficult for shareholders, depositors, other relevant stakeholders and market participants to effectively monitor and properly hold the board and senior management accountable when there is insufficient transparency.38

The Institute of International Finance (IIF) also drew attention to the opaque nature of the assets in securitized financial products at the heart of the GFC: In the wake of the credit market turmoil, there is an awareness that, owing to the generally perceived opaque nature of assets in structured products and their associated risks, there is a need for more information and transparency about structured products. However, the Committee found that, while there was already much disclosure pertaining to structured products, not all the information was presented in a succinct and easily digestible form, and access to information on underlying assets was difficult.39

For the OECD Kirkpatrick Report 2009, bank transparency and disclosure had been compromised by a combination of the use of off-balance-sheet entities and the complexity of collateralised securities.40 Thus, for the OECD Kirkpatrick Report 2009, the risks were not disclosed in a transparent manner and, consequently, not managed.41

37.7.4 Principles for Transparency and Disclosure The IIF consequently enunciated a number of Principles for transparency and disclosure at two levels:

 BCBS Guidelines 2015, above n 2, p 36.  Institute of International Finance, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, Financial Services Industry Response to the Market Turmoil of 2007–2008, Washington, DC, July 2008, accessed 24 March 2017 at http://www.apec.org.au/docs/11_CON_GFC/IIF_Final_Report_of_the_Committee_on_Market_ Best_Practices.pdf (‘IIF Final Report 2008’), Principle VI, Transparency and Disclosure Issues, p 98. 40  Grant Kirkpatrick, The Corporate Governance Lessons from the Financial Crisis, Report of the OECD Steering Group on Corporate Governance, 11 February 2009, Financial Market Trends, Vol 2009/1, ISSN 1995–2864, accessed 27 March 2017 at http://search.oecd.org/finance/financial-­ markets/42229620.pdf, (‘OECD Kirkpatrick Report 2009’), 26. 41  Ibid. 38 39

1016

37  Complexity of Bank Structures, Off-Balance Sheet Entities, Disclosure…

• structured-product level; and • financial institution level. The IIF’s disclosure Principles are here summarized as: • an emphasis on the content, clarity and comprehensiveness of disclosures; • an emphasis on risk disclosing the bank’s overall risk profile, developing risks and the risk management process; • global standardization of market definitions and structures for structured products; • disclosure of relevant and material risks including off-balance-sheet risks and exposures; and • quantitative and qualitative disclosure of valuation processes, methodologies, assumptions and uncertainties.42

37.8 Disclosure at the Structured-Product Level The IIF recommended that prospectus documents list the key features and risks of the relevant products: Offer documents should have an executive summary of key features and a list of certain central risk features in a prominent position. An industry group should produce a reasonably standard layout for an executive summary and risk information.43

A short-form summary of offer documents was required to highlight key features, make it simpler for investors to understand and to identify detailed disclosures from the main prospectus and a list of key risk factors inherent in the product.44 The IFF also called for more standardization of market definitions, structures and the roles of agents45 to reduce the opaqueness of the market and “to standardize terms and definitions used in the structured-products industry” to avoid confusion between participants46 and enhance risk management: Lack of clear definitions also has, in some cases, impeded effective risk management within firms. This would include product, vehicle, role, and credit- and liquidity-enhancement descriptions and also deal terms such as events of default. The cross-border nature of the securitization markets makes it necessary to develop uniform market standards and definitions with regard to securitization terminology and disclosure.47

 IIF Final Report 2008, above n 39, Principles of Conduct, Principles VI.i – VI.v, p 99.  Ibid, Recommendation VI.1, p 99. 44  Ibid, Discussion of Recommendation VI.1, pp 99–100. 45  Ibid, Recommendation VI.2, p 100. 46  Ibid, Discussion of Recommendation VI.2, p 100. 47  Ibid. 42 43

37.8  Disclosure at the Structured-Product Level

1017

The IFF also called for “harmonized guidelines for transparency and disclosure for structured products across major markets”.48 Deficiencies in the disclosure of financial products raises two variables, one harming the quality of decision-making of non-executive directors and the other the quality of internal and external monitoring.

37.8.1 Deficiencies in the Quality of Decision-Making by Non-executive Directors The variable describing a reduction in the decision-making quality of non-executive directors is the [NEDFinProdInfo] (−)49 variable, coverage/rating −4/50.00 rprox, introduced in Sect. 37.5 above: • [NEDFinProdInfo] (−)  – Banks  – Non-Executive Directors  – Complex and Opaque Financial Products  – Reduction in Decision-making Quality and Delineation and Disclosure of Powers, Duties and Lines of Responsibility, coverage/rating − 4/50.00 rprox (relational effect path in Sect. 37.5). Again, it is based on a deficiency of knowledge which affects the decision-­ making quality of non-executive directors on account of the complexity and opaqueness of financial products such as securitised mortgages and CDOs.

37.8.2 Deficiencies in the Transparency and Timing of Reporting and Internal and External Monitoring The variable describing the reduction in the transparency and timing of reporting and internal and external monitoring on account of deficiencies in the disclosure of financial products is introduced here: • [TransTimeFinProd] (−)  – Banks  – Deficiencies in Disclosure of Financial Products – Reduction in Transparency and Timing of Reporting and Internal and External Monitoring, coverage/rating −8/100.00 rprox.

 Ibid, Recommendation VI.3, p 101.  Banks  – Non-Executive Directors  - Complex and Opaque Financial Products  – Reduction in Decision-making Quality and Delineation and Disclosure of Powers, Duties and Lines of Responsibility. 48 49

1018

37  Complexity of Bank Structures, Off-Balance Sheet Entities, Disclosure…

This variable has a similar justification, behaviour and relational effect path to the [TransTimeHideLev] (−)50 variable, coverage/rating of −8/100.00 rprox, in Sect. 27.3 above. Paraphrasing that section, the effect of deficiencies by the CEO, executives and management in the disclosure of financial products is the opposite or negative (−) effect of the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1  – Transparency and Timing of Reporting – Monitoring Effect,51 giving rise to a coverage/rating of −8/100.00 rprox. In that section, the [TransTimeMon] (+) variable, coverage/rating + 8/100.00 rprox, hypothesizes an improvement in the quality and reliability of information which flows to the board and, therefore, the market. This, in turn, enhances the quality of external or market monitoring of the board with a predicted improvement in internal monitoring. There, Compliance Factor No 2 and the reflexive relationship between Reporting Factor No 1 and Risk Management, Monitoring & Audit Factor No 5 are the ‘sources’ of the positive influence represented in Figure 9.1 of Stage 1 for the [TransTimeMon] (+) variable. In the case here of the [TransTimeFinProd] (−) variable, there is an opposite/ negative (−) effect – there is a reduction in the quality and reliability of information about financial products which flows to the board from management. Thus, this also results in a reduction of the quality and reliability of information which flows to the market. This in turn reduces the quality of external or market monitoring of the board with a predicted reduction in internal monitoring. Thus, Stage 2 of the relational approach hypothesises an effect opposite to the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 for the [TransTimeFinProd] (−) variable. This gives rise to a coverage/rating for the [TransTimeFinProd] (−) variable of −8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

37.9 Disclosure at the Financial Institution Level 37.9.1 Risk Disclosure The IFF’s recommendations on disclosure at the financial institution level centred on risk – the firm’s risk profile, risk management processes, securitisation business/activities, risk position, risk strategy and liquidity risk management: Firms should ensure that their disclosure provides a sufficient overview of their current risk profiles and risk management processes, and highlights key changes (from previous periods) to their current risk profile, including their securitization activities. This overview should have an appropriate balance between qualitative and quantitative information, with

 Banks - ‘hidden leverage’ in financial statements and off-balance-sheet entities – reduction in transparency and timing of reporting and internal and external monitoring. 51  See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 262–266. 50

37.9  Disclosure at the Financial Institution Level

1019

a view to providing both a snapshot of the risk position and a perspective on the risk strategy of the firm, including its approach to liquidity risk management.52

The BCBS also requires that banks disclose information on risk exposures, risk management strategies, their purpose and structures for all “material and complex or non-transparent activities” including the risks and controls.53 In Sects. 43.1 and 44.8 of the following Part 6, the Walker Review 2009 requires a Board Risk Committee (or board) report to be included as a separate report within the annual report and accounts including key risks, risk appetite and tolerance, the effectiveness of the risk management process and the scope and outcome of stress testing.54

37.9.2 Valuation Disclosure Recommendations VI.6 – VI.9 of the IIF Final Report 2008 require greater disclosure on valuation issues including: • valuation processes, methodologies and limitations of models; • valuations based on “limited market inputs” or “mark-to-model” procedures; • uncertainties associated with the valuations including the limitations, assumptions and adjustments to models; and • “limitations of indices used in valuations”.55 Deficiencies in the disclosure of valuations are beyond the scope of this Stage 2 Key Code and Advanced Handbook but undertaken by the IIF as explained in Sect. 42.5 of Part 6 below.

37.9.3 Liquidity Disclosure Given the discussion in Sect. 37.3 above on the opaqueness of bank structures, it is not surprising that the IIF recommended better disclosure of off-balance-sheet vehicles and contingent funding liabilities: Firms should provide meaningful disclosures for material actual or contingent funding requirements for off-balance-sheet vehicles, including contractual obligations and funding requirements that may reasonably be expected to arise for reputational or other reasons.56

 IIF Final Report 2008, above n 39, Recommendation VI.5, p 102.  BCBS Guidelines 2015, above n 2, Para 155, pp 36–37. 54  Walker Review 2009, above n 20, Recommendation 27, p 20. 55  IIF Final Report 2008, above n 39, Recommendations VI.6 – VI.9, pp 103–104. 56  Ibid, Recommendation VI.10, p 105. 52 53

1020

37  Complexity of Bank Structures, Off-Balance Sheet Entities, Disclosure…

Deficiencies in the disclosure of liquidity risk are beyond the scope of this Stage 2 Key Code and Advanced Handbook but undertaken by the IIF as explained in Sect. 42.5 of Part 6 below.

37.10 Bank Supervisors and Regulatory Guidance A detailed review of Supervisors and Regulators of banks in the GFC and beyond up to the recent Australian Banking Royal Commission Inquiry into banking misconduct is outside the scope of this Stage 2 Key Code and Advanced Handbook but was undertaken in relation to the GFC by the EC.57

 See European Commission, The High-Level Group on Financial Supervision in the EU Chaired by Jacques de Larosière, Report of the de Larosière Group, Brussels, 25 February 2009, accessed 15 June 2017 at https://ec.europa.eu/internal_market/finances/docs/de_larosiere_report_en.pdf (‘de Larosière Report’). 57

Part VI

Governance of Banks in the GFC and Beyond Key Field No 5 (Part 6): The Governance and Management of Bank Risk, Risk Appetite and Risk Culture

Chapter 38

Introduction to Failings of Risk Management in the Global Financial Crisis and Beyond to the Australian Banking Royal Commission Enquiry into Banking Misconduct Abstract  Chapter 38 contains an introduction to the failings of risk management in the GFC and beyond to the Australian Banking Royal Commission Inquiry into banking misconduct including APRA’s Prudential Standard CPS 220 Risk Management. We examine the link between risk management and governance and examine board responsibilities and failings of board oversight in risk management. We construct governance variables based on board responsibilities and principal failings of board oversight in risk management, internal monitoring and decision-­ quality. There follows our approach to modelling governance variables, governance variables for board responsibilities in CPS 220 Risk Management and additional requirements on the head of a group. Chapter 38 then constructs governance variable for a long list of failings including: • failure to identify risks on an organisation-wide basis rather than by business unit or activity; • separation and low status of risk managers likely to cause a deficiency or reduction in the flow of information from management to the risk manager on the details of particular risks; • failure to escalate problems or ‘red flags’ – deficiencies in the flow of information upward through the bank to senior management and/or the board; • failure in information flow on leverage and risks due to over-reliance on regulatory capital ratios and rates of return on equity; • failure of information flow on identifying risks; • failure of information flow on risks in CDOs and other financial products; • failure of information flow to senior management due to ‘silo structures’; • failure of information flow due to conducting stress testing with past information; • failure to understand and compare bank’s risk position relative to risk appetite; • failure of risk model assumptions; • failure by board to continuously review internal structure of bank for clear lines of accountability/responsibility, risk culture and flow of information about risks;

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_38

1023

1024

38  Introduction to Failings of Risk Management in the Global Financial Crisis…

• failure in training employees responsible for distributing risk products; • failure in expertise or experience of risk management employees in entire range of risks; • failure to monitor changes in risks in real time and to escalate information rapidly upward in the bank; • failure to upgrade IT tools for complex and opaque bank structures; • failure to devote sufficient management time to management of risks; • failure to align corporate strategy, risk appetite and the internal risk management structure; • failure to separate risk management and control from profit centres; • failure of Chief Risk Officer (CRO) to report directly to board and Board Risk Committee (BRC) in addition to the CEO; and • failure in transparency and understandability of material risk factors ranked in order of importance. Keywords  Failings of risk management · APRA Prudential Standard CPS 220 · Organisation-wide risks · Escalating problems or red flags · Leverage · Identifying risks · CDOs · Silo structures · Stress testing · Expertise or experience of risk management employees · Failure of monitoring in real time and escalating information · Chief Risk Officer All companies, whatever their specific fields of operations, face a wide variety of external or internal risks. According to their specificities (field of activity, size, international exposure, complexity) they should develop an adequate risk culture and arrangements to manage them effectively…Thus, taking into account the diversity of situations, it does not seem possible to propose a ‘one size fits all’ risk management model for all types of companies. It is, however, crucial that the board ensures a proper oversight of the risk management processes.1

APRA’s Prudential Standard CPS 220 Risk Management APRA’s Prudential Standard CPS 220 Risk Management2 requires APRA-regulated institutions to have a system:

 European Commission, Green Paper, The EU Corporate Governance Framework, COM(2011) 164 final, Brussels, 5 April 2011, accessed 24 March 2017 at http://ec.europa.eu/internal_market/ company/docs/modern/com2011-164_en.pdf (‘EC Second Green Paper 2011’), Para 1.5, Risk Management, p 10. 2  Australian Prudential Regulation Authority, Prudential Standard CPS 220 Risk Management, July 2019, accessed 22 September 2019, available at https://www.apra.gov.au/sites/default/files/ cps_220_risk_management_effective_from_1_july_2019.pdf (‘CPS 220’). In addition to finalisation of APRA’s Draft Prudential Standard 511 Remuneration, APRA has announced that it intends to consult on revised versions of Prudential Standard CPS 510 Governance, Prudential Standard CPS 220 Risk Management and Prudential Standard 520 Fit and Proper in the second half of 2020 with expected effective dates of 2022. See Australian Prudential Regulation Authority, Information Paper, APRA’s Policy Priorities, section 2.1.1 Governance and risk management, section 2.1.3 Accountability and Attachment B: Timelines. 1

38  Introduction to Failings of Risk Management in the Global Financial Crisis…

1025

for identifying, measuring, evaluating, monitoring, reporting, and controlling or mitigating material risks that may affect its ability, or the ability of the group it heads, to meet its obligations to depositors and/or policyholders. These systems, together with the structures, policies, processes and people supporting them, comprise an institution’s or group’s risk management framework.3

Effective 1 July 2019,4 the key requirements are to: • maintain a risk management framework that is appropriate to the size, business mix and complexity of the institution or group, as relevant; • maintain a Board-approved risk appetite statement; • maintain a Board-approved risk management strategy that describes the key elements of the risk management framework that give effect to the approach to managing risk; • maintain a Board-approved business plan that sets out the approach for the implementation of the strategic objectives of the institution or group; • maintain adequate resources to ensure compliance with this Prudential Standard; and • notify APRA when it becomes aware of a significant breach of, or material deviation from, the risk management framework, or that the risk management framework does not adequately address a material risk.5

Failings of Risk Management This Part 6 of the Stage 2 Key Code and Advanced Handbook examines a critical element of corporate governance identified in the introduction to Part 1 – the identification, assessment/measurement, control/management and reporting of risk for banks. In Sect. 2.4 of Chap. 2 of this Stage 2, the relational approach examined the principal considerations in re-naming Governance Factor No 5 from Stage 16  – now called ‘Risk Management, Monitoring & Audit Factor No 5’ – ‘Risk Management and Internal and External/Audit Monitoring Quality’.7 This Part 6, Stage 2 of the relational approach examines governmental, Regulatory/Supervisory, market participant and major bank reports and commentator studies of risk management aspects of the Global Financial Crisis. And beginning the examination of the Australian Banking Royal Commission Inquiry into banking misconduct, relevant aspects of the APRA Final Report are also examined in detail for guidance on: • risk management and compliance; • issue identification and escalation;  CPS 220, ibid., p 1.  Ibid, p 3. 5  Ibid, p 1. 6  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 7  See discussion in Sect. 2.4 of Chap. 2 above. 3 4

1026

38  Introduction to Failings of Risk Management in the Global Financial Crisis…

• financial objectives and prioritisation; and • accountability.8 In Sect. 38.1, the examination begins with the observations of Rose on the link between risk management and governance to set the place of risk management in the governance framework of the bank. A significant number of failings are identified in Sect. 38.2 by commentators, governmental, Regulator/Supervisor and market participant reports. This is followed closely in Sects. 38.4, 38.5, 38.6, 38.7, 38.9, 38.10, 38.11, 38.12, 38.13, 38.14, 38.15, 38.16, 38.17, 38.18, 38.19, 38.20, 38.21, 38.22 and 38.23 with an application of those failings to the Stage 2 relational approach for Australian banks. This gives rise to a significant number – twenty (20) – bank-specific governance variables based on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 19 with a coverage/rating of +8/100.00 rprox but in the negative (−) direction. The [TransTimeMon] (+) variable links, most directly, the transparency and timing of reporting with both enhancement of the risk management and monitoring function (Risk Management, Monitoring & Audit Factor No 510) and the quality of decision-­ making (Decision-making Factor No 711). Given its focus on risk management, monitoring and decision-making, the [TransTimeMon] (+) variable’s relational effect path is positive (+) and the zone of effect of that relational effect path is hypothesised to be similar to that of the [BrdSkills] (+)12 and [BrdIndMon] (+)13 variables but with an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance14). Also significant is the relational proximity or rprox of these new risk management variables, all at −8/100.00 rprox, the highest up on the relational proximity rating scale. Having formulated new variables for the principal failings of risk management, Part 6 moves to examine a number of areas in greater detail. Chapter 40 is critical in the overall message derived from the GFC up to the Australian Banking Royal Commission Inquiry into banking misconduct  – ‘risk culture’, ‘risk appetite’ and ‘risk appetite statements’ (RAS). This includes creating a risk culture and risk appetite in Sect. 40.1 and APRA’s nine themes inhibiting sound risk culture in Sect. 40.2.

 Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (APRA Final Report), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-Report_30042018.pdf. 9  See discussion in section 9.1.2.1 of Stage 1, above n 6, pp 262–266. 10  See discussion in section 2.6.5 of Stage 1, above n 6, pp 47–51. 11  See discussion in section 2.6.7 of Stage 1, above n 6, pp 51–58. 12  Board – Director Skills ‘Mix’ – see Figure 7.2 and discussion in section 7.3.1.2.1 of Stage 1, above n 6, pp 198–201. 13  Board Independent Director: Executive Director Proportion – Monitoring Effect – see discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, above 6, pp 208–212. 14  See discussion in section 2.6.2 of Stage 1, above n 6, pp 41–43. 8

38  Introduction to Failings of Risk Management in the Global Financial Crisis…

1027

Then, in more detail, Part 6 in Sect. 40.5 examines developing a risk appetite through a RAS and a Risk Management Strategy (RMS) with additional bank-­ specific governance variables. Chapter 41 examines the FSB’s Effective Risk Appetite Framework. Chapter 42 opens with the examination of the ‘three lines of defence’ – business units, the risk management and compliance function and a statement of internal audit. Sections 42.6 and 42.7 examine high risk strategies and (improper) delegation of risk oversight by the board, risk management and the failure to understand the complexity of financial products as another clear message from the crisis. Governance variables are then proposed based on: • • • • • • •

the complexity of financial products; deficiencies in credit ratings; deficiencies in banking industry knowledge and competence; inadequate risk management and internal controls; failure of information flow on risks in CDOs and other financial products; the complex and opaque nature of securitized financial products; and factors contributing to short-term emphasis and acceptance of increased leverage. The Board Risk Committee (BRC) is examined in detail in Chap. 43 including:

• non-executive director (NED) number, time commitment and number of meetings for the BRC; • variables derived from the Walker Review 2009 for the establishment of the BRC; and • the nature of risks and responsibilities monitored by the BRC. Chapter 44 continues with the BRC with: • • • • • • • •

BRC composition; independence, status, reporting lines and role of the Chief Risk Officer (CRO); role and contribution of NEDs on the BRC; the BRC, risk appetite and weightings for incentives; economic assessments, ‘stress’ testing and metrics; external advisers to the BRC; the BRC, significant mergers, acquisitions and disposals; and the separate BRC Report.

The risk management function  – the second line of defence  – is examined in Chap. 45 including the ‘enterprise risk management’ (ERM) framework and shortcomings identified by the OECD. In addition, Chap. 45 will review: • the resources required for risk management; • risk identification, monitoring and control  – an introduction to internal controls; and

1028

38  Introduction to Failings of Risk Management in the Global Financial Crisis…

• principles for the identification, escalation/communication and disclosure of risk in Sect. 45.5 and additional governance variables in relation thereto for ‘first-­ line’ business units, the ‘second-line’ risk management function and the board. Section 45.6 examines risk management with the failure to escalate risk information upwards – the ‘red flags’ – again with additional governance variables. Section 45.14 examines ‘compliance’ as part of the Second Line of Defence which raises a large number of “SecLineComply”-prefix variables. Section 45.15 continues the examination of risk management with a wide range of failings in accountability and responsibility identified by APRA. Chapter 46 briefly identifies internal audit as an extensive area for a future Key Field. Chapter 47 is for the examination of the governance of risk with governance variables relating to remediation issues identified by APRA. Chapter 48 examines governance variables for APRA on risk management and compliance. Chapter 49 reviews the NAB risk management framework (RMF) and Chap. 50 concludes Part 6 with governance variables for the Westpac Review Team 2018 on risk management and compliance and the Westpac Reassessment “CORE” Remediation Program.

38.1 The Link Between Risk Management and Governance Rose undertakes an examination of the link between risk management and corporate governance.15 For Rose, “[r]isk management, broadly conceived, is an essential aspect of good corporate governance, and vice versa”.16 Consistent with one of the overarching themes of the relational approach, the author considers that risk management is a way of reducing agency costs: However we define corporate governance (as a description of the relationship between corporate stakeholders, as a set of rules or processes governing the corporate entity, etc.), risk management works hand in hand with corporate governance as a means of constraining agency costs and promoting efficient and prudent management. Indeed, risk management so overlaps with corporate governance that the terms may sometimes be used synonymously. Because risk management practices in many financial firms failed during the Financial Crisis, it has been said that corporate governance failed during the Financial Crisis – if this is true, the Financial Crisis is not a risk management problem but a larger crisis in corporate governance.17

 Paul Rose, “Regulating Risk by ‘Strengthening Corporate Governance’” (2010) 17 Connecticut Insurance Law Journal; Ohio State Public Law Working Paper No. 130, (25 June 2010), accessed 8 April 2017 at SSRN: https://ssrn.com/abstract=1630122. 16  Ibid, 2. 17  Ibid, 2–3 (footnote omitted). The author cites Brian Cheffins, Did Corporate Governance “Fail” During the 2008 Stock Market Meltdown? The Case of the S&P 500, 65 BUS.  LAW. 1 (November 2009). 15

38.2  Board Responsibilities and Failings of Board Oversight in Risk Management

1029

The author cites a risk management failure report prepared by UBS for its shareholders which showed the risk management – and therefore corporate governance failures – at UBS: The 50-page report provides a helpful catalog of the numerous specific failures at UBS, the majority of which almost certainly affected most other financial firms, including: • Incomplete risk control methodologies. • Insufficient challenge of the business case and governance approach. • Inappropriate risk metrics used in strategic planning and assessment. • Failure to “own the business”. • Ex-post review versus pre-agreed limits [asking for forgiveness rather than permission]. • Failure to respond to wider industry concerns. • Over-reliance on VaR • Over-reliance on debt ratings. • Lack of recognition of idiosyncratic risk. • Asymmetric risk / reward compensation. • Insufficient incentives to protect the UBS franchise long-term.18

Rose brings these themes together for a very unflattering picture of the risk management system at UBS and other financial firms – one which combined failure in ‘state of the art’ hedging and risk management systems to cope with the risks, failure to heed warning signs and challenge existing models and business practices.19 Combined with this is a theme already explored in Part 4 of this Stage 2 above – the use of incentives which encouraged excessive risk taking.20

38.2 Board Responsibilities and Failings of Board Oversight in Risk Management 38.2.1 Board Responsibilities APRA’s Prudential Standard CPS 220 Risk Management requires the board to ensure that: (a) it sets the risk appetite within which it expects management to operate and approves the institution’s risk appetite statement and risk management strategy (RMS); (b) it forms a view of the risk culture in the institution, and the extent to which that culture supports the ability of the institution to operate consistently within its risk appetite, identify any desirable changes to the risk culture and ensures the institution takes steps to address those changes;

 Ibid, 4–5 (footnotes omitted). The author cites UBS AG, Shareholder Report on UBS’s Write Downs, April 18, 2008. 19  Ibid, 7. 20  Ibid. 18

1030

38  Introduction to Failings of Risk Management in the Global Financial Crisis…

(c) senior management of the institution monitor and manage all material risks consistent with the strategic objectives, risk appetite statement and policies approved by the Board; (d) the operational structure of the institution facilitates effective risk management; (e) policies and processes are developed for risk-taking that are consistent with the RMS and the established risk appetite; (f) sufficient resources are dedicated to risk management; and (g) it recognises uncertainties, limitations and assumptions attached to the measurement of each material risk.21

38.2.2 Failings of Board Oversight in Risk Management The OECD Key Findings 2009 reflected poor risk management at some banks with failure to manage risk on a whole-of-firm basis, risk managers separated from management with low status, the failure to escalate problems (‘red flags’) and even board ignorance of some risks due to concentration on regulatory capital ratios and rate of return on equity which did not reflect increases in leverage or risk.22 Mülbert shows that concentration on regulatory capital ratios is not enough to manage risk and identified a focus on measuring risks instead of identifying them, the risks inherent in CDOs and other financial products, ‘silo structures’ preventing the flow of risk information to senior management, the conduct of stress testing using past information instead, again, of identifying new risks, excessive reliance on quantitative risk models and failure to understand the bank’s risk position relative to risk appetite.23 Kirkpatrick’s Report for the OECD in 2009 identified failure of a number of assumptions of risk models and stress testing.24 But of more concern for the Report was that risk management information failed to be transmitted to the board which, in turn, failed to undertake “continuous review of the internal structure of the company to ensure that there are clear lines of accountability for management throughout the organization” required by the annotations to Principle VI.D.2 of the then OECD Principles 2004.25

 CPS 220, above n 2, section 9, p 4.  OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis: Key Findings and Main Messages, June 2009, approved for publication 29 May 2009, accessed 13 June 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/43056196. pdf, (‘OECD Key Findings 2009’), p 31 (footnote omitted). 23  Peter O Mülbert, “Corporate Governance of Banks after the Financial Crisis – Theory, Evidence, Reforms”, ECGI  – Law Working Paper No. 130/2009, (April 2010), accessed 8 April 2017 at SSRN: https://ssrn.com/abstract=1448118, 28. 24  Grant Kirkpatrick, The Corporate Governance Lessons from the Financial Crisis, Report of the OECD Steering Group on Corporate Governance, 11 February 2009, Financial Market Trends, Vol 2009/1, ISSN 1995–2864, accessed 27 March 2017 at http://search.oecd.org/finance/financial-­ markets/42229620.pdf, (‘OECD Kirkpatrick Report 2009’), p 6. 25  Ibid. 21 22

38.2  Board Responsibilities and Failings of Board Oversight in Risk Management

1031

The EC Green Paper 2010 summarized the main failings with respect to risk management as: • a lack of understanding of the risks on the part of those involved in the risk management chain and insufficient training for those employees responsible for distributing risk products; • a lack of authority on the part of the risk management function. Financial institutions have not always granted their risk management function sufficient powers and authority to be able to curb the activities of risk-takers and traders; • lack of expertise or insufficiently wide-ranging experience in risk management. Too often, the expertise considered necessary for the risk management function was limited to those categories of risk considered priorities and did not cover the entire range of risks to be monitored; [and] • a lack of real-time information on risks. To allow those involved to react quickly to changes in risk exposures, clear and correct information on risk should be available rapidly at all relevant levels of the financial institution.26

The EC expanded on the last point – that the complex and opaque bank structures discussed in Sect. 6.627 and Chap. 3728 made it difficult for risks to be consolidated rapidly: Furthermore, it is crucial to upgrade IT tools for risk management, including in highly sophisticated financial institutions, as they are still too disparate to allow risks to be consolidated rapidly, while data are insufficiently consistent to allow the evolution of group exposures to be followed up effectively in real-time. This concerns not only the most complex financial products but all types of risk.29

The OECD Key Findings 2009 considered the financial crisis to be a “widespread failure of risk management” with: • some boards ignorant of the risks facing the company; • financial firms needing to devote greater management time due to the volatility of risk, maturity transformation (borrowing short and lending long) and systemic risk; • risk needing a whole of enterprise approach rather than individual business units; • greater need for board review to align corporate strategy, risk appetite and the internal risk management structure; • need for risk management and control to be separate from profit centres; • the need for the Chief Risk Officer (CRO) to report directly to the board; • need for material risk factors to be disclosed in a “transparent and understandable fashion” and ranked in order of importance; and

 European Commission, Green Paper, Corporate Governance in Financial Institutions and Remuneration Policies, COM(2010) 284 final, Brussels, 2 June 2010, accessed 23 March 2017 at http://www.ecgi.org/commission/documents/green_paper_com2010_284_en.pdf (‘EC Green Paper 2010’), section 3.4, p 7 (footnote omitted). 27  See discussion in Sect. 6.6 of Chap. 6 above. 28  See discussion in Chap. 37 above – Complexity of Bank Structures, Off-Balance-Sheet Entities, Disclosure and Transparency. 29  EC Green Paper 2010, above n 26, section 3.4, p 7 (footnote omitted). 26

1032

38  Introduction to Failings of Risk Management in the Global Financial Crisis…

• risk management not being sufficiently covered by existing governance codes of the time.30 Expanding on these, the OECD Key Findings 2009 made the following “Key findings and main messages”: • financial risk and internal controls had emphasized corporate reporting in an ex-­ post fashion instead of linking risk management to strategy and forward stress-testing; • risk management needed to be “enterprise-wide” and not merely product or market line based; • the board was responsible for strategy and risk management including monitoring company structure, culture and information flow to the board about risks; • a CRO was required to report separately to a relevant committee and not merely to the CEO; and • the risk management system should monitor and influence remuneration and incentive systems.31 For Turnbull and Pirson, there were two main reasons for the failure in risk management – lack of information and failure to process information: [W]e argue that there are two generic reasons why boards failed to fulfill their duty to manage risk well: 1) board members did not get relevant information about risks incurred by management because they lacked control over information supply; 2) board members were not able to process such risk-related information and lacked incentives or power to influence managerial decision making.32

For the authors, the solution is multiple stakeholders on multiple boards.33 That unitary board systems have a committee system does not alleviate the problem for the authors on account of group dynamics, information overload and common membership of the board.34 However, for the Walker Review 2009, corporate governance systems do not need to move to a multiple board system as explained in Sects. 2.5 and 2.6 of that Review.35 Thus, a wide range of governance variables are raised by governmental and market reports and other commentators. These are examined next as failings of board oversight in risk management.  OECD Key Findings 2009, above n 22, Effective implementation of risk management, pp 8–9.  Ibid, p 40. 32  Michael Pirson and Shann Turnbull, “Corporate Governance, Risk Management, and the Financial Crisis  – An Information Processing View”, Fordham University Schools of Business Research Paper No. 2011–003, (11 December 2010), accessed 5 April 2017 at SSRN: http://ssrn. com/abstract=1723782, 3. 33  Ibid, 17. 34  Ibid, 18. 35  David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), sections 2.5–2.6, pp 35–36. 30 31

38.3  Application – Governance Variables Based on Board Responsibilities…

1033

38.3 Application – Governance Variables Based on Board Responsibilities and Principal Failings of Board Oversight in Risk Management, Internal Monitoring and Decision-Quality 38.3.1 Approach to Modelling Governance Variables The approach to the identification, disclosure, escalation and reduction in information flow variables in Sects. 38.3, 38.4, 38.5, 38.6, 38.7, 38.9, 38.10, 38.11, 38.12, 38.13, 38.14, 38.15, 38.16, 38.17, 38.18, 38.19, 38.20, 38.21, 38.22 and 38.23 will be to hypothesise that they are identical in behaviour and relational effect path to the [TransTimeMon] (+)36 variable in section 9.1.2.1 of Stage 1 with a coverage/rating of +8/100.00 rprox but in the negative (−) direction, giving rise to a coverage/rating of −8/100.00 rprox. The [TransTimeMon] (+) variable links, most directly, the transparency and timing of reporting with both enhancement of the risk management and monitoring function (Risk Management, Monitoring & Audit Factor No 537) and the quality of decision-making (Decision-making Factor No 738). Given its focus on risk management, monitoring and decision-making, the [TransTimeMon] (+) variable’s relational effect path is positive (+) and the zone of effect of that relational effect path is hypothesised to be similar to that of the [BrdSkills] (+)39 and [BrdIndMon] (+)40 variables but with an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance41). This gives rise to a coverage/rating of +8/100.00 rprox for the [TransTimeMon] (+) variable in the Stage 1 Coverage Table (Table 3.1) and the Relational Proximity Table (Table 3.2) of Stage 1. In this Part 6 of Stage 2, the effect of a failure by management to identify, disclose or escalate risks or a reduction in information flow is the opposite effect of the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1.42 In that section, the [TransTimeMon] (+) variable hypothesizes an improvement in the quality and reliability of information which flows to the board and, therefore, the market. This, in turn, enhances the quality of external or market monitoring of the board with a  Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 6, pp 262–263. 37  See discussion in section 2.6.5 of Stage 1, above n 6, pp 47–51. 38  See discussion in section 2.6.7 of Stage 1, above n 6, pp 51–58. 39  Board – Director Skills ‘Mix’ – see Figure 7.2 and discussion in section 7.3.1.2.1 of Stage 1, above n 6, pp 198–201. 40  Board Independent Director: Executive Director Proportion – Monitoring Effect – see discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, above n 6, pp 208–212. 41  See discussion in section 2.6.2 of Stage 1, above n 6, pp 41–43. 42  See discussion in section 9.1.2.1 of Stage 1, above n 6, pp 262–266. 36

1034

38  Introduction to Failings of Risk Management in the Global Financial Crisis…

predicted improvement in internal monitoring. There, Compliance Factor No 2 and the reflexive relationship between Reporting Factor No 1 and Risk Management, Monitoring & Audit Factor No 5 are the ‘sources’ of the positive influence represented in Figure 9.1 of Stage 1 for the [TransTimeMon] (+) variable with a coverage/rating of +8/100.00 rprox. In the case here of a failure by management to identify, disclose or escalate risks or in a reduction in information flow, there is an opposite effect – there is a reduction in the quality and reliability of information which flows to the board from management. Thus, this also results in a reduction of the quality and reliability of information which flows to the market. This in turn reduces the quality of external or market monitoring of the board with a predicted reduction in internal monitoring. The relational approach here will be to similarly craft identification, disclosure, escalation or information flow variables on the relational effect path of the [TransTimeMon] (+)43 variable in section 9.1.2.1 of Stage 1 with a coverage/rating of +8/100.00 rprox but in the negative (−) direction. This gives rise to a coverage/rating of −8/100.00 rprox for the variables in Sects. 38.4, 38.5, 38.6, 38.7, 38.9, 38.10, 38.11, 38.12, 38.13, 38.14, 38.15, 38.16, 38.17, 38.18, 38.19, 38.20, 38.21, 38.22 and 38.23 in the Stage 2 Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). At the end of the description of each variable is its source from the failings described above in Sect. 38.2. The OECD Key Findings 2009’s recommendation that the risk management system should monitor and influence remuneration and incentive systems44 was examined in Part 4. First, the following variables are considered in the Stage 2 relational approach in relation to the board responsibilities for risk management flowing from APRA’s CPS 220. Second are variables considered to be failings in the board’s responsibilities or functions in the oversight of the risk management function based on failings to identify, disclose or escalate risks or in the reduction of information flow to the board of such risks. Later sections examine failings of senior management and business units.

 Transparency and timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 6, pp 262–263. 44  OECD Key Findings 2009, above n 22, p 40. 43

38.3  Application – Governance Variables Based on Board Responsibilities…

1035

38.3.2 Governance Variables for Board Responsibilities in CPS 220 Risk Management The Stage 2 relational approach here will be to craft identification, disclosure, escalation or information flow variables derived from section 9 of CPS 22045 on the relational effect path of the [TransTimeMon] (+)46 variable in section 9.1.2.1 of Stage 1 with a coverage/rating of +8/100.00 rprox and in the same positive (+) direction. This gives rise to a coverage/rating of +8/100.00 rprox for the variables in this Sect. 38.3 in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • [220BrdRiskAppRASRMS] (+) – CPS 220BrdRisk – Board Oversight of Risk Management  – Setting Risk Appetite, Risk Appetite Statement and Risk Management Strategy – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (APRA CPS 220); • [220BrdRiskCultureChangeSteps] (+) – CPS 220BrdRisk – Board Oversight of Risk Management  – Set Risk Culture Within Risk Appetite and Identify Changes in Risk Culture and Steps to Address Changes – Increase of Information Flow to the Board  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (APRA CPS 220); • [220BrdRiskMonitor&ManageSnrMan] (+)  – CPS 220BrdRisk  – Board Oversight of Risk Management  – Ensure Senior Management Monitor and Manage All Material Risks Consistent with the Strategic Objectives, RAS and Board Policies – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/ rating + 8/100.00 rprox (APRA CPS 220); • [220BrdRiskOpStructureRiskMan] (+) – CPS 220BrdRisk – Board Oversight of Risk Management  – Board to Ensure Operational Structure of the Bank Facilitates Effective Risk Management  – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (APRA CPS 220); • [220BrdRiskPolicesRMSRAS] (+)  – CPS 220BrdRisk  – Board Oversight of Risk Management – Board to Ensure Policies and Processes are Developed for Risk-taking that are Consistent with the RMS and the Risk Appetite – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (APRA CPS 220);

 CPS 220, above n 2, section 9(a) – (g), p 4.  Transparency and timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 6, pp 262–263. 45 46

1036

38  Introduction to Failings of Risk Management in the Global Financial Crisis…

• [220BrdRiskResourcesRiskMan] (+) – CPS 220BrdRisk – Board Oversight of Risk Management – Board to Ensure that Sufficient Resources are Dedicated to Risk Management  – Increase of Information Flow to the Board  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (APRA CPS 220); and • [220BrdRiskRecogniseUncert&LimitsAss] (+)  – CPS 220BrdRisk  – Board Oversight of Risk Management – Board to Recognise Uncertainties, Limitations and Assumptions Attached to the Measurement of each Material Risk – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (APRA CPS 220);

38.3.3 Additional Requirements on Head of a Group This gives rise to variables for additional requirements on the Head of a Group, based on the [TransTimeMon] (+) variable in the positive (+) direction, coverage/ rating + 8/100.00 rprox: • [220HeadRiskRMFProcesses] (+)  – CPS 220HeadRisk  – Head of Group Oversight of Risk Management – Head of Group to Maintain Processes for the Group Risk Management Framework  – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-­making, coverage/rating + 8/100.00 rprox (APRA CPS 220) including: –– “identification, measurement, evaluation, monitoring, reporting, and controlling or mitigation of all material risks across the group, in normal times and periods of stress”;47 and –– “the Head of a group must ensure its Board has a comprehensive group-wide view of all material risks, including an understanding of the roles and relationships of subsidiaries to one another and to the Head of a group”.48

• [220HeadRiskLiqManPolicy] (+)  – CPS 220HeadRisk  – Head of Group Oversight of Risk Management – Head of Group to Maintain Board-Approved Liquidity Management Policy for the Group – Increase of Information Flow to the Board – Increase in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (APRA CPS 220) including:“adequately and consistently identify, measure, monitor, and manage its material liquidity risks”;49 –– The policy must include: –– “a strategy that ensures the group has sufficient liquidity to meet its obligations as they fall due, including in stressed conditions”;50 and

 CPS 220, above n 2, section 14, p 5.  Ibid. 49  Ibid, section 17, p 5. 50  Ibid. 47 48

38.5  Separation and Low Status of Risk Managers Likely to Cause a Deficiency…

1037

–– “outline processes to identify existing and potential constraints on the transfer of funds within the group”;51 and –– “the Head of a group must submit to APRA a copy of its group liquidity management policy as soon as practicable, and no more than 10 business days, after Board approval”.52

38.4 Failure to Identify Risks on an Organisation-Wide Basis Rather than by Business Unit or Activity This gives rise to a variable for failure to identify risks, based on the variable , coverage/rating − 8/100.00 : • [TransTimeMon] (+)in the negative (−) directionrprox[FailFirm-WideRisk] (−) – Banks – Board Oversight of Risk Management – Failure to Identify FirmWide Risk – Reduction of Information Flow to the Board – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/ rating − 8/100.00 rprox (OECD Key Findings 2009).

38.5 Separation and Low Status of Risk Managers Likely to Cause a Deficiency or Reduction in the Flow of Information from Management to the Risk Manager on the Details of Particular Risks This gives rise to a variable for the separation and low status of risk managers, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailLowStatus] (−)  – Banks  – Board Oversight of Risk Management  – Separation and Low Status of Risk Managers – Causing Deficiency or Reduction in Flow of Information from Management to Risk Managers  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (OECD Key Findings 2009), (EC Green Paper 2010); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8.

51 52

 Ibid.  Ibid.

1038

38  Introduction to Failings of Risk Management in the Global Financial Crisis…

38.6 Failure to Escalate Problems or ‘Red Flags’ – Deficiencies in the Flow of Information Upward Through the Bank to Senior Management and/or the Board This gives rise to a variable for failure to escalate problems or ‘red flags’, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailRedFlag] (−) – Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (OECD Key Findings 2009), (OECD Kirkpatrick Report 2009), (EC Green Paper 2010); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8.

38.7 Failure in Information Flow on Leverage and Risks Due to over-Reliance on Regulatory Capital Ratios and Rates of Return on Equity This gives rise to a variable for failure in information flow on leverage and risks, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/ rating − 8/100.00 rprox: • [FailInfoLevRisk] (−)  – Banks  – Board Oversight of Risk Management  – Failure in Information Flow on Leverage and Risks due to Over-Reliance on Regulatory Capital Ratios and Rate of Return on Equity – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/ rating − 8/100.00 rprox (OECD Key Findings 2009).

38.8 Failure of Information Flow on Identifying Risks This gives rise to a variable for failure of information flow on identifying risks, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/ rating − 8/100.00 rprox: • [FailIdentifyNewRisks] (−) – Banks – Board Oversight of Risk Management – Failure to Identify New Risks – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (Mülbert).

38.11  Failure of Information Flow Due to Conducting Stress Testing with…

1039

38.9 Failure of Information Flow on Risks in CDOs and Other Financial Products This gives rise to a variable for failure of information flow on CDO/other financial product risks, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailCDORisks] (−)  – Banks  – Board Oversight of Risk Management  – Failure to Identify Risks inherent in CDOs and Other Financial Products  – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (Mülbert).

38.10 Failure of Information Flow to Senior Management Due to ‘Silo Structures’ This gives rise to a variable for failure of information flow due to ‘silos’, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailInfoSilos] (−) – Banks – Board Oversight of Risk Management – Failure of Information Flow to Senior Management due to ‘Silo Structures’ – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (Mülbert); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8.

38.11 Failure of Information Flow Due to Conducting Stress Testing with Past Information This gives rise to a variable for failure of information flow, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailStressTests] (−) – Banks – Board Oversight of Risk Management – Failure of Information Flow Due to Conducting Stress Testing with Past Information – Failure of Forward Stress-Testing – Failure to Identify New Risks – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (Mülbert), (OECD Kirkpatrick Report 2009), (OECD Key Findings 2009).

1040

38  Introduction to Failings of Risk Management in the Global Financial Crisis…

38.12 Failure to Understand and Compare Bank’s Risk Position Relative to Risk Appetite This gives rise to a variable for failure to understand risk, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailRiskPosition] (−)  – Banks  – Board Oversight of Risk Management  – Failure to Understand and Compare Bank’s Risk Position Relative to Risk Appetite – Failure of Information Flow to Board – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (Mülbert).

38.13 Failure of Risk Model Assumptions This gives rise to a variable for failure of risk model assumptions, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailModelAssumpt] (−) – Banks – Board Oversight of Risk Management – Failure of Assumptions in Risk Models – Failure of Information Flow to Board – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (OECD Kirkpatrick Report 2009).

38.14 Failure by Board to Continuously Review Internal Structure of Bank for Clear Lines of Accountability/ Responsibility, Risk Culture and Flow of Information About Risks This gives rise to a variable for failure to review internal structure, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailReviewStructCultInfoRisk] (−)  – Banks  – Board Oversight of Risk Management – Failure by Board to Review Internal Structure (Continuous), Risk Culture and Information Flow about Risks  – Failure of Clear Lines of Accountability/Responsibility  – Failure to Monitor Risk Culture  – Failure to Monitor Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (OECD Kirkpatrick Report 2009), (OECD Key Findings 2009); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8.

38.17  Failure to Monitor Changes in Risks in Real Time and to Escalate Information…

1041

38.15 Failure in Training Employees Responsible for Distributing Risk Products This gives rise to a variable for failure to train employees, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailTrainRiskProds] (−) – Banks – Board Oversight of Risk Management – Failure to Train Employees Responsible for Distributing Risk Products  – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox (EC Green Paper 2010); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8.

38.16 Failure in Expertise or Experience of Risk Management Employees in Entire Range of Risks This gives rise to a variable for failure in expertise or experience, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailExpertExperRiskMan] (−)  – Banks  – Board Oversight of Risk Management  – Failure of Expertise or Experience of Risk Management Employees – Failure to Identify Whole Range of Risks – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (EC Green Paper 2010); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8.

38.17 Failure to Monitor Changes in Risks in Real Time and to Escalate Information Rapidly Upward in the Bank This gives rise to a variable for failure to monitor changes in risks and escalate information, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailMonRisksRealTime] (−) – Banks – Board Oversight of Risk Management – Failure to Monitor Changes in Risks in Real Time  – Failure to Escalate Information on Risks Rapidly Upward Through All Levels of Bank in Real

1042

38  Introduction to Failings of Risk Management in the Global Financial Crisis…

Time – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (EC Green Paper 2010); and • This variable is focused on the ‘real time’ monitoring aspect and so the failure to escalate information is more specific than the ‘red flag’ variable in Sect. 38.6 denoted as [FailRedFlag] (−) which applies generally.

38.18 Failure to Upgrade IT Tools for Complex and Opaque Bank Structures This gives rise to a variable for failure to upgrade IT tools, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailUpgradeIT] (−) – Banks – Board Oversight of Risk Management – Failure to Upgrade IT Tools for Complex and Opaque Bank Structures  – Failure to Consolidate and Escalate Information on Risks Rapidly Upward Through All Levels of Bank in Real Time – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (EC Green Paper 2010).

38.19 Failure to Devote Sufficient Management Time to Management of Risks This gives rise to a variable for failure to devote sufficient management time, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailManageTimeRisks] (−) – Banks – Board Oversight of Risk Management – Failure to Devote Sufficient Management Time to Manage Risks Due to Volatility of Risk, Maturity Transformation (Borrowing Short and Lending Long) and Systemic Risk – Reduction of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (EC Green Paper 2010);

38.20 Failure to Align Corporate Strategy, Risk Appetite and the Internal Risk Management Structure This gives rise to a variable for failure of alignment, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox:

38.22  Failure of Chief Risk Officer (CRO) to Report Directly to Board and Board Risk… 1043

• [FailAlignStratAppStruct] (−)  – Banks  – Board Oversight of Risk Management  – Failure to Align Corporate Strategy, Risk Appetite and the Internal Risk Management Structure  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking  – Reduction in Quality of Accountability/Responsibility, coverage/ rating − 8/100.00 rprox (EC Green Paper 2010), (OECD Key Findings 2009); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8.

38.21 Failure to Separate Risk Management and Control from Profit Centres This gives rise to a variable for failure in separation of risk management from control, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailSplitRiskProfit] (−)  – Banks  – Board Oversight of Risk Management  – Failure to Separate Risk Management and Control from Profit Centres – Failure of Clear Lines of Accountability/Responsibility  – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (EC Green Paper 2010); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8.

38.22 Failure of Chief Risk Officer (CRO) to Report Directly to Board and Board Risk Committee (BRC) in Addition to CEO This gives rise to a variable for failure in CRO reporting, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailCROReportBrdBRC] (−)  – Banks  – Board Oversight of Risk Management – Failure of Clear Lines of Accountability/Responsibility – Failure of Chief Risk Officer (CRO) to Report Directly to Board and Board Risk Committee in Addition to CEO – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, − Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (EC Green Paper 2010); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8;

1044

38  Introduction to Failings of Risk Management in the Global Financial Crisis…

38.23 Failure in Transparency and Understandability of Material Risk Factors Ranked in Order of Importance This gives rise to a variable for failure in transparency, understandability and ranking, based on the [TransTimeMon] (+) variable in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailTransRiskFactors&Rank] (−)  – Banks  – Board Oversight of Risk Management  – Failure to Disclose Risks in Transparent and Understandable Manner – Failure to Rank Risk Factors in Order of Importance – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (EC Green Paper 2010).

Chapter 39

NAB and ASIC Failures in Issue Identification, Escalation and Resolution

Abstract  This chapter examines NAB failures in issue identification, escalation and resolution and the ASIC Governance Taskforce 2019 findings on ‘information flows’. We begin with NAB’s failure to escalate problems or ‘red flags’ – in general – giving rise to deficiencies in the flow of information upward through the bank to senior management and/or the board. NAB then identifies a wide range of issues that we convert to governance variables for: • • • • • • • • • • • • • • • •

operational risk management policy; monitoring and reporting of issues, events and actions; compliance breach assessment and reporting; audit and regulatory issues; the whistleblower program; complaints reporting; significant issues; the customer remediation procedure; management of ‘excessive’ risks; regulatory engagement; breach reporting; voice of the customer in issue management; complex issue management and closure; resolving customer complaints; customer remediation; and regulatory interactions.

We conclude with the ASIC Governance Taskforce 2019 findings on ‘information flows’. Keywords  Issue identification · Information flow and escalation of problems and red flags · Resolution · Operational risk management policy · Monitoring and reporting of issues, events and actions · Compliance breach assessment and reporting · Whistleblower program · Customer complaints and remediation · Regulatory engagement · Complex issue management and closure

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_39

1045

1046

39  NAB and ASIC Failures in Issue Identification, Escalation and Resolution

In Sect. 38.6 above, a general variable was introduced for failure to identify and escalate problems or ‘red flags’ – deficiencies in the flow of information upward through the bank to senior management and/or the board: • [FailRedFlag] (−) – Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (OECD Key Findings 2009), (OECD Kirkpatrick Report 2009), (EC Green Paper 2010); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8. Here, additional governance variables identified in the NAB Self-Assessment 20181 in relation to issue identification, escalation and resolution are constructed. As for the failure variables in Sects. 38.3 to 38.23 above, the approach to ‘NABRedFlag’-prefix variables for the identification, disclosure, escalation and reduction in information flow variables will be to hypothesise that they are identical in behaviour and relational effect path to the [TransTimeMon] (+)2 variable in section 9.1.2.1 of Stage 1 with a coverage/rating of +8/100.00 rprox but in the negative (−) direction giving rise to a coverage/rating of −8/100.00 rprox.

39.1 NAB Failure to Escalate Problems or ‘Red Flags’ Generally – Deficiencies in the Flow of Information Upward Through the Bank to Senior Management and/ or the Board (Generally) In the negative (−) direction for design gaps (generally) in the issue management framework:

 National Australia Bank, NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/content/dam/ nabrwd/documents/reports/corporate/nab-self-assessment-2018.pdf (‘NAB Self-Assessment 2018’), pp. 31–35. 2  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, pp. 262–263. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 1

39.2  NAB Operational Risk Management Policy

1047

• [NABRedFlagDesignGap] (−) – Banks – NABRedFlag – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags Due to Design Gaps (Generally)3 – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (NAB); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8. In the negative (−) direction for gaps of effectiveness (generally) in issue management practices: • [NABRedFlagNotEffective] (−) – Banks – NABRedFlag – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags Due to Gaps in Effectiveness of Practices in the Issue Management Framework (Generally)4 – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (NAB); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8

39.2 NAB Operational Risk Management Policy In the positive (+) direction for the NAB Operational Risk Management Policy: • [NABRedFlagOpRiskManPolicy] (+)  – Banks  – NABRedFlag  – Board Oversight of Risk Management  – Operational Risk Management Policy5  – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/ Responsibility, coverage/rating +8/100.00 rprox (NAB); • [NABRedFlagOpRiskIssues] (+) – Banks – NABRedFlag – Board Oversight of Risk Management  – Operational Risk Management Policy  – Identification of “Issues” which Could Lead to Events if Uncorrected6 – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB); • [NABRedFlagOpRiskEvents] (+) – Banks – NABRedFlag – Board Oversight of Risk Management – Operational Risk Management Policy – Identification of

 NAB Self-Assessment 2018, above n 1, p 31.  Ibid. 5  Ibid. 6  Ibid 3 4

1048

39  NAB and ASIC Failures in Issue Identification, Escalation and Resolution

“Events” or Problems that have Actually Occurred7  – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB); • [NABRedFlagOpRiskActions] (+) – Banks – NABRedFlag – Board Oversight of Risk Management  – Operational Risk Management Policy  – “Actions” (Activities) to Address Events or Issues8  – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decisionmaking – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB); • [NABRedFlagOpRiskID] (+)  – Banks  – NABRedFlag  – Board Oversight of Risk Management  – Operational Risk Management Policy  – Identification of Issues and Events9 – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB), the content of this variable providing: –– all employees to identify and capture risk Events10; and –– all business leaders to identify and capture risk Issues.11 • [NABRedFlagOpRiskDocRecord] (+)  – Banks  – NABRedFlag  – Board Oversight of Risk Management  – Operational Risk Management Policy  – Documenting and Recording of Issues and Events12 – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB), the content of this variable providing for13: –– –– –– –– ––

documenting and recording in ‘risksmart’ platform within five business days; issue/event owner; target resolution date; criticality; and business leaders to “identify and record time-bound Actions to address Issues and Events”;

• [NABRedFlagOpRiskTrack] (+) – Banks – NABRedFlag – Board Oversight of Risk Management – Operational Risk Management Policy – Tracking of Issues and Events14  – Increase in Information Flow  – Increase in Quality of Risk

 Ibid  Ibid 9  Ibid 10  Ibid. 11  Ibid. 12  Ibid 13  Ibid. 14  Ibid 7 8

39.4  NAB Compliance Breach Assessment and Reporting

1049

­ anagement and Internal Monitoring and Decision-making – Increase in Quality M of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB); and • [NABRedFlagOpRiskClose (+) – Banks – NABRedFlag – Board Oversight of Risk Management – Operational Risk Management Policy – Closing of Issues and Events15  – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB) including; –– confirmation by divisional CRO before closure.

39.3 NAB Monitoring and Reporting of Issues, Events and Actions In the positive (+) direction for monitoring and reporting of issues, events and actions: • [NABRedFlagOpRiskMonitor] (+) – Banks – NABRedFlag – Board Oversight of Risk Management – Operational Risk Management Policy – Monitoring of Tracking of Issues and Events16  – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB), including: –– “high-rated risk Actions (related to Issues and Events) must be reported quarterly to business leaders… overseen by the appropriate divisional risk team”17; –– material issues designated as “MOIs” by Group CRO; and –– MOIs tracked and reported monthly at GRRMC and BRC;

39.4 NAB Compliance Breach Assessment and Reporting In the positive (+) direction for compliance breach assessment and reporting: • [NABRedFlagComplyBrTag] (+) – Banks – NABRedFlag – Board Oversight of Risk Management – Compliance Breach Assessment and Reporting – Tagging and Forwarding of Potentially Reportable Breaches to Compliance18 – Increase in Information Flow  – Increase in Quality of Risk Management and Internal  Ibid  Ibid 17  Ibid. 18  Ibid, p 32. 15 16

1050

39  NAB and ASIC Failures in Issue Identification, Escalation and Resolution

Monitoring and Decision-making  – Increase in Quality of Accountability/ Responsibility, coverage/rating +8/100.00 rprox (NAB); • [NABRedFlagComplyBrEscalate] (+)  – Banks  – NABRedFlag  – Board Oversight of Risk Management  – Compliance Breach Assessment and Reporting  – Escalation to Significant Event Review Panel19  – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/ Responsibility, coverage/rating +8/100.00 rprox (NAB); • [NABRedFlagComplyBrReportReg] (+)  – Banks  – NABRedFlag  – Board Oversight of Risk Management  – Compliance Breach Assessment and Reporting – Reporting of Breach to Relevant Regulator20 – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB); and • [NABRedFlagComplyBrReportCRO] (+)  – Banks  – NABRedFlag  – Board Oversight of Risk Management  – Compliance Breach Assessment and Reporting – Reporting of Breach By Group CRO to BRC and Board21 – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/ Responsibility, coverage/rating +8/100.00 rprox (NAB).

39.5 NAB Audit and Regulatory Issues In the positive (+) direction for audit and regulatory issues: • [NABRedFlagAudRegIssueGAITS] (+)  – Banks  – NABRedFlag  – Board Oversight of Risk Management – Audit and Regulatory Issues – Issues Identified by Internal Audit or APRA Reported on Global Assurance Issue Tracking System (GAITS)22  – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB), including23: –– ‘star’ ratings for severity; –– high severity issues reported to Audit Committee; and –– Internal Audit or regulator confirmation to close.

 Ibid.  Ibid. 21  Ibid. 22  Ibid. 23  Ibid. 19 20

39.7  NAB Complaints Reporting

1051

39.6 NAB Whistleblower Program In the positive (+) direction for the NAB Whistleblower Program: • [NABRedFlagWhistleIntAud] (+) – Banks – NABRedFlag – Board Oversight of Risk Management  – Whistleblower Program for Anonymous Reporting24  – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/ Responsibility, coverage/rating +8/100.00 rprox (NAB), including25: –– –– –– ––

management by Internal Audit; independently monitored external hotline; accountability for oversight by Audit Committee; and external review.

39.7 NAB Complaints Reporting In the positive (+) direction for the NAB Complaints Reporting procedure: • [NABRedFlagCustComplain] (+) – Banks – NABRedFlag – Board Oversight of Risk Management  – Capture and Reporting of Customer Complaints26  – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/ Responsibility, coverage/rating +8/100.00 rprox (NAB), including27: –– accountability of all customer-facing employees; and –– “first point of contact resolution”; • [NABRedFlagCustComplainComplex] (+) – Banks – NABRedFlag – Board Oversight of Risk Management – Capture and Reporting of Complex or Increased Time Requirement Customer Complaints28  – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-­ making – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB), including29: –– –– –– ––  Ibid.  Ibid. 26  Ibid. 27  Ibid. 28  Ibid. 29  Ibid. 24 25

dedicated function – NAB Resolve; captured on Feedback and Information Repository (FAIR); complaints trends and themes reported to Executive Leadership Team; and complaints volumes and monthly customer feedback reported to the Board.

1052

39  NAB and ASIC Failures in Issue Identification, Escalation and Resolution

39.8 NAB Significant Issues In the positive (+) direction for the NAB Significant Issues procedure: • [NABRedFlagSignifIssue] (+) – Banks – NABRedFlag – Board Oversight of Risk Management – Resolution of Significant Issues30 – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB), including31: –– raising of project under NAB Project Execution Framework; –– project delivery risk assessed and reported to Customer Delivery Committee; and –– delivered risk assessment process for larger change programs.

39.9 NAB Customer Remediation Procedure In the positive (+) direction for the NAB Customer Remediation Procedure: • [NABRedFlagCustRemedProc] (+) – Banks – NABRedFlag – Board Oversight of Risk Management  – Customer Remediation Procedure  – Need for Compensation or Other to Customers32 – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB), including33: –– centralised remediation function; and –– customer remediation principles.

39.10 NAB Management of ‘Excessive’ Risks In the positive (+) direction for the NAB management of ‘excessive’ risks procedure: • [NABRedFlagExcessRiskAppBEAR] (+)  – Banks  – NABRedFlag  – Board Oversight of Risk Management  – Management of ‘Excessive’ Risks Beyond Risk Appetite  – Risks with High Residual Risk Severity and Probability  – Requirement of BEAR-endorsed Plan to Reduce Residual Risk within Specific

 Ibid.  Ibid. 32  Ibid. 33  Ibid. 30 31

39.12  NAB Breach Reporting

1053

Time Frame34  – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB).

39.11 NAB Regulatory Engagement In the positive (+) direction for the NAB management of regulatory engagement: • [NABRedFlagRegEngageCRORSA] (+)  – Banks  – NABRedFlag  – Board Oversight of Risk Management – Regulatory Engagement by Group CRO – Co-­ ordination by Regulatory Strategy and Affairs (RSA) Function to Track Actions and Monitor Deadlines35 – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB).

39.12 NAB Breach Reporting In the negative (−) direction for the NAB management of breach reporting obligations: • [NABRedFlagFailBrReport] (−) – Banks – NABRedFlag – Board Oversight of Risk Management – Breach Reporting Obligation36 – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (NAB), the content of this variable including37: –– –– –– ––

delayed identification of incidents; time between investigation to lodgement of report; failure to report to ASIC within 10 business days for significant breach; delayed remediation for consumer loss;

 Ibid. The Australian Treasury announced in a Proposals Paper of 22 January 2020 that it proposed to extend the BEAR to other APRA regulated entities in the insurance and superannuation industries with the introduction of the Financial Accountability Regime (FAR). See Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, accessed 17 February 2020, available at https://treasury.gov.au/sites/default/files/2020-01/c2020-24974.pdf. See Attachment A  – Summary of changes from the BEAR to the FAR, pp. 11–13. The Government intends to introduce legislation by the end of 2020 to implement the FAR. See Proposal Paper, Next steps, p 3. 35  NAB Self-Assessment 2018, above n 1, p 33. 36  Ibid. 37  Ibid. 34

1054

39  NAB and ASIC Failures in Issue Identification, Escalation and Resolution

–– failures in monitoring, benchmarking and internal reporting; and –– failure in timely application of consequence management; Action #11 of the NAB Self-Assessment 2018 is thus to: Improve compliance-related controls and monitoring processes to evidence ongoing compliance and more quickly identify, report and remediate any breaches.38

39.13 NAB Voice of Customer in Issue Management In the positive (+) direction for voice of the customer issue management by NAB: • [NABRedFlagAssessMatrix] (+) – Banks – NABRedFlag – Board Oversight of Risk Management – Issue Management – Risk Impact Assessment Matrix for Impact on NAB39 – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB), the content of this variable including40: –– –– –– –– –– ––

impact on profit and loss; regulatory intervention; employee safety; reputation; impact of non-availability of systems on customer; and more comprehensive assessment of customer impact including aggregate customer detriment;

In the negative (−) direction for voice of the customer in issue management by NAB: • [NABRedFlagFailCustVoice] (−) – Banks – NABRedFlag – Board Oversight of Risk Management – Issue Management – Failure to Focus on Customer Voice in Characterising and Reporting Risk Issues and Events41  – Decrease in Information Flow  – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making  – Decrease in Quality of Accountability/ Responsibility, coverage/rating −8/100.00 rprox (NAB).

 Ibid.  Ibid. 40  Ibid. 41  Ibid. 38 39

39.14  NAB Complex Issue Management and Closure

1055

39.14 NAB Complex Issue Management and Closure In the positive (+) direction for complex issue management and closure by NAB: • [NABRedFlagCRORiskTargetsRep] (+)  – Banks  – NABRedFlag  – Board Oversight of Risk Management  – Complex Issue Management and Closure  – Group CRO Risk Targets Report for Matters of Interest (MOIs)42 – Increase in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/ Responsibility, coverage/rating +8/100.00 rprox (NAB) including43: –– elapsed time and expected closure date; and –– allocation of BEAR-Accountable Person for each MOI. In the negative (−) direction for complex issue management and closure by NAB: • [NABRedFlagFailTimeframe] (−) – Banks – NABRedFlag – Board Oversight of Risk Management  – Complex Issue Management and Closure  – Extended Timeframes for Resolution Exceeded44  – Decrease in Information Flow  – Decrease in Quality of Risk Management and Internal Monitoring and Decision-­ making – Decrease in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (NAB), the content of this variable including45: –– –– –– –– –– –– –– –– –– –– ––

over-optimism incapacity for remediation; failure of ownership by relevant business owner; recurrence due to non-sustainable or incomplete solution; failure to assign accountability due to seniority, multiple parties and employee movement; inadequate resourcing; management of action rather than outcome; tolerance for long timeframes and multiple stage gates for resolution; task assigned to generalist rather than specialist; failure to mandate board approval for large or sensitive projects; failure of reporting framework to highlight “long-dated issues, changes of deadlines/scope, or failure to deliver against agreed commitments”; and failure of consistent and effective standards for action plan reporting.

 Ibid, p 34.  Ibid. 44  Ibid. 45  Ibid. 42 43

1056

39  NAB and ASIC Failures in Issue Identification, Escalation and Resolution

39.15 NAB Resolving Customer Complaints In the negative (−) direction for the NAB resolution of customer complaints: • [NABRedFlagFailCustTime] (−) – Banks – NABRedFlag – Board Oversight of Risk Management  – Resolving Customer Complaints  – Slow Handling Process46  – Decrease in Information Flow  – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making  – Decrease in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (NAB), the content of this variable including47: –– –– –– ––

failure to recognise recurring patterns; failure of data and categorisation quality; failure to identify and resolve root causes. failure to distinguish “high-severity” customer complaints for escalation and response; –– inconsistent measures in risk appetite; and –– inconsistent measures in executive scorecards.

39.16 NAB Customer Remediation In the negative (−) direction for the NAB customer remediation: • [NABRedFlagFailCustRemed] (−) – Banks – NABRedFlag – Board Oversight of Risk Management  – Customer Remediation48  – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (NAB), the content of this variable including49: –– inconsistencies in approach due to “accountability-at-source” in different business units; –– lack of experience; –– failure to embed regulatory expectations in bank policies; and –– exceeding timeframes to remediate; In the positive (+) direction for the NAB customer remediation: • [NABRedFlagCustRemedCCR] (+) – Banks – NABRedFlag – Board Oversight of Risk Management  – Customer Remediation  – Centre for Customer

 Ibid.  Ibid. 48  Ibid, p 35. 49  Ibid. 46 47

39.18  ASIC Governance Taskforce 2019 Findings on ‘Information Flows’

1057

Remediation (CCR)50 – Increase in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating +8/100.00 rprox (NAB), the content of this variable including51: –– –– –– ––

consistent approach to customer remediation; certainty of resourcing; policies and procedures; and reporting and oversight to board and Executive Leadership Team.

39.17 NAB Regulatory Interactions In the negative (−) direction for NAB regulatory interactions: • [NABRedFlagFailRegRship] (−) – Banks – NABRedFlag – Board Oversight of Risk Management  – Regulatory Relationship Management  – Failure to be Proactive and Relationship-Development Oriented52 – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (NAB); and • [NABRedFlagFailRegTrack&Deliver] (−)  – Banks  – NABRedFlag  – Board Oversight of Risk Management – Tracking and Delivering Against Regulatory Expectations – Failure or Inconsistencies in Capture, Monitoring and Governance of Non-Prudential Regulatory Commitments53 – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decisionmaking – Decrease in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (NAB).

39.18 ASIC Governance Taskforce 2019 Findings on ‘Information Flows’ ASIC reviewed information flows in its Corporate Governance Taskforce, Director and Officer Oversight of Non-financial Risk Report of October 2019.54  Ibid.  Ibid. 52  Ibid. 53  Ibid. 54  Australian Securities and Investments Commission, ASIC Corporate Governance Taskforce, Director and Officer Oversight of Non-financial Risk Report, October 2019, accessed 15 April 2020, available at https://download.asic.gov.au/media/5290879/rep631-published-2-10-2019.pdf (‘2019ASIC’). 50 51

1058

39  NAB and ASIC Failures in Issue Identification, Escalation and Resolution

For ASIC, “[e]ffective oversight is informed oversight. Directors need sufficient information to hold management to account and discharge their stewardship over the company’s assets.”55 The ASIC Governance Taskforce Recommendations on information flows included: 1 Material information should not be buried in lengthy board packs or reports; 2 Management reporting should have a clear hierarchy for non-financial risks that prioritises their importance; 3 Material information should not be lost in undocumented closed sessions; 4 Minutes should include key discussion points and reasons for decisions; 5 Informal meetings should be conducted in a manner that avoids asymmetric information between board members; 6 Board committees should ensure the full board is updated on material non-­financial risks in a timely way; 7 Cross-committee information flow should be formalised; [and] 8 Boards should explore alternative solutions to enhance information flows.56

In Sect. 38.6 above, a general variable was introduced for failure to identify and escalate problems or ‘red flags’ – deficiencies in the flow of information upward through the bank to senior management and/or the board: • [FailRedFlag] (−) – Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating -8/100.00 rprox (OECD Key Findings 2009), (OECD Kirkpatrick Report 2009), (EC Green Paper 2010); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8. Here, additional governance variables identified by the ASIC Governance Taskforce in relation to issue identification, escalation and resolution are constructed. As for the failure variables in Sects. 38.3 to 38.23 above, the approach to ‘2019ASICInfo’-prefix variables for the identification, disclosure, escalation and reduction in information flow variables will be to hypothesise that they are identical in behaviour and relational effect path to the [TransTimeMon] (+)57 variable in section 9.1.2.1 of Stage 1 with a coverage/rating of +8/100.00 rprox but in the negative (−) direction giving rise to a coverage/rating of −8/100.00 rprox: • [2019ASICInfoFailMatInfoLengthyReports] (−)  – 2019ASICInfo  – Board Oversight of Risk Management – Material Information Buried in Lengthy Board

 Ibid, p 26.  Ibid, p 1. 57  Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 2, pp. 262–263. 55 56

39.18  ASIC Governance Taskforce 2019 Findings on ‘Information Flows’

1059

Packs or Reports58 – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making  – Decrease in Quality of Accountability/Responsibility, coverage/rating -8/100.00 rprox (2019ASIC) including remediation: –– [t]he volume of papers that directors are required to read needs to be considered in the context of the growing trend for directors to attend more committee meetings and the common practice to hold committee meetings and full board meetings on consecutive days59; –– [i]t is not length itself that is the issue – rather, it is unnecessary length. When directors themselves consider that the information they need could be explained in less than 25% of the volume provided, work needs to be done to ensure concise management reporting that focuses on the key non-financial risks60; and –– [d]irectors need to be proactive in requiring management to deliver information in a form that will help them to fulfil their oversight and monitoring mandate61;

• [2019ASICInfoFailNFRHierarchyPriority] (−)  – 2019ASICInfo  – Board Oversight of Risk Management – Failure to Have Clear Hierarchy for NFR that Priorities their Importance62  – Decrease in Information Flow  – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (2019ASIC) including remediation: –– [c]ontext is needed to accompany the papers63; –– CRO and compliance reports – which are key vehicles for informing the board of material non-financial risks – [need to] provide a hierarchy showing the comparative importance of key non-financial risks64; –– [b]oards should not have to search through substantial amounts of information to seek out references to material risks. Management should be required to tell them where to look  – an example of better practice was a compliance report that provided detailed commentary on specific risks, in order of greatest to least severe65; and –– [s]ummary reports that highlight material issues raised in lengthier reports may also assist the board to prioritise risks66;

• [2019ASICInfoFailMatInfoUndocSessions] (−)  – 2019ASICInfo  – Board Oversight of Risk Management – Material Information Lost in Undocumented Closed Sessions67 – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making  – Decrease in

 2019ASIC, above n 54, p 27.  Ibid. 60  Ibid. 61  Ibid. 62  Ibid, p 29. 63  Ibid. 64  Ibid, p 30 65  Ibid. 66  Ibid. 67  Ibid, p 31. 58 59

1060

39  NAB and ASIC Failures in Issue Identification, Escalation and Resolution

Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (2019ASIC) including: –– [t]here was strong consensus from directors regarding the significant value of these [closed NED-only] sessions. They allow non-executive directors on boards or committees to question management without managers present, and to discuss highly sensitive information68; –– [h]owever, when these conversations are not recorded in a way that captures the material issues and action items discussed, it can lead to reduced or impaired information flows to the wider board or management who must address the issues raised69; and –– [remediation –] [m]aterial non-financial risks – indeed, all material issues – and action items arising from closed sessions should be recorded to ensure information flows are not reduced or impaired70;

• [2019ASICInfoFailMinutesKeyDiscuss&Reasons] (−)  – 2019ASICInfo  – Board Oversight of Risk Management  – Failure of Minutes to Include Key Discussion Points and Reasons for Decisions71 – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decisionmaking – Decrease in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (2019ASIC) including remediation from AICD/GIA: –– [t]he [minutes] must record the proceedings and resolutions of board meetings (including board committee meetings). Importantly, the joint statement advises organisations to include the key discussion points and reasons for decisions to help demonstrate that directors have discharged their obligations. In addition, the joint statement notes that while the level of detail to be captured is a judgement call, it is appropriate for minutes to record ‘significant issues raised with management by directors’ as well as action items arising. Recording significant issues raised with management and the actions sought from management will help the board demonstrate where they have exercised genuine oversight72;

• [2019ASICInfoInformalMeetAsymmetricInfo] (−) – 2019ASICInfo – Board Oversight of Risk Management  – Informal Meetings Can Cause Asymmetric Information Between Board Members73  – Decrease in Information Flow  – Decrease in Quality of Risk Management and Internal Monitoring and Decision-­ making – Decrease in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (2019ASIC) including remediation: –– [t]hese meetings are a good forum to gain greater understanding of issues and insights into company operations. Boards need to be mindful however of the risks involved where informal conversations result in decisions or actions being agreed upon absent formal frameworks or without the benefit of the entire board’s views being considered.  Ibid.  Ibid. 70  Ibid, p 32. 71  Ibid, p 33. 72  Ibid. ASIC cites Australian Institute of Company Directors and the Governance Institute of Australia, Joint Statement on Board Minutes, August 2019. Accessed 16 April 2020, available at https://www.governanceinstitute.com.au/advocacy/thought-leadership/joint-statement-on-boardminutes/ (footnotes omitted) 73  2019ASIC, above n 54, p 34. 68 69

39.18  ASIC Governance Taskforce 2019 Findings on ‘Information Flows’

1061

Boards should implement practices that minimise these risks, such as monitoring the subject of discussions that are not repeated at a formal meeting, and formally recording key decisions and action items. –– Boards should ask themselves: –– How are we ensuring that all directors have the benefit of material information obtained during informal conversations or meetings?74

• [2019ASICInfoFailBrdCteeToUpdateBrdNFR] (−) – 2019ASICInfo – Board Oversight of Risk Management – Failure by Board Committees to Update Full Board on Non-financial Risks75 – Decrease in Information Flow – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (2019ASIC) including remediation: –– updating methods include76: • • • •

CRO attended most or all board meetings; Written CRO/risk report provided at some or all board meetings; BRC minutes provided to board meeting; Verbal update from BRC chair (where not all directors attended BRC) (reduces objectivity and increases bias77);

• ASIC better practice: –– [w]here not all directors attend BRC meetings, it would be better practice for the CRO to attend the relevant part of board meetings and present a written CRO or risk report. This will help to ensure directors are aware of material non-financial risks discussed during BRC meetings. –– Boards should ask themselves: –– Are the methods we use to update the full board sufficient to ensure it receives reliable and timely information about material non-financial risks78

• [2019ASICInfoFailFormalCrossCteeInfoFlow] (−) – 2019ASICInfo – Board Oversight of Risk Management  – Failure to Formalise Cross-Committee Information Flow79  – Decrease in Information Flow  – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (2019ASIC) including remediation:

 Ibid (bold in original).  Ibid, p 35. 76  Ibid, p 36. 77  Ibid, p 35. 78  Ibid, p 36. 79  Ibid, p 37. 74 75

1062

39  NAB and ASIC Failures in Issue Identification, Escalation and Resolution

–– cross-committee membership alone is not enough and issues should be formally referred across committees80; –– ASIC better practice: • [t]he Chair of one organisation implemented a ‘handover note’ system between committees, which was recorded in committee minutes. This was intended to ensure that important issues did not slip through the cracks as a result of relying on crosscommittee memberships; • [t]he Chair also noted that this process was very effective for signalling to management the importance of specific issues; [and] • [t]he BRC charter of one organisation mandated sharing information with the Board Audit Committee and other board committees where relevant, while another required that relevant chairs hold meetings, where necessary. Formalising information sharing in this manner may help to introduce more reliable information flows between committees81;

• [2019ASICInfoFailAlternSolnInfoFlow] (−) –2019ASICInfo  – Board Oversight of Risk Management  – Failure to Explore Alternative Solutions to Enhance Information Flows82  – Decrease in Information Flow  – Decrease in Quality of Risk Management and Internal Monitoring and Decision-making – Decrease in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (2019ASIC) including ASIC better practice: –– [w]e also observed the following examples of better practice for the executive-­level committee: • [i]ts reporting was aligned to the company’s RAS, which helped management provide the board with meaningful reporting on risk appetite; [and] • [t]he committee appeared to enable more coordinated thinking around nonfinancial risks, enabling management to ‘join the dots’. The Chair of the full board said it had helped highlight materiality and context of non-­financial risks for the board.83

 Ibid.  Ibid (bullet-points added). 82  Ibid, p 38. 83  Ibid, p 39. 80 81

Chapter 40

Risk Culture, Risk Appetite and Risk Appetite Statements

Abstract  Part 6 of the Stage 2 Key Code and Advanced Handbook examines risk culture, risk appetite and risk appetite statements. This begins with creating a risk culture and ‘risk appetite’ and changing board culture and ‘tone at the top’. We then move to discuss elements of sound risk culture and APRA’s aims for risk culture. There follows APRA’s nine themes inhibiting sound risk culture: • • • • • •

widespread complacency; reactivity rather than pre-emption regarding risk; uneven influence of the risk function; not fully ‘walking the talk’ when it comes to risk management; less tendency towards reflection, introspection and learning; collegial, high trust environment leading to some over-confidence and over-collaboration; • striving to balance empowerment with challenge, although not well executed; • aiming to be a values-led institution, but an over-reliance on good intent; and • self-perceived, but incomplete, focus on the customer. The discussion moves to senior management responsibilities for risk culture, risk management and the provision of information including governance variables for senior management responsibilities. We recognise developing a risk appetite is a responsibility of the board and discuss the Risk Appetite Statement (RAS) and Risk Management Strategy (RMS) including APRA’s requirements for the RAS and RMS, governmental and market participant reports on the RAS and the ASIC Governance Taskforce 2019 on the RAS. We conclude with the APRA business plan and policies and procedures. Keywords  Risk culture · Risk appetite · Risk Appetite Statement (RAS) · Board culture and tone at the top · Elements of sound risk culture · APRA nine themes inhibiting sound risk culture · Senior Management Responsibilities · Risk Management Strategy (RMS) · APRA requirements for RAS and RMS

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_40

1063

1064

40  Risk Culture, Risk Appetite and Risk Appetite Statements

Creating a Risk Culture and ‘Risk Appetite’ As part of the corporate governance framework, the Basel Committee on Banking Supervision (BCBS) charges the board with responsibility for a “strong risk governance framework” including: • a strong risk culture; • a well developed risk appetite articulated through the RAS [risk appetite statement]; and • well defined responsibilities for risk management in particular and control functions in general.1 The IIF Final Report 20082 recommends that risk management should apply to all parts of the bank, not be purely an oversight or audit/control function and not just apply to those who invest the bank’s capital.3 Changing Board Culture and ‘Tone at the Top’ In the preceding Part 5 of this Stage 2 Key Code and Advanced Handbook, a number of variables were introduced to create a risk culture at a bank or financial firm. The variables listed in Sect. 29.1 assist the bank in developing among non-executive directors the challenge, debate and testing of CEO, executive and management strategy and risk issues/questions. But further guidance is found in Part 5  – including governmental and market participant reports – relating specifically to changing board culture and ‘tone at the top’ examined in Sect. 29.2. In this respect, the following variables were based on the enhanced risk management, monitoring and decision-making aspects of the [BrdIndMon] (+) variable in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1,4 coverage/ rating +7/87.50 rprox:

 Bank for International Settlements, Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www. bis.org/bcbs/publ/d328.htm, (“BCBS Guidelines 2015), Para 33, p 10. 2  Institute of International Finance, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, Financial Services Industry Response to the Market Turmoil of 2007–2008, Washington, DC, July 2008, accessed 24 March 2017 at http://www.apec.org.au/docs/11_CON_GFC/IIF_Final_Report_of_the_Committee_on_Market_ Best_Practices.pdf (‘IIF Final Report 2008’). 3  Ibid, Recommendations I.3 – I.5, p 33. 4  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, pp 208–212. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 1

40  Risk Culture, Risk Appetite and Risk Appetite Statements

1065

• [CultNEDStrat] (+)  – Bank Culture  – Review of Strategy by Non-Executive Directors – Enhancement of Monitoring Effect, coverage/rating +7/87.50 rprox (relational effect path in Sect. 29.2); • [CultNEDNewProds] (+) – Bank Culture – Review of New Products by Non-­ Executive Directors  – Enhancement of Monitoring Effect, coverage/rating +7/87.50 rprox (relational effect path in Sect. 29.2); • [CultNEDExistBus] (+) – Bank Culture – Review of Existing Business Market and Other Conditions by Non-Executive Directors – Enhancement of Monitoring Effect, coverage/rating +7/87.50 rprox (relational effect path in Sect. 29.2); • [CultNEDObserve] (+) – Bank Culture – Interaction between Non-Executive Directors and Executive Directors  – NED Observers on Executive Risk Committee – Enhancement of Monitoring Effect, coverage/rating +7/87.50 rprox (relational effect path in Sect. 29.2); • [CultNEDValues] (+) – Bank Culture – Non-executive Directors – Review and Oversight of Corporate Values – Enhancement of Monitoring Effect, coverage/ rating +7/87.50 rprox (relational effect path in Sect. 29.2); • [CultNEDRiskAppLimits] (+)  – Bank Culture  – Non-Executive Directors  – Review of Risk Awareness, Appetite and Limits – Enhancement of Monitoring Effect, coverage/rating +7/87.50 rprox (relational effect path in Sect. 29.2); • [CultNEDCommun] (+) – Bank Culture – Non-Executive Directors – Review of Appropriate Steps to Communicate Values, Codes and Policies – Enhancement of Monitoring Effect, coverage/rating +7/87.50 rprox (relational effect path in Sect. 29.2); and • [CultNEDDiscipline] (+) – Bank Culture – Non-Executive Directors – Review and Oversight of Disciplinary Actions for Breaches of Values, Codes and Policies  – Enhancement of Monitoring Effect, coverage/rating +7/87.50 rprox (relational effect path in Sect. 29.2). The behaviour of these eight corporate and risk ‘culture’ variables was hypothesized to be identical to the [BrdIndMon] (+) variable in section 7.3.2.1.2 of Stage 1, coverage/rating of +7/87.50 rprox, which in turn is identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, also with a coverage/rating of +7/87.50 rprox. This equates to a coverage/rating of +7/87.50 rprox for these eight corporate and risk NED ‘culture’ variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Except where stated, the Stage 2 relational approach below will be to craft a number of bank risk culture variables from the APRA Final Report identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1. This equates to a coverage/ rating of +7/87.50 rprox. Again, for the integrity of the relational approach, the variables below are not hypothesized to be identical to the [BrdIndMon] (+)5 variable in section 7.3.2.1.2 of Stage 1  – Board Independent Director: Executive Director Proportion  – Monitoring Effect, +7/87.50 rprox. In the [BrdIndMon] (+) variable, the  Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox.

5

1066

40  Risk Culture, Risk Appetite and Risk Appetite Statements

enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient of non-executive directors. Thus, the effect of the [BrdIndMon] (+) variable is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of the independence of non-executive directors. Instead below, there is no independence element. Like the [BrdSkills] (+) variable, coverage/rating +7/87.50 rprox, there is an hypothesised enhancement in risk management and therefore internal monitoring. Thus, the effect of these governance variables is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, these variables can be seen as an enhancement in the quality of decision-making reflected in an enhancing effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Thus, like the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 1,6 coverage/rating +7/87.50 rprox, the governance variables below affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 1). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank  – an obligation which remains constant by force of law – is not affected by the risk culture-setting functions and responsibilities of the board. Compliance Factor No 2 thus remains constant for these variables. This equates to a coverage/rating of +7/87.50 rprox for the following bank risk culture variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

40.1 Elements of Sound Risk Culture Therefore, as noted in the introduction to this chapter above, the following variables are based on the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 17 and in the same positive (+) direction, coverage/rating +7/87.50 rprox. For APRA, there was no single model, but a sound risk culture has a number of elements to support effective risk management:8 • consistency with the organisation’s risk appetite or strategy:

 See discussion in sections 7.3.1.2.1 of Stage 1, above n 4, pp 198–201.  Ibid. 8  Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (‘APRA Final Report’), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-Report_30042018.pdf, pp 82–83. 6 7

40.1  Elements of Sound Risk Culture

1067

–– [CultConsistRiskApp] (+)  – Bank Culture  – Consistency of Risk Culture with Bank’s Risk Appetite and Strategy  – Enhancement of Monitoring Effect – Enhancement in the Quality of Decision-making (APRA) – coverage/rating +7/87.50 rprox; • appropriately embedded across different parts of the business: –– [CultEmbedAcrossBus] (+) – Bank Culture – Embedding of Risk Culture Across Different Parts of the Business – Enhancement of Monitoring Effect – Enhancement in the Quality of Decision-making (APRA) – coverage/rating +7/87.50 rprox; • a clear tone at the top and role modelling of good risk behaviours by leaders: –– [CultToneAtTop] (+) – Bank Culture – Tone At the Top – Enhancement of Monitoring Effect  – Enhancement in the Quality of Decision-making (APRA) – coverage/rating +7/87.50 rprox; and –– [CultRoleModelRiskBehave] (+) – Bank Culture – Role Modelling of Good Risk Behaviours by Leaders  – Enhancement of Monitoring Effect  – Enhancement in the Quality of Decision-making (APRA) – coverage/rating +7/87.50 rprox; • constructive challenge from a range of perspectives: –– [CultConstructChallenge] (+) – Bank Culture – Constructive Challenge – Enhancement of Monitoring Effect – Enhancement in the Quality of Decision-­ making (APRA) – coverage/rating +7/87.50 rprox; • timely and transparent information flows without fear of blame: –– see the governance variables in Sects. 38.4, 38.5, 38.6, 38.7, 38.8, 38.9, 38.10, 38.11, 38.12, 38.13, 38.14, 38.15, 38.16, 38.17, 38.18, 38.19, 38.20, 38.21, 38.22, and 38.23; –– and an additional governance variable here based on the relational effect path of the [TransTimeMon] (+)9 variable in section 9.1.2.1 of Stage 1 and in the same positive (+) direction with a coverage/rating of +8/100.00 rprox: • [CultTransTimeNoBlame] (+)  – Bank Culture  – Transparency and Timeliness of Information Flows with No Blame  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making (APRA)  – coverage/rating +8/100.00 rprox; and • returning to the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 1 and in the same positive (+) direction, coverage/rating +7/87.50 rprox for a consistent approach to risk management through the economic cycle:

 Transparency and timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 4, pp 262–263. 9

1068

40  Risk Culture, Risk Appetite and Risk Appetite Statements

–– [CultConsistRiskManEcoCycle] (+)  – Bank Culture  – Consistency of Approach to Risk Management Through the Economic Cycle – Enhancement of Monitoring Effect  – Enhancement in the Quality of Decision-making (APRA) – coverage/rating +7/87.50 rprox.

40.1.1 APRA’s Aims for Risk Culture For APRA, the ends of such a culture were to:10 • • • •

consistently support effective risk management; promote sound risk-taking; improve risk awareness; and support appropriate behaviours and judgments about risk-taking within a strong risk governance framework.11 Such a culture rewards taking of the right risks and penalises poor risk actions:12

• a sound risk culture is evident through appropriate rewarding of individuals and groups for taking the right risks in an informed manner and penalising those who act otherwise: –– see governance variables in Sects. 12.5, 12.6, 12.7, 12.8, 12.9, 12.10, 12.11, 12.12, 12.13, 12.14, 12.15, and 12.16 of Chap. 12 of this Stage 2; and • also ensures that activities beyond the institution’s risk appetite are recognised, assessed, escalated and addressed in a timely manner:13 –– see the “[FailRedFlag] (−)” variables in Sect. 38.6 and Sects. 45.10, 45.11, and 45.12 below.

40.2 APRA’s Nine Themes Inhibiting Sound Risk Culture APRA identified “nine cultural themes” inhibiting sound risk management: • • • • •

widespread complacency; reactivity rather than pre-emption regarding risk; uneven influence of the risk function; not fully ‘walking the talk’ when it comes to risk management; less tendency towards reflection, introspection and learning (from mistakes);

 APRA Final Report, above n 8, pp 82–83.  Ibid. 12  Ibid. 13  Ibid. 10 11

40.2  APRA’s Nine Themes Inhibiting Sound Risk Culture • collegial, high trust environment, leading to some over-confidence over-collaboration; • striving to balance empowerment with challenge, although not well executed; • aiming to be a values-led institution, but an over-reliance on good intent; and • self-perceived, but incomplete, focus on the customer.14

1069 and

Each of these is considered in turn. Thus, like the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 115 but in the negative (−) direction, the governance variables below affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 1). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the risk culture-setting functions and responsibilities of the board. Compliance Factor No 2 thus remains constant for these variables. This equates to a coverage/rating of −7/87.50 rprox for the following bank risk culture variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above):

40.2.1 APRA Identifies “Widespread Complacency”16 As noted in Sect. 40.2 above, the following variables are based on the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 117 but in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox: • [CultComplacency] (−) – Bank Culture – Culture of Complacency in Addressing Risk Management Shortcomings/Issues  – Reduction of Monitoring Effect  – Reduction in Quality of Decision-making (APRA)  – coverage/rating −7/87.50 rprox. For the content of this variable, APRA identified in detail a number of complex sub-variables: –– [CultExternalisation] (−)  – Bank Culture  – Attributing Outcomes to Non-­ controllable Factors – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA18) – coverage/rating −7/87.50 rprox; –– [CultComplex&Scale] (−)  – Bank Culture  – Attributing Outcomes to Complexity, Bureaucracy and Scale of Bank – Reduction of Monitoring Effect –

 Ibid, p 83.  See discussion in sections 7.3.1.2.1 of Stage 1, above n 4, pp 198–201. 16  APRA Final Report, above n 8, pp 83–85. 17  See discussion in sections 7.3.1.2.1 of Stage 1, above n 4, pp 198–201. 18  APRA Final Report, above n 8, p 84. 14 15

1070

–– ––

–– –– ––

40  Risk Culture, Risk Appetite and Risk Appetite Statements

Reduction in Quality of Decision-making (APRA19)  – coverage/rating −7/87.50 rprox; [CultFavEcoConds] (−)  – Bank Culture  – Favourable Operating Conditions Amplifying Self-satisfaction – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA20) – coverage/rating −7/87.50 rprox; [CultOutcomeProcess] (−) – Bank Culture – Avoiding Ownership of Outcomes by Following/Concentrating on Process  – Reduction of Monitoring Effect  – Reduction in Quality of Decision-making (APRA21)  – coverage/rating −7/87.50 rprox; [CultFailCollectiveRisk] (−) – Bank Culture – Lack of Collective Responsibility for Risk Management – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA22) – coverage/rating −7/87.50 rprox; [CultBoxTickProcess] (−)  – Bank Culture  – Box-Ticking Approach to Risk Management Focused on Process – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA23) – coverage/rating −7/87.50 rprox; and [CultPerceiveConserv] (−)  – Bank Culture  – Perception of Bank-Wide Risk Conservatism  – Reduction of Monitoring Effect  – Reduction in Quality of Decision-­making (APRA24) – coverage/rating −7/87.50 rprox.

40.2.2 APRA Identifies “Reactivity Rather Than Pre-emption Regarding Risk”25 As noted in Sect. 40.2 above, the following variables are based on the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 126 but in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox: • [CultReactive] (−)  – Bank Culture  – Culture of Reactivity Rather than Pre-­ emption Regarding Risk  – Reduction of Monitoring Effect  – Reduction in Quality of Decision-making (APRA) – coverage/rating −7/87.50 rprox; For the content of the following sub-variables, APRA identifies that this is “strongly related to complacency”27 including:

 Ibid.  Ibid. 21  Ibid. 22  Ibid. 23  Ibid. 24  Ibid, p 85. 25  Ibid, pp 85–86. 26  See discussion in sections 7.3.1.2.1 of Stage 1, above n 4, pp 198–201. 27  Ibid, p 85. 19 20

40.2  APRA’s Nine Themes Inhibiting Sound Risk Culture

1071

–– [CultFailIssueResolve] (−)  – Bank Culture  – Prolonging/Failure to Follow-­ through to Resolution of Issues – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA28) – coverage/rating −7/87.50 rprox; –– [CultFailRealTimeIssues] (−) – Bank Culture – Failure of Content to be Real Time Emerging Issues – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA29) – coverage/rating −7/87.50 rprox; –– [CultFailBroadIssues] (−) – Bank Culture – Failure of Information Escalated to Highlight Broad Issues of Risk, Reputation and Customer  – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA30) – coverage/rating −7/87.50 rprox; and –– [CultSlowRegRequest] (−)  – Bank Culture  – Slowness in Complying with Regulatory Requests – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA31) – coverage/rating −7/87.50 rprox.

40.2.3 APRA Identifies “Uneven Influence of the Risk Function”32 As noted in Sect. 40.2 above, the following variables are based on the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 133 but in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox: • [CultFailInfluenceRiskFn] (−)  – Bank Culture  – Inconsistent and Weak Influence of the Risk Function Across the Bank  – Reduction of Monitoring Effect  – Reduction in Quality of Decision-making (APRA)  – coverage/rating −7/87.50 rprox; This variable gave rise to the following sub-variables identified APRA: –– [CultFailAuthRiskFn] (−)  – Bank Culture  – Inconsistent/Weak Credibility, Authority and Respect of Risk Function  – Reduction of Monitoring Effect  – Reduction in Quality of Decision-making (APRA34)  – coverage/rating −7/87.50 rprox; –– [CultFailPerceiveRiskFn] (−)  – Bank Culture  – Risk Function Perceived as Low Priority Administrative Function or Policy Writing  – Reduction of

 Ibid.  Ibid, pp 85–86. 30  Ibid, p 86. 31  Ibid. 32  Ibid, pp 86–87. 33  See discussion in sections 7.3.1.2.1 of Stage 1, above n 4, pp 198–201. 34  APRA Final Report, above n 8, p 86. 28 29

1072

40  Risk Culture, Risk Appetite and Risk Appetite Statements

Monitoring Effect – Reduction in Quality of Decision-making (APRA35) – coverage/rating −7/87.50 rprox; –– [CultLowCapabilityRiskFn] (−) – Bank Culture – Low and Varied Capability of Risk Function and Risk and Compliance Staff  – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA36) – coverage/rating −7/87.50 rprox; and –– [CultLowResourcesRiskFn] (−)  – Bank Culture  – Low Resources and Empowerment of Risk Function and Risk and Compliance Staff – Reduction of ­Monitoring Effect – Reduction in Quality of Decision-making (APRA37) – coverage/rating −7/87.50 rprox.

40.2.4 APRA Identifies “Not Fully ‘Walking the Talk’ When It Comes to Risk Management”38 As noted in Sect. 40.2 above, the following variables are based on the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 139 but in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox: • [CultPoorExecuteRiskMan] (−)  – Bank Culture –- Poor Execution of Risk Management Practices – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA40) – coverage/rating −7/87.50 rprox; and • [CultPoorBehaveRiskMan] (−) – Bank Culture –- Poor Behaviours Relating to Risk Management – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA41) – coverage/rating −7/87.50 rprox. These variables gave rise to the following sub-variables identified APRA: –– [CultFailMitigateRisk] (−) – Bank Culture – Failure of Board to Oversee/Hold Accountable Management for Mitigation of Risks  – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA42) – coverage/rating −7/87.50 rprox; –– [CultFailClosureRisk] (−) – Bank Culture – Failure of Board to Oversee/Hold Accountable Management for Closure of Risks  – Reduction of Monitoring

 Ibid.  Ibid. 37  Ibid, p 87. 38  Ibid. 39  See discussion in sections 7.3.1.2.1 of Stage 1, above n 4, pp 198–201. 40  APRA Final Report, above n 8, p 87. 41  Ibid. 42  Ibid. 35 36

40.2  APRA’s Nine Themes Inhibiting Sound Risk Culture

––

––

––

––

1073

Effect – Reduction in Quality of Decision-making (APRA43) – coverage/rating −7/87.50 rprox; [CultFailECEmergingRisk] (−)  – Bank Culture  – Failure of Executive Committee to Consider Operational and Compliance Emerging Risks – Reduction of Monitoring Effect  – Reduction in Quality of Decision-making (APRA44)  – coverage/rating −7/87.50 rprox; [CultFail3LinesRespOwn] (−)  – Bank Culture  – Failure of Three Lines of Defence Model Through Blurred Responsibilities and Lack of Ownership  – Reduction of Monitoring Effect – Reduction in Quality of Decision-making – Reduction in Quality of Accountability/Responsibility (APRA45)  – coverage/ rating −7/87.50 rprox; [CultFailRewardRiskMan] (−)  – Bank Culture  – Failure to Reward and Recognise Sound Risk Management Practices  – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA46) – coverage/rating −7/87.50 rprox; and [CultFailAlignValuesActions] (−) – Bank Culture – Senior Leadership Failure to Align Values with Risk Management Actions/Practices  – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA47) – coverage/rating −7/87.50 rprox.

40.2.5 APRA Identifies “Less Tendency Towards Reflection, Introspection and Learning”48 As noted in Sect. 40.2 above, the following variables are based on the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 149 but in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox: • [CultFailSpaceTimePermitLearn] (−)  – Bank Culture –- Failure of Space, Time and Permission for Learning – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA50) – coverage/rating −7/87.50 rprox. This variable gave rise to the following sub-variables identified APRA:

 Ibid.  Ibid. 45  Ibid. 46  Ibid. 47  Ibid. 48  Ibid, p 88. 49  See discussion in sections 7.3.1.2.1 of Stage 1, above n 4, pp 198–201. 50  APRA Final Report, above n 8, p 88. 43 44

1074

40  Risk Culture, Risk Appetite and Risk Appetite Statements

–– [CultFailLoggedIssuesLearn] (−) – Bank Culture – Failure of Logged Issues for Learning of Frontline Staff – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA51) – coverage/rating −7/87.50 rprox; –– [CultFailRemOutcomesLearn] (−) – Bank Culture – Failure of Remuneration Outcomes for Referral, Consistency and Learning  – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA52) – coverage/rating −7/87.50 rprox; –– [CultFailECMeetSpeed] (−) – Bank Culture – Failure of Executive Committee for Long-Term Thinking and Exploration  – Reduction of Monitoring Effect  – Reduction in Quality of Decision-making (APRA53)  – coverage/rating −7/87.50 rprox; –– [CultFailECMeetLongTerm] (−)  – Bank Culture  – Failure of Executive Committee for Consideration of Long-Term Issues – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA54) – coverage/rating −7/87.50 rprox; –– [CultFailMidManLearnBehave] (−)  – Bank Culture  – Failure of Middle Management to “Embed Lessons and Instigate Behavioural and Mindset Changes” – Reduction of Monitoring Effect – Reduction in Quality of Decisionmaking (APRA55) – coverage/rating −7/87.50 rprox; –– [CultFailTransferBULearn] (−) – Bank Culture – Failure to Transfer Learnings from Business Units Across Group – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA56) – coverage/rating −7/87.50 rprox; –– [CultFailLearnRisksDown] (−) – Bank Culture – Failure to Transfer Learnings from Risk Impacts to Downstream Activities – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA57) – coverage/rating −7/87.50 rprox; and –– [CultFailLearnRisksUp] (−) – Bank Culture – Failure to Transfer Learnings from Risk Impacts to Upstream Activities – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA58)  – coverage/rating −7/87.50 rprox.

 Ibid.  Ibid. 53  Ibid. 54  Ibid. 55  Ibid. 56  Ibid, p 89. 57  Ibid. 58  Ibid. 51 52

40.2  APRA’s Nine Themes Inhibiting Sound Risk Culture

1075

40.2.6 APRA Identifies “Collegial, High Trust Environment Leading to Some Over-Confidence and Over-Collaboration”59 As noted in Sect. 40.2 above, the following variables are based on the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 160 but in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox: • [CultFail3LinesChall&Exam] (−) – Bank Culture –- Culture of Collegiality, Collaboration and Trust  – Failure of Constructive Challenge and Cross-­ ­ Examination Across 3 Lines of Defence  – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA61) – coverage/rating −7/87.50 rprox. The content of this variable is explained by APRA: The desire to move away from a past combative culture has led to some over-­compensation in pursuit of collaboration. The result has been pockets of excessive consultation or consensus- driven activity, leading to slower decision making, lengthier processes and slippage of focus on outcomes. Referred to multiple times particularly by risk function staff, this type of behaviour has been at the expense of constructive challenge and cross-examination across the three lines of defence.62

And a further sub-variable is identified by the Australian Regulator: –– [CultFailAnalyseRisk] (−)  – Bank Culture  – Culture of Collegiality, Collaboration and Trust – Failure of Comprehensive Analysis of Data on Risk Issues  – Reduction of Monitoring Effect  – Reduction in Quality of Decisionmaking (APRA63) – coverage/rating −7/87.50 rprox.

40.2.7 APRA Identifies “Striving to Balance Empowerment with Challenge, Although Not Well Executed”64 As noted in Sect. 40.2 above, the following variables are based on the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 165 but in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox:

 Ibid,  See discussion in sections 7.3.1.2.1 of Stage 1, above n 4, pp 198–201. 61  APRA Final Report, above n 8, p 89. 62  Ibid. 63  Ibid, p 90. 64  Ibid. 65  See discussion in sections 7.3.1.2.1 of Stage 1, above n 4, pp 198–201. 59 60

1076

40  Risk Culture, Risk Appetite and Risk Appetite Statements

• [CultFailCollectiveAcc] (−)  – Bank Culture –- Culture of Collegiality, Collaboration and Trust – Failure of Collective Accountability – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA66) – coverage/rating −7/87.50 rprox. Again, further sub-variables are identified by the Australian Regulator: –– [CultFailChallengeEC] (−)  – Bank Culture  – Culture of Collegiality, Collaboration and Trust – Failure to Challenge at Executive Committee Level – Reduction of Monitoring Effect  – Reduction in Quality of Decision-making (APRA67) – coverage/rating −7/87.50 rprox; –– [CultFailChallengeBrd] (−)  – Bank Culture  – Culture of Collegiality, Collaboration and Trust – Failure to Challenge at Board Level – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA68) – coverage/rating −7/87.50 rprox; and –– [CultFailFeedbackConflict] (−)  – Bank Culture  – Culture of Collegiality, Collaboration and Trust – Failure to be Receptive/Deal with Feedback, Challenge or Conflict Effectively – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA69) – coverage/rating −7/87.50 rprox.

40.2.8 APRA Identifies “Aiming to Be a Values-Led Institution, But an Over-Reliance on Good Intent”70 As noted in Sect. 40.2 above, the following variables are based on the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 171 but in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox: • [CultFailCapable&Conseq] (−)  – Bank Culture –- Culture of Collegiality, Collaboration and Trust  – Focus on Operating with Good Intent Over Risk Management – Failure of Focus on Capability and Consequences – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA72) – coverage/rating −7/87.50 rprox; and • [CultFailProcess&SystWeak] (−)  – Bank Culture –- Culture of Collegiality, Collaboration and Trust  – Focus on Operating with Good Intent Over Risk Management – Failure to Address Process and System Weaknesses – Reduction

 APRA Final Report, above n 8, p 90.  Ibid. 68  Ibid. 69  Ibid, 90 and Recommendation 27, p 93. 70  Ibid, p 91. 71  See discussion in sections 7.3.1.2.1 of Stage 1, above n 4, pp 198–201. 72  APRA Final Report, above n 8, p 91. 66 67

40.2  APRA’s Nine Themes Inhibiting Sound Risk Culture

1077

of Monitoring Effect  – Reduction in Quality of Decision-making (APRA73)  – coverage/rating −7/87.50 rprox.

40.2.9 APRA Identifies “Self-Perceived, But Incomplete, Focus on the Customer”74 As noted in Sect. 40.2 above, the following variables are based on the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 175 but in the negative (−) direction, giving rise to a coverage/rating of −7/87.50 rprox: • [CultFailCustIDSystIss] (−)  – Bank Culture –- Culture of Collegiality, Collaboration and Trust  – Failure to Identify Systemic Issues from Customer Complaints – Reduction of Monitoring Effect – Reduction in Quality of Decisionmaking (APRA76) – coverage/rating −7/87.50 rprox. Again, further sub-variables are identified by the Australian Regulator: –– [CultFailCustLTSolns] (−)  – Bank Culture –- Culture of Collegiality, Collaboration and Trust  – Failure to Invest in Long-Term Solutions from Customer Complaints – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA77) – coverage/rating −7/87.50 rprox; –– [CultFailCustLTRiskOuts] (−)  – Bank Culture –- Culture of Collegiality, Collaboration and Trust – Failure to Address Customer Complaints with LongTerm Risk Outcomes – Reduction of Monitoring Effect – Reduction in Quality of Decision-making (APRA78) – coverage/rating −7/87.50 rprox; and –– [CultFailCustLTCustOuts] (−)  – Bank Culture –- Culture of Collegiality, Collaboration and Trust – Failure to Address Customer Complaints with LongTerm Customer Outcomes  – Reduction of Monitoring Effect  – Reduction in Quality of Decision-making (APRA79) – coverage/rating −7/87.50 rprox.

 Ibid.  Ibid. 75  See discussion in sections 7.3.1.2.1 of Stage 1, above n 4, pp 198–201. 76  APRA Final Report, above n 8, pp 91–92. 77  Ibid. p 92. 78  Ibid. p 92. 79  Ibid. p 92. 73 74

1078

40  Risk Culture, Risk Appetite and Risk Appetite Statements

40.3 Senior Management Responsibilities for Risk Culture, Risk Management and Provision of Information The BCBS devotes an entire principle – Principle 4 – to senior management under the direction and oversight of the board.80 For the BCBS, senior management’s contribution to corporate governance is centred around risk – implementing “business strategies, risk management systems, risk culture, processes and controls for managing the risks – both financial and non-­ financial – to which the bank is exposed”.81 This includes: [C]omprehensive and independent risk management, compliance and audit functions as well as an effective overall system of internal controls. Senior management should recognise and respect the independent duties of the risk management, compliance and internal audit functions and should not interfere in their exercise of such duties.82

Importantly, the BCBS imposes on senior management a responsibility for ‘regular and adequate’ provision of information to the board on material matters. These, typically, resonate with failures surrounding the GFC: • • • • • •

changes in business strategy, risk strategy/risk appetite; the bank’s performance and financial condition; breaches of risk limits or compliance rules; internal control failures; legal or regulatory concerns; and issues raised as a result of the bank’s whistleblowing procedures.83

40.3.1 Governance Variables for Senior Management Responsibilities In Sect. 38.6 above, the relational approach introduced a governance variable modelled on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 – but negative (−) in effect giving rise to a coverage/rating of −8/100.00 rprox – representing failure or deficiency in the flow of information to escalate problems or ‘red flags’ upward through the bank to senior management and/or the board. This variable represents a failing in the Board’s responsibilities or functions in the oversight of the risk management function by failing to escalate problems or red flags:

 The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’), Principle 4, pp 20–21. 81  Ibid, Para 93, p 20. 82  Ibid. 83  Ibid, Para 94, pp 20–21. 80

40.3  Senior Management Responsibilities for Risk Culture, Risk Management…

1079

• [FailRedFlag] (−) – Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (OECD Key Findings 2009), (OECD Kirkpatrick Report 2009), (EC Green Paper 2010). This ‘red flag’ variable is a (failure of) disclosure variable identical to the [TransTimeMon] (+)84 variable except in the negative (−) direction to reflect a reduction in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the deficiency in information flow. Alternatively, there is a reduction in the quality of decision-­ making – Decision-making Factor No 7 and/or a failure of clear lines of accountability/responsibility affecting negatively Responsibility Factor No 8. The Stage 2 relational approach turns in this section to again consider ‘red flag’ failings to escalate information – but this time on the part of senior management. These senior management variable failings are given the prefix ‘SManRedFlag’. The failings identified by the BCBS in this Sect. 40.3 raise the following variables relating to failure by senior management to escalate information upwards to the board, all of which again track the relational effect path of the [TransTimeMon] (+)85 variable in section 9.1.2.1 of Stage 1 but in the negative (−) direction. Thus, the following variables have a coverage/rating of −8/100.00 in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • [SManRedFlagBusStrat] (−) – Banks – Risk Management – Failure by Senior Management to Escalate Problems or Red Flags in relation to Business Strategy – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating −8/100.00 rprox (BCBS); • [SManRedFlagRiskStrat] (−) – Banks – Risk Management – Failure by Senior Management to Escalate Problems or Red Flags in relation to Risk Strategy – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating −8/100.00 rprox (BCBS); • [SManRedFlagRiskApp] (−) – Banks – Risk Management – Failure by Senior Management to Escalate Problems or Red Flags in relation to Risk Appetite – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating −8/100.00 rprox (BCBS); • [SManRedFlagFinPerform] (−)  – Banks  – Risk Management  – Failure by Senior Management to Escalate Problems or Red Flags in relation to Firm Financial Performance – Reduction in Information Flow – Reduction in Quality

84 85

 See discussion in section 9.1.2.1 of Stage 1, above n 4, pp 198–199.  Ibid.

1080

•

•

•

•

•

40  Risk Culture, Risk Appetite and Risk Appetite Statements

of Risk Management and Internal Monitoring and Decision-making, coverage/ rating −8/100.00 rprox (BCBS); [SManRedFlagFinCond] (−) – Banks – Risk Management – Failure by Senior Management to Escalate Problems or Red Flags in relation to Firm Financial Condition  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating −8/100.00 rprox (BCBS); [SManRedFlagRiskLimit] (−) – Banks – Risk Management – Failure by Senior Management to Escalate Problems or Red Flags in relation to Breaches of Risk Limits and Compliance Rules – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating −8/100.00 rprox (BCBS); [SManRedFlagIntConts] (−) – Banks – Risk Management – Failure by Senior Management to Escalate Problems or Red Flags in relation to Failures in Internal Controls  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating −8/100.00 rprox (BCBS); [SManRedFlagLegal] (−)  – Banks  – Risk Management  – Failure by Senior Management to Escalate Problems or Red Flags in relation to Legal or Regulatory Issues  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating −8/100.00 rprox (BCBS); and [SManRedFlagRiskWhistle] (−)  – Banks  – Risk Management  – Failure by Senior Management to Escalate Problems or Red Flags in relation to Whistleblowing Procedures  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating −8/100.00 rprox (BCBS).

40.4 Developing a Risk Appetite Is a Responsibility of the Board For the BCBS, developing, defining and communicating the bank’s risk appetite was the responsibility of the board as were “disciplinary actions for excessive risk-­ taking, escalation procedures and board of director notification.”86 The IIF Final Report 2008 similarly recommended focus on a risk culture and the “risk-control process”, which was the responsibility of senior management, and particularly the CEO, with board oversight: Firms should establish clear policies that define risk management as the responsibility of each institution’s senior management, in particular the CEO, subject to the oversight of the Board. Senior management should be involved in the risk-control process, and both the

86

 BCBS Guidelines 2015, above n 80, Paras 33–35, p 10.

40.5  Risk Appetite Statement (RAS) and Risk Management Strategy (RMS)

1081

Board and senior management should regard risk management and control as essential aspects of the business.87

“Risk appetite” is defined by the BCBS as: The aggregate level and types of risk a bank is willing to assume, decided in advance and within its risk capacity, to achieve its strategic objectives and business plan.88

Risk appetite should include all types of risk, “including risks arising from the firm’s relationship to off-balance-sheet vehicles” and “involve finance and treasury functions as well as risk management in monitoring the overall risk of the firm”.89

40.5 Risk Appetite Statement (RAS) and Risk Management Strategy (RMS) 40.5.1 APRA Requirements for the RAS and RMS The development of risk appetite  – through a Risk Appetite Statement and Risk Management Strategy – raises the following variables for Stage 2 of the relational approach Key Code and Advanced Handbook. These variables are ‘strong’ versions of the [BrdSkills] (+)90 variable, coverage/rating +7/87.50 rprox. The behaviour of these risk appetite, RAS and RMS variables is hypothesised to be identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). This is further discussed in this Sect. 40.5 below. Governance variables for APRA’s Prudential Standard CPS 220 Risk Management91 in this Sect. 40.5 are: • [220RASBrdRespSet&ApproveRAS] (+)  – Banks  – CPS 220RAS  – Risk Appetite Statement  – Board to Set and Approve a Clear and Concise RAS to

 IIF Final Report 2008, above n 2, Recommendation I.1, p 32 (emphasis in original). See also, Principles I.i – I.iii, pp 31–32. 88  BCBS Guidelines 2015, above n 80, Glossary, p 1 (footnote omitted). For the IIF – for risk appetite – “a useful but not exclusive definition might be the risk of loss that the firm is willing to accept over a specified time horizon at a given level of confidence; risk appetite needs to take into account the firm’s business mix and strategy, earnings goals, culture, and competitive position”. See IIF Final Report 2008, above n 2, Discussion of Recommendation I.1, p 32. 89  IIF Final Report 2008, above n 2, Executive Summary, p 9. 90  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 4, pp 198–201. 91  Australian Prudential Regulation Authority, Prudential Standard CPS 220 Risk Management, July 2019, accessed 22 September 2019, available at https://www.apra.gov.au/sites/default/files/ cps_220_risk_management_effective_from_1_july_2019.pdf (‘CPS 220’), sections 27–28, pp 7–8. 87

1082

40  Risk Culture, Risk Appetite and Risk Appetite Statements

Address Material Risks92  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (APRA CPS 220); • [220RASMinimumRequirements] (+) – Banks – CPS 220RAS – Risk Appetite Statement  – Minimum Requirements for RAS93  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­ making, coverage/rating of +7/87.50 rprox (APRA CPS 220), including:94 –– degree of risk in pursuit of strategic objectives and business plan (risk appetite); –– for each material risk – maximum level of risk expressed as a risk limit and based on risk appetite, risk profile and capital strength (risk tolerance); –– process to set risk tolerance at appropriate level based on impact and likelihood that the risk is realised; –– process to monitor compliance with each risk tolerance and appropriate action in case of breach; and –– timing and process for review of risk appetite and risk tolerance; • [220RMSBrdApprovedEachMatRisk] (+)  – Banks  – CPS 220RMS  – Risk Management Strategy  – Board Approved RMS for each Material Risk95  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (APRA CPS 220); • [220RMSMinimumRequirements] (+)  – Banks  – CPS 220RMS  – Risk Management Strategy – Minimum Requirements for RMS96 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-­ making, coverage/rating of +7/87.50 rprox (APRA CPS 220), including:97 –– –– –– ––

description of each material risk and approach to managing it; list of policies and procedures; roles and responsibilities of risk management function; describe risk governance relationship between Board, committees and senior management in relation to RMF; and –– ensuring all staff are aware of RMF relating to their role and for instilling risk culture.

 Ibid, section 27, p 7.  Ibid, section 28, p 8. 94  Ibid. 95  Ibid, section 29, p 8. 96  Ibid, section 30, p 8. 97  Ibid, section 30(a) – (e), p 8. 92 93

40.5  Risk Appetite Statement (RAS) and Risk Management Strategy (RMS)

1083

40.5.2 Governmental and Market Participant Reports on the RAS When examining the Risk Appetite Statement (RAS), the Stage 2 relational approach in this section will be to identify governmental and market participant report requirements which will be identified with a square-bracketed number ‘[…]’ which corresponds to the numbered list of governance variables introduced at the end of this Sect. 40.5. Thus, reflecting the cataclysmic losses for banks during the financial crisis, there are a considerable number of variables – twenty-three (23) – relating to the RAS to craft for Stage 2 of the relational approach. For the BCBS, risk appetite is expressed in a Risk Appetite Statement (RAS)98 defined as: The written articulation of the [2] aggregate level and types of risk that a bank will accept, or avoid, in order to achieve its business objectives. It includes [4–7] quantitative measures expressed relative to [4] earnings, [5] capital, [7] risk measures, [6] liquidity and [7] other relevant measures as appropriate. It should also include qualitative statements to address [8] reputation and [9] conduct risks as well as [10] money laundering and [11] unethical practices.99

For construction of the relational governance variables, the BCBS requires the RAS to: • include both [4–7] quantitative and [8–11] qualitative considerations; • establish the [1] individual and [2] aggregate level and types of risk that the bank is willing to assume in advance of and in order to achieve its business activities within its [3] risk capacity; • define the [12] boundaries and business considerations in accordance with which the bank is expected to operate when pursuing the business strategy; and • communicate the board’s risk appetite effectively throughout the bank, [13] linking it to daily operational decision-making and [14] establishing the means to raise risk issues and strategic concerns across the bank.100 The IIF also made a number of recommendations in relation to risk appetite including: • [15] periodically reviewing the risk appetite proposed by senior management;101 • demonstrating consideration of all risks including “[16] non-contractual, [17] contingent, and [18] off-balance-sheet risks; [8] reputational risks; [19] counterparty risks; and [18] other risks arising from the firm’s relationship to off-­ balance-­sheet vehicles;”102  BCBS Guidelines 2015, above n 80, Para 35, p 10.  Ibid, Glossary, p 2. 100  Ibid, Para 36, p 10. 101  IIF Final Report 2008, above n 2, Recommendation I.9, p 35. 102  Ibid, Recommendation I.10, p 35. 98 99

1084

40  Risk Culture, Risk Appetite and Risk Appetite Statements

• containing both [8–11] qualitative and [4–7] quantitative elements;103 • basing risk appetite on established risk limits which [20] “should be measured on a global, consolidated basis and constantly monitored against the limits”;104 • connecting risk appetite to [21] the bank’s overall business strategy and capital plan with monitoring against the bank’s financial measures on an on-going basis;105 and • involving risk management at the start of the business planning process [22] “to test how growth or revenue targets fit with the firm’s risk appetite and to assess [23] potential downsides”.106 Again, the development of risk appetite – through a Risk Appetite Statement – raises twenty-three (23) bank-specific governance variables for Stage 2 of the relational approach. These variables are ‘strong’ versions of the [BrdSkills] (+)107 variable, coverage/rating of +7/87.50 rprox. The behaviour of these risk appetite and RAS variables is hypothesised to be identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 (see below), coverage/rating of +7/87.50 rprox. Governance variables for the BCBS recommendations in this Sect. 40.5 are: 1. [RASIndLevelType] (+)  – Banks  – Boards  – Risk Appetite Statement  – Individual Level and Types of Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; 2. [RASAggLevelType] (+)  – Banks  – Boards  – Risk Appetite Statement  – Aggregate Level and Types of Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; 3. [RASRiskCapacity] (+) – Banks – Boards – Risk Appetite Statement – Risk Capacity – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; 4. [RASQuantEarnRisk] (+)  – Banks  – Boards  – Risk Appetite Statement  – Quantitative Measure of Earnings Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; 5. [RASQuantCapitalRisk] (+) – Banks – Boards – Risk Appetite Statement – Quantitative Measure of Capital Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox;

 Ibid, Recommendation I.11, p 35.  Ibid, Recommendation I.12, p 35. 105  Ibid, Recommendation I.13, p 35. 106  Ibid, Recommendation I.14, p 35. 107  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 4, pp 198–201. 103 104

40.5  Risk Appetite Statement (RAS) and Risk Management Strategy (RMS)

1085

6. [RASQuantLiquidity] (+)  – Banks  – Boards  – Risk Appetite Statement  – Quantitative Measure of Liquidity Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; 7. [RASQuantOtherRisks] (+) – Banks – Boards – Risk Appetite Statement – Other Quantitative Risk Measures  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; 8. [RASQualRepRisk] (+)  – Banks  – Boards  – Risk Appetite Statement  – Qualitative Measure of Reputational Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; 9. [RASQualConductRisk] (+) – Banks – Boards – Risk Appetite Statement – Qualitative Measure of Conduct Risk – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; 10. [RASQualLaunderRisk] (+) – Banks – Boards – Risk Appetite Statement – Qualitative Measure of Money Laundering Risk  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; 11. [RASQualUnethicsRisk (+)  – Banks  – Boards  – Risk Appetite Statement  – Qualitative Measure of Unethical Practices Risk  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; 12. [RASBoundaryLimits] (+)  – Banks  – Boards  – Risk Appetite Statement  – Definition of Operating Boundaries, Limits and Business Considerations within Business Strategy – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; 13. [RASDecisionOps] (+)  – Banks  – Boards  – Risk Appetite Statement  – Communication of RAS in Terms of Day-to-Day Operational Decisionmaking  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; and 14. [RASEscalateReport] (+)  – Banks  – Boards  – Risk Appetite Statement  – Procedure for Escalating/Reporting Issues Across the Bank – Enhancement of Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox. For the IIF recommendations in this Sect. 40.5 additional to the BCBS’ RAS requirements, the variables are: 15. [RASPeriodReview] (+)  – Banks  – Boards  – Risk Appetite Statement  – Periodic Review of Risk Appetite  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox;

1086

40  Risk Culture, Risk Appetite and Risk Appetite Statements

16. [RASNonContractRisk] (+) – Banks – Boards – Risk Appetite Statement – Measure of All Non-Contractual Risks and Liabilities  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; 17. [RASContingentRisk] (+)  – Banks  – Boards  – Risk Appetite Statement  – Measure of All Contingent Risks and Liabilities  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; 18. [RASOff-BalanceRisk] (+)  – Banks  – Boards  – Risk Appetite Statement  – Measure of All Off-Balance-Sheet Risks and Liabilities  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; and 19. [RASCountPartyRisk] (+)  – Banks  – Boards  – Risk Appetite Statement  – Measure of All Counterparty Risks  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox. In addition, for the IIF, there are four governance variables to reflect the on-going monitoring and testing functions for each of the above risks, limits, considerations and procedures: 20. [RASMonitorLimits] (+)  – Banks  – Boards  – Risk Appetite Statement  – Monitoring of All RAS Risks Against Global Consolidated Limits (On-going) – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; 21. [RASMonitorStratCapPlan] (+)  – Banks  – Boards  – Risk Appetite Statement  – Monitoring of Strategy and Capital Plan Against Financial Measures (On-going)  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/ rating of +7/87.50 rprox; 22. [RASTestGrowRevTargets] (+) – Banks – Boards – Risk Appetite Statement – Test Growth and Revenue Targets Against Risk Appetite (Ongoing)  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; and 23. [RASTestIDDownsides] (+)  – Banks  – Boards  – Risk Appetite Statement  – Test Growth and Revenue Targets to Identify ‘Downsides’ (On-going)  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox. Again, for the integrity of the relational approach, the APRA RAS variables and the variables numbered 1–23 are not hypothesized to be identical to the [BrdIndMon] (+)108 variable in section 7.3.2.1.2 of Stage 1  – Board Independent Director: Executive Director Proportion – Monitoring Effect, coverage/rating +7/87.50 rprox. In the [BrdIndMon] (+) variable, the enhancement of the monitoring of the CEO,  Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox.

108

40.5  Risk Appetite Statement (RAS) and Risk Management Strategy (RMS)

1087

executives and management is based on the independence ingredient of non-­ executive directors. Thus, the effect of the [BrdIndMon] (+) variable is predicted to be significant on Reporting Factor No 1, Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of the independence of non-executive directors. Instead here, again, there is no independence element. Like the [BrdSkills] (+) variable, there is an hypothesised enhancement in risk management and therefore internal monitoring. Thus, the effect of these governance variables is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, these variables can be seen as an enhancement in the quality of decision-making reflected in an enhancing effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Thus, like the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 1,109 coverage/rating of +7/87.50 rprox, these governance variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 1). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank  – an obligation which remains constant by force of law  – is not affected by the risk appetite statement functions and responsibilities of the board. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of +7/87.50 rprox for these twenty-three corporate, risk appetite and RAS variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

40.5.3 ASIC Governance Taskforce 2019 on the RAS For ASIC, “risk appetite is the amount of risk [an organisation] is willing to accept in pursuing its strategic objectives.”110 The ASIC Governance Taskforce 2019 recommendations on the RAS included: 1. Boards need to hold management to account when companies are operating outside appetite; 2. The full board must engage with the RAS for it to be an effective oversight tool; 3. Risk appetite needs to be clearly expressed, reflecting actual appetite; 4. Metrics should be a proxy for the actual risk position to enable meaningful monitoring of appetite;

 See discussion in sections 7.3.1.2.1 of Stage 1, above n 4, pp 198–201.  Australian Securities and Investments Commission, ASIC Corporate Governance Taskforce, Director and Officer Oversight of Non-financial Risk Report, October 2019, accessed 15 April 2020, available at https://download.asic.gov.au/media/5290879/rep631-published-2-10-2019.pdf (‘2019ASIC’), p 11. 109 110

1088

40  Risk Culture, Risk Appetite and Risk Appetite Statements

5. Metrics for measuring risk exposure should align with the stated risk appetite 6. Metrics should include leading and lagging indicators; 7. Boards should consider if metrics for a non-financial risk is comparable to those for other risks; [and] 8. Reporting to the board should be aligned with risk appetite and metrics.111

Again, the development of risk appetite – through a Risk Appetite Statement – raises for ASIC further bank-specific governance variables for Stage 2 of the relational approach. These variables are ‘strong’ versions of the [BrdSkills] (+)112 variable, coverage/rating of +7/87.50 rprox. The behaviour of these risk appetite and RAS variables is hypothesised to be identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 (see below), coverage/rating of +7/87.50 rprox. For RAS failings, the behaviour of these risk appetite and RAS variables is hypothesised to be identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, but in the negative (−) direction, coverage/rating of −7/87.50 rprox. Negative (−) direction governance variables for the ASIC recommendations in this Sect. 40.5 are identified with the prefix ‘2019ASICRAS’ as follows: 1. [2019ASICRASComplyRiskNotReflectApp] (−) – 2019ASIC Risk Appetite Statement  – Stated Compliance Risk Appetite does not Reflect Actual Appetite113 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (2019ASIC); 2. [2019ASICRASNFRiskNotReflectApp] (−)  – 2019ASIC Risk Appetite Statement – Stated Non-financial Risk Appetite (Generally) does not Reflect Actual Appetite114 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (2019ASIC); 3. [2019ASICRASMetricsNotRepresentRisk] (−)  – 2019ASIC Risk Appetite Statement – Metrics Do Not Give Representative View of Level of Risk115 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (2019ASIC); 4. [2019ASICRASNFRReportNotAlignMetrics] (−)  – 2019ASIC Risk Appetite Statement  – Non-financial Risk Reporting Does Not Align with Metrics116 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (2019ASIC);

 Ibid, p 1.  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 4, pp 198–201. 113  2019ASIC, above n 110, p 11. 114  Ibid. 115  Ibid. 116  Ibid. 111 112

40.5  Risk Appetite Statement (RAS) and Risk Management Strategy (RMS)

1089

5. [2019ASICRASNFRAppLessMatureFinRisks] (−)  – 2019ASIC Risk Appetite Statement – Non-financial Risk Appetite Less Mature than Financial Risks117  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (2019ASIC) including: (a) financial risk metrics are more granular and comprehensive than NFR; 6. [2019ASICRASOperateOutsideAppforNFR] (−) – 2019ASIC Risk Appetite Statement – Bank Operating Outside Risk Appetite for Non-financial Risks118 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (2019ASIC) including remediation: (a) [c]onsidering compliance risk exposure holistically and prioritising the resolution of root causes of appetite breaches;119 (b) [c]hallenging the actions and timeframes within which management proposes to resolve the issue – prioritisation and slippage should be monitored and accounted for;120 (c) [b]oards should consider whether management needs to cease practices that are causing companies to be outside appetite”;121 (d) [m]ain barrier was finding the right expertise in the market to address the issues;122 [and] (e) [r]equire management to undertake root cause analysis [or ‘deep dives’], or thematic analysis, to identify underlying causes of recurring breaches of appetite;123

7. [2019ASICRASMetricsDiscreteOnly] (−)  – 2019ASIC Risk Appetite Statement  – RAS Metrics Measure Discrete Issues Rather than Broader Compliance Behaviour124  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (2019ASIC) including:



(a) lagged indicators – focus on breach of specific laws or regulations which is a lagged indicator of compliance rather than the leading indicator of compliance risk exposure;125 (b) remediation

(i) [b]oards need to select and develop metrics that are representative of the risk they are measuring;126 (ii) [ i]ncreasing the number of metrics does not necessarily provide the solution;127 [and]

 Ibid.  Ibid, p 14. 119  Ibid. 120  Ibid, 16. 121  Ibid. 122  Ibid. 123  Ibid. 124  Ibid, p 20. 125  Ibid. 126  Ibid. 127  Ibid. 117 118

1090

40  Risk Culture, Risk Appetite and Risk Appetite Statements (iii) [t]hough boards need to consider whether their metrics are sufficiently representative to ‘cover the field’… of what [the board] is trying to measure across the organisation;128

8. [2019ASICRASMetricsHowBreachOccurred] (−)  – 2019ASIC Risk Appetite Statement – RAS Metrics Focused on Nature of Breach (Deliberate, Intentional or Negligent) Rather Than How Breach Occurred129 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-­making, coverage/rating of −7/87.50 rprox (2019ASIC) including remediation:

(a) [w]ell-developed compliance risk metrics should enable a company to measure how it is complying with its appetite;130 [and] (b) [s]imilarly, boards should also be able to access information to identify systemic issues and perform root cause analysis;131

9. [2019ASICRASLaggedMetricsOnly] (−)  – 2019ASIC Risk Appetite Statement – RAS Metrics Are Lagged Measuring Breaches that have Already Occurred132 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (2019ASIC) including remediation:

(a) [b]oards should aim to include leading indicators in metrics that raise an early warning for rising risk levels. This would enable boards to require management to act early to avoid breaching a particular tolerance;133 (b) [s]ing leading indicators is a well-developed practice for measuring safety risk outside the financial services sector, where the focus has shifted from actual incidents to ‘near misses’;134 [and] (c) [t]here appears to be more scope for using leading indicators in relation to other nonfinancial risks such as compliance risk;135

10. [2019ASICRASFinMetricsMoreSpecificGranular] (−)  – 2019ASIC Risk Appetite Statement  – RAS Metrics  – Metrics for Financial Risks are More Specific and Granular than for NFR136 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (2019ASIC) including:

(a) [m]etrics for one financial risk were broken down into portfolios, industries and jurisdictions, with each group having a number of quantitative metrics that included a trigger level and a limit;137 [and]

 Ibid.  Ibid, p 21. 130  Ibid. 131  Ibid. 132  Ibid, p 22. 133  Ibid. 134  Ibid. 135  Ibid. 136  Ibid, p 23. 137  Ibid. 128 129

40.5  Risk Appetite Statement (RAS) and Risk Management Strategy (RMS)

1091

(b) [b]oards need to consider the impact that metrics have on the depth of analysis for non-financial risks. Metrics should provide insight into broader compliance behaviour. Boards should recognise that ‘what gets measured gets managed’;138

11. [2019ASICRASFailReportAgainstMetrics] (−) – 2019ASIC Risk Appetite Statement  – RAS Metrics  – Failure to Report to Board Against Metrics and Stated Appetite in the RAS at Board Level and BRC Level139 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (2019ASIC) including remediation:

(a) [b]y aligning its reporting, it provides a clear view of the level of risk the company is accepting, compared to what the board is comfortable with;140 [and] (b) [o]ne organisation’s compliance reports were particularly useful in that they showed how it was operating against its compliance risk appetite, including risk mapping that identified deteriorating trends in certain compliance categories that could increase the compliance risk. This gave the BRC advance warning of potential increases in compliance risk levels;141

Positive (+) governance variables for the ASIC recommendations in this Sect. 40.5 are: 1. [2019ASICRASRequireForEffectiveRAS] (+)  – 2019ASIC Risk Appetite Statement – Requirements/Elements for an Effective RAS142 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (2019ASIC) including;

(a) [c]learly articulate the level of risk the board is willing to accept and its tolerance regarding that risk; (b) [h]ave. metrics that are sufficiently representative, to enable the board to measure where the company is operating against risk appetite and tolerance; (c) [m]eaningful management reporting to the board on risk appetite metrics; [and] (d) [a] board that holds management accountable, when the company operates outside risk appetite.143

2. [2019ASICRASMarkersIndicateApproachApp] (+)  – 2019ASIC Risk Appetite Statement  – Markers Indicate to Board that Bank Approaching Appetite144  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (2019ASIC) including:

(a) ‘early warning’ level reported as ‘amber’ for reaching a ‘discussion point’;145

 Ibid.  Ibid, p 24. 140  Ibid. 141  Ibid. 142  Ibid, p 12. 143  Ibid. 144  Ibid, p 13. 145  Ibid. 138 139

1092

40  Risk Culture, Risk Appetite and Risk Appetite Statements (b) ‘intervention’ level reported as ‘red’ indicating outside appetite and action required to return to ‘within appetite’;146

3. [2019ASICRASFullBrdEngage] (+)  – 2019ASIC Risk Appetite Statement  – Full Board Engagement Needed to Set Risk Appetite147 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating of +7/87.50 rprox (2019ASIC) including, for compliance risks and all non-financial risks:

(a) all directors to engage with details in the RAS, approve RAS and understand RAS metrics;148 (b) this “sends a strong message to management that the board considers the RAS to be important”;149

4. [2019ASICRASClearExpressRiskApp] (+)  – 2019ASIC Risk Appetite Statement – RAS to “Clearly Express the Board’s Appetite for the Level of Risk it is Willing for the Company to Accept”150 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (2019ASIC); 5. [2019ASICRASRiskAppMatchActualToler] (+)  – 2019ASIC Risk Appetite Statement – Risk Appetite to Match Actual Tolerance Levels151 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (2019ASIC); 6. [2019ASICRASAccount&Conseq] (+) – 2019ASIC Risk Appetite Statement – Risk Appetite to be Reinforced through Strong Accountability and Consequences152 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (2019ASIC) including: (a) [a]ddition of statements describing the companies’ expectations when non-­ compliance did occur – for example, the expected process for identifying, escalating and remediating breaches;153

 Ibid  Ibid, p 17. 148  Ibid. 149  Ibid. 150  Ibid, p 18. 151  Ibid, p 19. 152  Ibid. 153  Ibid. 146 147

40.6  APRA Business Plan and Policies and Procedures

1093

40.6 APRA Business Plan and Policies and Procedures The development of a Business Plan and Policies and Procedures required by APRA’s Prudential Standard CPS 220 Risk Management154 raises further governance variables for Stage 2 of the relational approach Key Code and Advanced Handbook. These variables are ‘strong’ versions of the [BrdSkills] (+)155 variable, coverage/rating of +7/87.50 rprox. The behaviour of these Business Plan and Policies and Procedures variables is hypothesised to be identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2) above. In relation to the Business Plan: • [220BusPlanBrdApproveStratObjects] (+)  – Banks  – CPS 220BusPlan  – Business Plan – Written Business Plan to Implement Strategic Objectives156 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (APRA CPS 220), including: –– board-approved rolling 3-year plan reviewed annually and reported to Board;157 and –– identifying material risks from strategic objectives to be managed through RMF including effect on risk profile;158 In relation to Policies and Procedures: • [220Pol&ProcRequirements] (+) – Banks – CPS 220Pol&Proc – Policies and Procedures – Policies and Procedures under Section 30 RMS159 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (APRA CPS 220), including for160: –– –– –– ––

identifying and assessing material risks and controls; validation, approval and use of models; establishing, implementing and testing mitigation strategies; monitoring, communicating and reporting risk including escalation of material events/incidents; –– identifying, monitoring and managing conflicts of interest;

 CPS 220, above n 91, pp 8–9.  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 4, pp 198–201. 156  CPS 220, above n 91, section 31, p 8. 157  Ibid, section 32, p 9. 158  Ibid, section 33, p 9. 159  Ibid, section 35, pp 9–10. 160  Ibid, section 35(a)-(i), p 9. 154 155

1094

40  Risk Culture, Risk Appetite and Risk Appetite Statements

–– monitoring and complying with prudential requirements; –– consistency across RMF; –– establishing and maintaining contingency arrangements including recovery plans for the RMF in stressed conditions; and –– reviewing the RMF; • [220Pol&ProcRevise&ReviewDates] (+)  – Banks  – CPS 220Pol&Proc  – Policies and Procedures  – Monitoring Dates that Policies and Procedures are Last Revised, Date of Next Review and Person Responsible161 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-­making, coverage/rating of +7/87.50 rprox (APRA CPS 220).

 Ibid, section 36, p 10.

161

Chapter 41

FSB Effective Risk Appetite Framework

Abstract Chapter 41 examines the FSB guidance on a risk appetite framework (RAF) in its Principles for An Effective Risk Appetite Framework. This begins with FSB Principles for an effective risk appetite framework (RAF) and the FSB risk appetite statement (RAS). We examine the FSB risk limits and FSB roles and responsibilities for an effective RAF. The Chapter concludes with Westpac’s Board Risk Committee monitoring of risk appetite. Keywords  FSB Principles for Effective Risk Appetite Framework (RAF) · Risk appetite statement (RAS) · Risk limits · Roles and responsibilities for effective RAF · BRC monitoring of risk appetite

The FSB issued its guidance on a risk appetite framework (RAF) in its Principles for An Effective Risk Appetite Framework in November 2013.1 Like Sect. 40.5 of Chap. 40 above, the following variables are ‘strong’ versions of the [BrdSkills] (+)2 variable, coverage/rating of +7/87.50 rprox. The behaviour of these variables is hypothesised to be identical to the [BrdSkills] (+) variable in

 Financial Stability Board, Principles for An Effective Risk Appetite Framework of 18 November 2013 accessed 28 February 2019, available at http://www.fsb.org/wp-content/uploads/r_131118. pdf (‘FSBRAF’). 2  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See Board – Director Skills ‘Mix’ – see discussion in section 7.3.1.2.1 of Stage 1, pp. 198–201. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 1

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_41

1095

1096

41  FSB Effective Risk Appetite Framework

section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2) above. Governance variables for the FSB principles in this Chap. 41 are:

41.1 FSB Principles for an Effective Risk Appetite Framework (RAF) As noted in the introduction to this Chap. 41 above, these variables are hypothesised to be identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox. For the FSB, the RAF should give rise to the following variable: • [FSBRAFElements] (+) – Banks – FSBRAF – Elements for an Effective RAF3 Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox including: –– –– –– –– ––

process of communication across bank and stakeholders; top-down leadership and bottom up involvement of management; embedding risk appetite in the bank’s risk culture; evaluating risk opportunities and preventing excessive risk-taking; allowing the RAS to be the tool for risk management, internal audit and challenging decision-making; –– with senior management and board approval, allowing for an increase in business unit risk limits within the bank-wide risk appetite; and –– covering all activities, operations and systems of the bank.

41.2 FSB Risk Appetite Statement (RAS) As noted in the introduction to this Chap. 41 above, these variables are hypothesised to be identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox. For the FSB, the RAS should give rise to the following variable: • [FSBRAFRASElements] (+) – Banks – FSBRAF – Elements for an Effective Risk Appetite Statement (RAS)4  - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox including: –– key information and assumptions in strategic plans;  FSBRAF, above n 1, Principle 1.1(a) – (h), pp. 4–5.  Ibid, Principle 2.1(a) – (h), pp. 5–6.

3 4

41.3  FSB Risk Limits

1097

–– link to short- and long-term plans and compensation system; –– setting the amount of risk the bank will accept including the interests of customers, shareholders and capital and regulatory requirements; –– setting the level of risk the bank will operate with within each material risk; –– quantitative measures translated to risk limits; –– qualitative statements for accepting/avoiding different risks; –– ensuring each business unit strategy and risk limit is within the bank-wide appetite; and –– being forward-looking including scenario and stress testing.

41.3 FSB Risk Limits The FSB defines risk limit as: For the purposes of risk appetite, risk limits are the allocation of the financial institutions’ aggregate risk appetite statement to business line, legal entity levels, specific risk categories, concentrations, and as appropriate, other levels.5

As noted in the introduction to this Chap. 41 above, these variables are hypothesised to be identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox. For the FSB, the risk limit should give rise to the following variable: • [FSBRAFLimitElements] (+)  – Banks  – FSBRAF  – Elements for Effective Risk Limits6  - Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox including: –– “be set at a level to constrain risk-taking within risk appetite, taking into account the interests of customers (e.g. depositors, policyholders) and shareholders as well as capital and other regulatory requirements, in the event that a risk limit is breached and the likelihood that each material risk is realised”;7 –– to be established for each business unit and entity; –– material risk concentrations in bank and bank-wide; –– referenced to best practice and benchmarks; –– be clear and uncomplicated and not subjective; and –– allow for regular monitoring.

 Ibid, Risk Limits, p 6.  Ibid, Principle 3.1(a) – (f), pp. 6–7. 7  Ibid, Principle 3.1(a), pp. 6–7. 5 6

1098

41  FSB Effective Risk Appetite Framework

41.4 FSB Roles and Responsibilities for an Effective RAF As noted in the introduction to this Chap. 41 above, these variables are hypothesised to be identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox. For the FSB, the roles and responsibilities for an effective RAF should give rise to the following variables: • [FSBRAFBrdRolesResps] (+) – Banks – FSBRAF – Roles and Responsibilities of the Board for an Effective RAF8  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox including: –– approving the RAF with the CEO, CRO and CFO for short-term and long-­ term plans; –– “[h]olding the CEO and other senior management accountable for the integrity of the RAF, including the timely identification, management and escalation of breaches in risk limits and of material risk exposures”;9 –– ensuring business plans and compensation schemes are within the risk appetite; –– consideration of risk appetite in strategic plans; –– regular review of risk limits within agreed levels including conduct risk; –– discussion, monitoring and steps for breaching risk limits; –– challenging activities outside the RAS; –– obtaining independent assessment of the RAF; –– putting procedures in place for timely management and mitigation of risks exceeding the RAS and risk limits; –– discussions with Supervisors for establishment, monitoring and changing risk appetite; –– ensuring appropriate resources/expertise for risk management and internal audit to ensure management is operating within the RAF; and –– ensuring appropriate IT and MIS for risk identification, measurement and management; • [FSBRAFCEORolesResps] (+) – Banks – FSBRAF – Roles and Responsibilities of the CEO for an Effective RAF10  - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox including: –– establishing risk appetite with CRO and CFO consistent with short-term and long-term plans and compensation system; –– responsibility with CRO and CFO for breaches of risk limits;  Ibid, Principle 4.1(a) – (l), pp. 8–9.  Ibid, Principle 4.1(b), p 8. 10  Ibid, Principle 4.2(a) – (j), pp. 9–10. 8 9

41.4  FSB Roles and Responsibilities for an Effective RAF

1099

–– ensuring the risk appetite is translated to risk limits for business units and plans; –– implementation of RAS for business units; –– communication of risk appetite to internal/external stakeholders for bank’s risk culture; –– incorporating risk appetite into decision-making of CRO and CFO; –– implementing processes for identification, measurement, management and monitoring of risk relative to risk limits; –– devoting appropriate resources to risk management, IT and MIS to oversee the RAF; –– timely acting to ensure the management and mitigation of risks close/exceeding risk limits; and –– implementing policy for escalation to board and Supervisor of breaches; • [FSBRAFCRORolesResps] (+) – Banks – FSBRAF – Roles and Responsibilities of the CRO for an Effective RAF11  - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox including: –– –– –– –– –– –– –– –– ––

development of risk appetite with CEO and CFO; obtaining board approval of risk appetite and regular reporting of risk profile; monitor risk profile relative to risk appetite and compensation system; reporting on alignment/otherwise of risk, risk appetite and risk profile in the bank’s risk culture; ensuring integrity of risk measurement techniques; with CEO and CFO, establish risk limits for business units; monitor business units for risk limits and aggregate risk profile within risk appetite; timely acting to ensure the management and mitigation of risks close/exceeding risk limits; and escalate to CEO and board breaches of risk limits;

• [FSBRAFCFORolesResps] (+) – Banks – FSBRAF – Roles and Responsibilities of the CFO for an Effective RAF12  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox including: –– development of risk appetite with CEO and CFO; –– incorporate risk appetite into compensation system and decision-making processes; –– with the CRO and CEO, establish, monitor and report on risk limits; –– timely acting to ensure the management and mitigation of risks close/exceeding risk limits; and

11 12

 Ibid, Principle 4.3(a) – (i), p 10.  Ibid, Principle 4.4(a) – (e), pp. 10–11.

1100

41  FSB Effective Risk Appetite Framework

–– escalate to CEO and board breaches of risk limits; • [FSBRAFBULeadersRolesResps] (+)  – Banks  – FSBRAF  – Roles and Responsibilities of the Business Unit Leaders for an Effective RAF13  Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox including: –– responsibility for risk management in the business unit; –– ensure alignment of risk appetite with planning, compensation and decision-making; –– embed RAS and risk limits into activities for maintenance of bank’s risk culture; –– establish and monitor risk limits; –– cooperation with CRO and risk management function; –– establish controls to identify, monitor and report risk limits; –– timely acting to ensure the management and mitigation of risks close/exceeding risk limits; and –– timely escalation to CRO and senior management breaches of risk limits; • [FSBRAFIntAuditRolesResps] (+)  – Banks  – FSBRAF  – Roles and Responsibilities of the Internal Audit Function for an Effective RAF14  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox including: –– assess RAF on business unit and aggregate bank basis; –– identify, escalate and report the implementation of the RAF to board and senior management; –– regularly assess design and effectiveness of RAF; –– assess implementation of RAF in bank culture, all planning and decision-making; –– assess design and effectiveness of risk measurement techniques and MIS for monitoring the bank’s risk profile; –– timely reporting to board and senior management deficiencies in RAF and with alignment of risk appetite and risk profile with the risk culture; and –– assess need for expertise of external advisors to review the RAF. Again, for the integrity of the relational approach, these FSB RAF variables are not hypothesized to be identical to the [BrdIndMon] (+)15 variable in section 7.3.2.1.2 of Stage 1 - Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox. In the [BrdIndMon] (+) variable, the enhancement of the monitoring of the CEO, executives and management is based on the independence ingredient of non-executive directors. Thus, the effect of the [BrdIndMon] (+) variable is predicted to be significant on Reporting Factor No 1,  Ibid, Principle 4.5(a) – (h), p 11.  Ibid, Principle 4.6(a) – (g), p 12. 15  Board Independent Director: Executive Director Proportion – Monitoring Effect, +7/87.50 rprox; 13 14

41.5  Westpac BRC Monitoring of Risk Appetite

1101

Risk Management, Monitoring & Audit Factor No 5, Decision-making Factor No 7 and Responsibility Factor No 8 on account of the independence of non-executive directors. Instead here, again, there is no independence element. Like the [BrdSkills] (+) variable, there is an hypothesised enhancement in risk management and therefore internal monitoring. Thus, the effect of these governance variables is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, these variables can be seen as an enhancement in the quality of decision-making reflected in an enhancing effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Thus, like the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 1,16 these FSB RAF governance variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 1). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the risk appetite framework functions and the responsibilities of the board, CEO, CRO, CFO, business unit leaders and internal audit function. Compliance Factor No 2 thus remains constant for these variables. This equates to a coverage/rating of +7/87.50 rprox for these FSB RAF variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

41.5 Westpac BRC Monitoring of Risk Appetite17 The Stage 2 relational approach Key Code and Advanced Handbook will construct disclosure variables identical to the [TransTimeMon] (+)18 variable but in the negative (−) direction giving rise to a coverage/rating of −8/100.00 rprox. These variables reflect a reduction in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the reduction in information flow as a result of Westpac’s identification of shortcomings in BRC monitoring of risk appetite. This gives rise to governance variables with a coverage/ rating of −8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above).

 See discussion in sections 7.3.1.2.1 of Stage 1, above n 2, pp. 198–201.  Westpac Banking Corporation, Review Team, Governance, Accountability and  Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-Assessment_Report_pdf (‘Westpac Review Team 2018’), sections 5.3.5–5.3.10, p 36. 18  See discussion in sect. 9.1.2.1 of Stage 1, above n 4, pp. 198–199. 16 17

1102

41  FSB Effective Risk Appetite Framework

Alternatively, there is a reduction in the quality of decision-making – Decision-­ making Factor No 7 - and/or a reduction of clear lines of accountability/responsibility affecting negatively Responsibility Factor No 8 for each of the shortcomings identified by Westpac. In the case of shortcomings in BRC monitoring of risk appetite, the variables are submitted to be: • [WBCBRCFailQuantConduct] (−)  – Banks  – Board Risk Committee  – Monitoring of Risk Appetite - Failure to Quantify Appetite for Conduct Risk Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  - Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (Westpac);19 • [WBCBRCFailNFRTolerAmber] (−)  – Banks  – Board Risk Committee  – Monitoring of Risk Appetite  – Non-Financial Risk Classes Outside Tolerance ‘Amber’  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox (Westpac);20 • [WBCBRCFailNFRAppetiteRed] (−)  – Banks  – Board Risk Committee  – Monitoring of Risk Appetite  – Non-Financial Risk Classes Outside Appetite ‘Red’  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox (Westpac);21 • [WBCBRCFailNFRMaturation] (−)  – Banks  – Board Risk Committee  – Monitoring of Risk Appetite  – Non-Financial Risk Classes Outside Appetite ‘Red’ – “Result of the Later Maturation of Non-Financial Risk Management” for Appetites Set After Business Practice Began – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-­ making  – Reduction in Quality of Accountability/Responsibility, coverage/ rating − 8/100.00 rprox (Westpac)22 including: –– inadequate data management; and –– evolving risk categories including cyber risk;

 Westpac Review Team 2018, above n 17, section 5.3.5, p 36.  Ibid, section 5.3.6, p 36. 21  Ibid. 22  Ibid, section 5.3.8, p 36. 19 20

41.5  Westpac BRC Monitoring of Risk Appetite

1103

• [WBCBRCFailPromptRemedAction] (−) – Banks – Board Risk Committee – Monitoring of Risk Appetite  – Non-Financial Risk Classes Outside Appetite ‘Red’ – Failure to Take Prompt Remedial Action vis-à-vis Number and Duration of Risks  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox (Westpac)23 including: –– “the need to further develop non-financial risk appetite measures and metrics” for “extended out-of-appetite positions”.24

23 24

 Ibid, section 5.3.9, p 36.  Ibid, section 5.3.10, p 36.

Chapter 42

The Three Lines of Defence

Abstract  In Chapter 42 of the Stage 2 Key Code and Advanced Handbook for the governance of Australian major banks we examine the Three Lines of Defence. We begin with Business Units or Line 1 and examine Westpac Line 1 operation, Westpac Line 1 skills, capabilities and stature, the Westpac Reassessment’s Line 1 ownership and capability to manage risk and the Westpac Reassessment’s Building Line 1 risk and control capability. The other two lines comprise the Risk Management and Compliance Function and Internal Audit. We recognise Corporate Defence Management (CDM) as extending the three lines. We move to consider high risk strategies and (improper) delegation of risk oversight, inadequate oversight, risk management and complexity of financial products. Our governance variables for the complexity of financial products include risk modelling deficiency variables and credit rating deficiency variables. The Chapter then constructs variables for: • bank-specific variables exhibiting a deficiency in banking industry knowledge and competence; • inadequate risk management and internal controls; • the failure of information flow on risks in CDOs and other financial products; and • the complex and opaque nature of securitized/financial products. The conclusion of the Chapter considers factors contributing to a short-term emphasis and acceptance of increased leverage. Keywords  Three Lines of Defence · Business Units or Line 1 · Line 1 skills · Capabilities and stature · Risk management and compliance function · Internal audit · Corporate Defence Management (CDM) · High risk strategies · Improper delegation of risk oversight · Governance variables for complexity of financial products · Short-term emphasis · Increased leverage For the BCBS, a risk governance framework has “three lines of defence”: • the business line;

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_42

1105

1106

42  The Three Lines of Defence • a risk management function and a compliance function independent from the first line ofdefence; and • an internal audit function independent from the first and second lines of defence.1

For applicability in Australia, the same Three Lines are recognised in the APRA Final Report: To deal with this complexity, it has become the norm for banks to organise their risk governance structure around the so-called Three Lines of Defence model. While implementation of the model varies from bank to bank, generically this approach is built around three elements: • First line of defence is the business. The business ‘owns’ the risk and must ensure that there are controls in place to appropriately manage the risk within the bank’s risk appetite. • Second line of defence is the independent risk management and compliance function. The function develops risk management policies, systems and processes to promote a consistent approach to risk management, and provides independent review and challenge to ensure first line controls are appropriate. • Third line of defence is the independent audit function (both internal and external). The function provides independent assurance that the risk management framework is adequate and is operating effectively.2

By way of overview, APRA identified a number of shortcomings in the Three Lines model including failures of: • clear articulation of minimum standards in the form of Group-wide policies, processes and operating procedures to which all business units must adhere; • adequate training and guidance to staff who are responsible for implementing Group-wide policies; and • a clear and enforced process for review and approval of exceptions to Group-wide policies.3

Still on the Three Lines model, APRA found: • lack of documentation on how the model works in practice;4 • Line 1 ownership and ultimate responsibility for risk management was not consistently applied;5

  The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’), Para 38, p 11. 2  Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (‘APRA Final Report’), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-Report_30042018.pdf, Section A: Governance, p 10. 3  Ibid, section 4, Risk Management and Compliance, 4.2 Inquiry Findings, p 28. 4  Ibid. 5  Ibid. 1

42.1  Business Units or Line 1

1107

• “instances of Line 2 performing Line 1’s roles”6 which “blurs accountabilities and leaves less time and capacity for Line 2 to effectively carry out its key responsibilities of assurance, review and challenge”;7 • “variability in the resourcing, roles and responsibilities of Line 1 and Line 2 across business units”;8 • “Line 2’s expertise being misdirected to lower value processing work and lack of specialisation/capability, particularly in respect of control design and testing”;9 and • “that Line 2 has had an inconsistent and sometimes low influence as an independent risk management function across [the bank], and that risk management is perceived as a low priority ‘administrative task’.”10 The Three Lines are reviewed next.

42.1 Business Units or Line 1 Business units “take risks and are responsible and accountable for the ongoing management of such risks. This includes identifying, assessing and reporting such exposures, taking into account the bank’s risk appetite and its policies, procedures and controls.”11 The IIF gave examples of business unit responsibilities concerning risk management to include: • • • •

Support the risk management organization in recognizing and assessing risk: Fully disclose known risks to those charged with assessing or quantifying risks; Be aware of the market environment and its influence on risk; and Recognize and disclose when conditions or assumptions change such that risk should be reassessed; • Obtain proper approval of all exposures, new products, etc., including those for which the firm accepts contingent exposure; • Keep risk exposures within limits, and follow policies where limits are breached or where the criteria under which conditional product approvals were granted no longer hold; and

 Ibid.  Ibid. 8  Ibid. 9  Ibid. 10  Ibid, p 29. 11  BCBS Guidelines 2015, above n 1, Para 40, p 11. See also the IIF’s discussion of business lines in Institute of International Finance, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, Financial Services Industry Response to the Market Turmoil of 2007–2008, Washington, DC, July 2008, accessed 24 March 2017 at http://www.apec.org.au/docs/11_CON_ GFC/IIF_Final_Report_of_the_Committee_on_Market_Best_Practices.pdf (‘IIF Final Report 2008’), p 34. 6 7

1108

42  The Three Lines of Defence • Accurately represent risk exposures in relevant management-information, risk management and other systems.12

The Stage 2 relational approach here introduces new bank-specific governance variables to represent the risk management responsibilities of business units. These variables are hypothesized to be of two types. The first type of variables are ‘strong’ versions of the [BrdSkills] (+)13 variable from section 7.3.1.2.1 of Stage 1, coverage/rating of +7/87.50 rprox. The behaviours of these business unit variables are hypothesized to be identical to the [BrdSkills] (+) variable and in the same positive (+) direction to reflect an enhancement in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of obtaining approvals and observance of limits. Alternatively, there is an enhancement in the quality of decision-making – Decision-making Factor No 7 and/or an enhancement in the Reporting Factor No 1 – Transparency, Timing and Integrity of Financial and other Reports. This equates to a coverage/rating of +7/87.50 rprox for the first type of ‘business unit’ variables. The second type of variable is based on the [TransTiimeMon] (+) variable in section 9.1.2.1 of Stage 1, coverage/rating +8/100.00 rprox, in the same positive (+) direction on account of the enhancement in information flow, reporting of changes and disclosing breaches. These are identification and disclosure variables identical to the [TransTimeMon] (+)14 variable and in the same positive (+) direction to reflect an enhancement in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the enhancement in information flow. Alternatively, there is an enhancement in the quality of decision-making – Decision-making Factor No 7 – and/or an enhancement in clear lines of accountability/responsibility affecting positively Responsibility Factor No 8: • [BURiskOwnRiskMan] (+) – Banks – Business Unit Support of Management Function  – Business Unit Primary Ownership of Risk Management  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making; (APRA)15 (+7/87.50 rprox based on [BrdSkills] (+)); • [BUDiscloseRisks] (+) – Banks – Business Unit Support of Risk Management Function – Full Disclosure of Risks to Risk Management Function/Managers –  IIF Final Report 2008, ibid, Discussion of Recommendations I.3 – I.5, p 34.  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See Board – Director Skills ‘Mix’ – see discussion in section 7.3.1.2.1 of Stage 1, pp 198–201. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 14  See discussion in section 9.1.2.1 of Stage 1, ibid, pp 198–199. 15  APRA Final Report, above n 2, Recommendation 9, p 30. 12 13

42.1  Business Units or Line 1

•

•

•

•

•

•

1109

Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making; (IIF) (+8/100.00 rprox based on [TransTimeMon] (+)); [BUMarketEnviron] (+) – Banks – Business Unit Support of Risk Management Function  – Awareness and Disclosure of Market Environment to Risk Management Function/Managers  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making; (IIF) (+8/100.00 rprox based on [TransTimeMon] (+)); [BUChangeCond&Assumpt] (+)  – Banks  – Business Unit Support of Risk Management Function  – Awareness and Disclosure of Changes in Conditions and Assumptions to Risk Management Function/Managers  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making; (IIF) (+8/100.00 rprox based on [TransTimeMon] (+)); [BUApprovalRiskProd] (+)  – Banks  – Business Unit Support of Risk Management Function – Obtaining Approvals of All New Risks/Exposures and New Products (Including Contingent Exposures) from Risk Management Function/Managers – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making; (IIF) (+7/87.50 rprox based on [BrdSkills] (+)); [BUKeepRiskLimits] (+) – Banks – Business Unit Support of Risk Management Function  – Maintenance of Risk/Exposure Limits  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making; (IIF) (+7/87.50 rprox based on [BrdSkills] (+)); [BUBreachLimitCond] (+)  – Banks  – Business Unit Support of Risk Management Function – Disclosure and Procedures for Breaches of Risk Limits or Changes in Approval Conditions to/from Risk Management Function/ Managers – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making; (IIF) (+8/100.00 rprox based on [TransTimeMon] (+)); and [BURiskAllSystems] (+)  – Banks  – Business Unit Support of Management Function  – Disclose Risk Exposures in Management-information, Risk Management and Other Systems to Risk Management Function/Managers  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making (IIF) (+8/100.00 rprox based on [TransTimeMon] (+)).

And based on the [BrdSkills] (+)16 variable, but in the negative (−) direction, APRA identifies an important shortcoming in the independence of business unit CROs: • [BUCROIndepGrpExecs] (−) – Banks – Business Units – Business Unit CRO Reporting to Group Executives – Reduced Independence of Business Unit CRO

 Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 13, pp 198–201. 16

1110

42  The Three Lines of Defence

from Group Executives – Reduction in Risk Management and Internal M ­ onitoring Effect  – Reduction in Quality of Decision-making (APRA)(−7/87.50 rprox based on [BrdSkills] (+) in the negative (−) direction).17 Westpac Line 1 Operation Again, based on the [BrdSkills] (+)18 variable, but in the negative (−) direction, coverage/rating −7/87.50 rprox, Westpac identifies shortcomings in the operation of Line 1: • [WBCBUFailRiskOwn] (−) – Banks – Business Units – Operation of Line 1 – Line 1 Failure of Ownership and Accountability of the Risks of the Business Unit  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, (coverage/rating −7/87.50 rprox) (Westpac);19 • [WBCBUFailRiskOwnPrinciples] (−) – Banks – Business Units – Operation of Line 1  – Line 1 Failure of Clarity or Understanding of Risk Ownership Principles – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, (coverage/rating −7/87.50 rprox) (Westpac);20 • [WBCBUFailBlurredL1&L2] (−)  – Banks  – Business Units  – Operation of Line 1 – Blurring of Line 1 and Line 2 – Line 2 Performing Line 1 Activities for Inadequate Line 1 Maturity  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, (coverage/rating −7/87.50 rprox) (Westpac);21 • [WBCBUFailIndepL1&L2] (−) – Banks – Business Units – Operation of Line 1  – Blurring of Line 1 and Line 2  – Line 2 Performing Line 1 Activities for Inadequate Line 1 Maturity  – Reduction of Independence of Review and Challenge of Line 1 – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, (coverage/rating −7/87.50 rprox) (Westpac)22 including: –– control documentation; and • [WBCBUFailRoles&RespsL1&L2NFRs] (−)  – Banks  – Business Units  – Operation of Line 1 – Failure to Describe L1 and L2 Roles and Responsibilities for Non-financial Risks – Reduction in Risk Management and Internal ­Monitoring  APRA Final Report, above n 2, Business unit CROs, p 29.  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 13, pp 198–201. 19  Westpac Banking Corporation, Review Team, Governance, Accountability and Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-Assessment_Report_.pdf (‘Westpac Review Team 2018’), section 6.1.8, p 42. 20  Ibid. 21  Ibid, section 6.1.9, p 42. 22  Ibid. 17 18

42.1  Business Units or Line 1

1111

Effect  – Reduction in Quality of Decision-making, (coverage/rating −7/87.50 rprox) (Westpac).23 Again, based on the [BrdSkills] (+)24 variable, and in the positive (+) direction, (coverage/rating +7/87.50 rprox), Westpac identifies recommendations to enhance the operation of Line 1: • [WBCBUEnhanceRiskOwn&Acc] (+) – Banks – Business Units – Operation of Line 1 – Enhancement of Ownership and Accountability of Line 1 for Risk and Compliance Management – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating +7/87.50 rprox) (Westpac)25 including: –– enhancement to remuneration and consequence management framework; and –– enhancement of capabilities. • [WBCBUClarifyRoles&Resps3LODNFRs] (+)  – Banks  – Business Units  – Operation of Line 1 – Clarify Roles and Responsibilities Across All 3 Lines of Defence for Non-financial Risks  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating +7/87.50 rprox) (Westpac)26 including: –– mapping of responsibilities across end-to-end processes; and –– consistency across divisions. Westpac Line 1 Skills, Capabilities and Stature27 Again, based on the [BrdSkills] (+)28 variable, and in the positive (+) direction, (coverage/rating +7/87.50 rprox), Westpac identifies needed enhancements in the skills, capabilities and stature of Line 1: • [WBCBUEnhanceSkillsCapMind] (+) – Banks – Business Units – Operation of Line 1 – Line 1 Enhancement of Sufficient Skills, Capabilities and Mindsets to Mature Ownership of Risks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating +7/87.50 rprox) (Westpac)29 including: –– discerning new or previously-undetected risks; –– “be[ing] able to link disparate sources of information to identify changes in risk profile”; and  Ibid, section 6.1.10, p 43.  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 13, pp 198–201. 25  Westpac Review Team 2018, above n 19, Recommendation G11, p 43. 26  Ibid. 27  Ibid, section 6.2, p 44. 28  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 13, pp 198–201. 29  Westpac Review Team 2018, above n 19, section 6.2.6, p 44 23 24

1112

42  The Three Lines of Defence

–– “a “learning” mindset and practice of continually scanning and considering changes in the internal and external landscape”.30 Westpac Reassessment Line 1 Ownership and Capability to Manage Risk Again, based on the [BrdSkills] (+)31 variable, but in the negative (−) direction, (coverage/rating −7/87.50 rprox), the Westpac Reassessment32 identifies shortcomings in Line 1 ownership and capability to manage risk:33 • [2020WBCLine1InconsistOship&AccountRisk] (−)  – 2020WBCLine1  – Banks  – Business Units  – Operation of Line 1  – Inconsistent Ownership and Accountability for Risk in Line 1 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, (coverage/rating −7/87.50 rprox) (2020Westpac)34 including: –– “significant risk capability gaps”;35 • [2020WBCLine1FailExpert&Resource&Systems] (−)  – 2020WBCLine1  – Banks  – Business Units  – Operation of Line 1  – “Insufficient Expertise, Resourcing and Systems to Manage Some Risks and to Consistently Meet Obligations” – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, (coverage/rating −7/87.50 rprox) (2020Westpac);36 • [2020WBCLine1FailEmployeeEmpower] (−)  – 2020WBCLine1  – Banks  – Business Units – Operation of Line 1 – Insufficient Empowerment for Employees to Fulfil Roles and Responsibilities  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, (coverage/rating −7/87.50 rprox) (2020Westpac);37 • [2020WBCLine1FailFactorRiskConsids] (−)  – 2020WBCLine1  – Banks  – Business Units – Operation of Line 1 – Failure to Factor Risk Considerations in Decision-making  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, (coverage/rating −7/87.50 rprox) (2020Westpac)38 including:  Ibid, section 6.2.2, p 44.  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 13, pp 198–201. 32  Westpac Banking Corporation, Reassessment of the Culture, Governance and Accountability Remediation Plan, June 2020, accessed 20 November 2020, available at https://www.westpac. com.au/content/dam/public/wbc/documents/pdf/aw/media/WBC_CGA_Reassessment.pdf (‘Westpac Reassessment’). 33  Ibid, Chapter 4, Shortcomings in culture, governance and accountability frameworks and practices, Table 1, 4. First Line ownership and capability to manage risk, p 17. 34  Ibid. 35  Ibid. 36  Ibid. 37  Ibid. 38  Ibid. 30 31

42.1  Business Units or Line 1

1113

–– “commercial arguments sometimes took precedence over risk requirements”;39 • [2020WBCLine1FailProjectExecution] (−)  – 2020WBCLine1  – Banks  – Business Units – Operation of Line 1 – “Continued Shortfalls in Project Execution Impede Sound Risk Outcomes in Certain Projects”  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­ making, (coverage/rating −7/87.50 rprox) (2020Westpac);40 and • [2020WBCLine1FailProliferationCtees] (−)  – 2020WBCLine1  – Banks  – Business Units – Operation of Line 1 – Continued “Proliferation of Committees Driven by a Lack of Clear Accountability” – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, (coverage/rating −7/87.50 rprox) (2020Westpac).41 In the positive (+) direction: • [2020WBCLine1RationaliseGovForums] (+)  – 2020WBCLine1  – Banks  – Business Units – Operation of Line 1 – Rationalisation of “Divisional Governance Forums and Sharpen Individual Accountability”  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, (coverage/rating +7/87.50 rprox) (2020Westpac)42 including: –– “reduction in and clarifications of committees”.43 Westpac Reassessment Building Line 1 Risk and Control Capability Again, based on the [BrdSkills] (+)44 variable, and in the positive (+) direction, (coverage/rating +7/87.50 rprox), the Westpac Reassessment45 identifies recommendations and actions for “building First Line risk and control capability”46: • [2020WBCLine1EmployeeRiskCoreSkills&Capability] (+)  – 2020WBC Line1 – Banks  – Business Units  – Operation of Line 1  – Core Skills and Capability of Every Line 1 Employee – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating +7/87.50 rprox) (2020Westpac)47 including: –– “proactively and systematically manage risks relevant to their role”;

 Ibid.  Ibid. 41  Ibid. 42  Ibid. 43  Ibid. 44  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 13, pp 198–201. 45  Westpac Reassessment, above n 32. 46  Ibid, 4.3 Building First Line risk and control capability is a fundamental requirement for change, p 18. 47  Ibid. 39 40

1114

42  The Three Lines of Defence

–– “describe how risk appetite relates to them and what risks are within and outside their risk appetite”; –– “describe the risks relevant to their role and the impact those risks could have”; and –– “understand the key controls they need to manage those risks and if they are working”;48 • [2020WBCLine1ConsistentRiskInfrastruct] (+) – 2020WBCLine1 – Banks – Business Units – Operation of Line 1 – More Consistent Risk Infrastructure – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating +7/87.50 rprox) (2020Westpac)49 including: –– “stated risk appetite with clear measures”; –– “clear risk profiles”; –– “end-to-end process and control maps (with accountabilities and responsibilities defined)”; and –– “compliance plans that are clearly articulated, linked to process and controls”;50 and • [2020WBCLine1EnterpriseWideMetrics] (+)  – 2020WBCLine1  – Banks  – Business Units – Operation of Line 1 – “Enterprise-Wide Metrics…to Monitor and Provide Insight into the Progress of Building Risk Capability and Ownership”  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating +7/87.50 rprox) (2020Westpac).51

42.2 Risk Management and Compliance Function For the BCBS, the second line – the risk management function: [C]omplements the business line’s risk activities through its monitoring and reporting responsibilities. Among other things, it is responsible for overseeing the bank’s risk-taking activities and assessing risks and issues independently from the business line. The function should promote the importance of senior management and business line managers in identifying and assessing risks critically rather than relying only on surveillance conducted by the risk management function. Among other things, the finance function plays a critical role in ensuring that business performance and profit and loss results are accurately captured and reported to the board, management and business lines that will use such information as a key input to risk and business decisions.52  Ibid  Ibid. 50  Ibid. 51  Ibid. 52  BCBS Guidelines 2015, above n 1, Para 41, p 11. 48 49

42.4  Corporate Defence Management (CDM) Extends the Three Lines

1115

The second line “also includes an independent and effective compliance function. The compliance function should, among other things, routinely monitor compliance with laws, corporate governance rules, regulations, codes and policies to which the bank is subject”.53 APRA, too, emphasizes the independence of the second line from business units: However, a fundamental principle of the Three Lines of Defence model is that Line 2 staff must be structurally and functionally independent of the business and there must be no conflicts of interest that impede business-aligned Line 2 staff from providing impartial advice and strong challenge to the business.54

The BCBS’, APRA’s and Westpac’s risk management function is further examined in Chap. 45 below. The compliance function is also further discussed in Sect. 45.14 below with relevant governance variables proposed.

42.3 Internal Audit The third line is an “independent and effective internal audit function”: Among other things, it provides independent review and objective assurance on the quality and effectiveness of the bank’s internal control system, the first and second lines of defence and the risk governance framework including links to organisational culture, as well as strategic and business planning, compensation and decision-making processes.55

Some brief observations in overview are set out in Chap. 46 below but a detailed analysis of the area of internal audit is outside the scope of this Stage 2 Key Code and Advanced Handbook.

42.4 Corporate Defence Management (CDM) Extends the Three Lines Lyons discusses a risk management system that extends the traditional three lines of defence to five “to help provide appropriate oversight to address organizational challenges relating to responsibilities, accountabilities and transparency”:56

 Ibid, Para 42, p 11.  APRA Final Report, above n 2, Business unit CROs, p 29. 55  BCBS Guidelines 2015, above n 1, Para 43, p 11. For further discussion of the internal audit function, see Bank for International Settlements, Basel Committee on Banking Supervision, The Internal Audit Function in Banks, July 2012, accessed 21 March 2017 at http://www.bis.org/publ/ bcbs223.pdf. 56  Sean Lyons, “Achieving a Healthy Balance Between Offense and Defense in 21st Century Capitalism” (April 26, 2012); Harvard Business Review (HBR) / McKinsey M-Prize for Management Innovation: Long-Term Capitalism Challenge (26 April 2012), accessed 3 April 2017 at SSRN: http://ssrn.com/abstract=2157182, 2. 53 54

1116

42  The Three Lines of Defence

• The Board: The fifth line of defense…is responsible for overseeing the activities of the organization …include[ing] overseeing the activities of its standing committees and executive management • Executive Management: The fourth line of defense provides assurance to the board that the objectives of the organization are being achieved by providing adequate oversight of those they manage… • Independent Internal Assurance: The third line of defense provides the board with a level of independent assurance in relation to the effectiveness of the activities of the first and second lines of defense. • Tactical Oversight Functions: The second line of defense monitors, facilitates, and coordinates the consistent, competent, adequate, and effective operation of defense activities established by the first line of defense. Examples include the compliance or risk management functions. • Operational Line Management: The first line of defense has responsibility for overseeing the daily operations of staff, services, practices, mechanisms, processes, and systems.57

There are then a further eight “critical components of corporate defence” which are applied by Lyons in the operation of the system: • Governance: How the organization is directed and controlled, all the way from the boardroom to the shop floor. • Risk: How the organization identifies, measures, and manages the risks it is exposed to. • Compliance: How the organization ensures that its activities are in conformance with all relevant mandatory and voluntary requirements. • Intelligence: How the organization ensures that it gets the right information, in the right format, to the right person, in the right place, at the right time. • Security: How the organization ensures it protects its critical assets (tangible and intangible) from threats and danger. Examples of critical assets include people, information, technology, and facilities. • Resilience: How the organization ensures that it has the capacity to withstand, rebound ,or recover from the direct and indirect consequence of a shock, disturbance, or disruption. • Controls: How the organization ensures that it has taken appropriate actions in order to address risk and to help ensure the achievement of its objectives. • Assurance: How the organization provides a degree of confidence or level of comfort to its stakeholders that it is operating in a satisfactory manner.58

For Lyons, this system better safeguards a firm with multiple stakeholders – like a bank – and ensures that investment in corporate defence is optimised.59

 Ibid, 3 (bolding and bullet-points added).  Ibid, 3–4 (bolding and bullet-points added). 59  Ibid, 4. 57 58

42.6  High Risk Strategies and (Improper) Delegation of Risk Oversight

1117

42.5 Other Enquiries Beyond the Scope of this Stage 2 Key Code and Advanced Handbook On account of size considerations, a number of technical areas have been excluded from the scope of this Stage 2 Key Code and Advanced Handbook but were addressed by the IIF: • • • •

risk management methodologies and procedures and stress-testing;60 liquidity risk, conduit and securitisation issues;61 valuation issues;62 and credit underwriting, ratings and investor due diligence in securitisation markets.63

42.6 High Risk Strategies and (Improper) Delegation of Risk Oversight For the Walker Review 2009, some boards had accepted “that, although operating up to the maximum leverage accepted by the regulator involved higher risk of substantial loss or failure, the very high returns that could be generated justified the assumption of such risk.”64 In addition, some boards had “delegate[d] important parts of risk oversight to the financial compliance function with the object of meeting regulatory capital requirements at minimum cost and with minimum erosion of returns on equity.”65 A delegation of the board’s own responsibilities on risk oversight – a governance failing – would clearly cause a reduction of risk management and monitoring by the board itself. In terms of risk management variables based on the [BrdSkills] (+)66 variable in section 7.3.1.2.1 of Stage 1, there is a reduction in the Risk Management,

 IIF Final Report 2008, above n 11, Section B, Risk Management Methodologies and Procedures, Principles I.iv – I.vi and Recommendations I.26 – I.44, pp 39 – 44. See also Section C, Stress-­ Testing Issues, Principles I.vi – I.viii and Recommendations I.45 – I.58, pp 45 – 48. 61  Ibid, Principle III, Liquidity Risk, Conduit, and Securitisation Issues, Principles III.i – III.vi and Recommendations III.1 – III.19, pp 52 – 70. 62  Ibid, Principle IV, Valuation Issues, Principles IV.i – IV.iv and Recommendations IV.1 – IV.25, pp 71 – 84. 63  Ibid, Principle V, Credit Underwriting, Ratings, and Investor Due Diligence in Securitisation Markets, Principles V.i – V.ix and Recommendations V.1 – V.20, pp 85 – 97. 64  David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), Para 1.8, p 25. 65  Ibid. 66  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 13, pp 198–201. 60

1118

42  The Three Lines of Defence

Monitoring & Audit Factor No. 5 and/or Decision-Making Factor No 7 which produces a variable with the same relational effect path as the [BrdSkills] (+) variable but in the negative (−) direction: • [FailBrdOversight] (−)  – Banks  – Board Oversight of Risk Management  – Improper Delegation of Risk Oversight Function – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating −7/87.50 rprox. A variable for failure to align corporate strategy, risk appetite and the internal risk management structure was introduced in Sect. 38.20 based on the [TransTimeMon] (+)67 variable but in the negative (−) direction: • [FailAlignStratAppStruct] (−)  – Banks  – Board Oversight of Risk Management  – Failure to Align Corporate Strategy, Risk Appetite and the Internal Risk Management Structure  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decisionmaking – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (relational effect path in Sect. 38.20), (EC Green Paper 2010), (OECD Key Findings 2009); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8. A variable for failures in information flow on leverage and risks due to over-­ reliance on regulatory capital ratios and rates of return on equity was introduced in Sect. 38.7 also based on the [TransTimeMon] (+) variable but in the negative (−) direction: • [FailInfoLevRisk] (−)  – Banks  – Board Oversight of Risk Management  – Failure in Information Flow on Leverage and Risks due to Over-Reliance on ­Regulatory Capital Ratios and Rate of Return on Equity – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/ rating −8/100.00 rprox (relational effect path in Sect. 38.7), (OECD Key Findings 2009).

42.7 Inadequate Oversight, Risk Management and Complexity of Financial Products The Walker Review 2009 also considered there was inadequate oversight by boards of management and a failure to understand the complexity of more recent financial products:

 Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 13, pp 262–263. 67

42.7  Inadequate Oversight, Risk Management and Complexity of Financial Products

1119

Inadequate oversight by the boards and shareholders of the executive management of these BOFI [Bank or Financial Institution] entities and their collective failure to understand the new complex products resulted in spiralling enterprise-wide risk.68

Knott explains the method of shifting or passing-on risk of mortgage default to other parties.69 For Knott, there are two ways to reduce risk. The first is “a set of control strategies”: Under a vertical integration strategy, firms purchase competitors, suppliers, and distributors to control the economic chain from production to delivery to the customer (Pindyck and Rubinfeld, 2005). A second control strategy is to negotiate favorable contracts with suppliers and distributors that reduce risk to the firm. And the third control strategy is exercised through mergers with competitors to gain market share or other market advantages.70

The second approach is “to shift the risk onto other firms or to generalize the risk to the system”71 as occurs in the securitisation of mortgages at the heart of the financial crisis: Shifting risk can be achieved either through passing the risk quickly onto another firm before the risk can detrimentally affect the original firm. An example is when a mortgage broker, such as Countrywide, sells mortgages to another bank within a few weeks after selling mortgages to individual home purchasers. This bank will then turn the mortgage over to a third party investment firm. Second, firms seek to establish financial or economic instruments that spread the risk among several different firms through securitization and insurance arrangements.72

For Knott, securitisation increases moral hazard and asymmetric information because the risk of default of the underlying mortgage is passed on or shifted to other parties causing greater risk to be taken – this was exacerbated by the role of complex mathematical models, limited knowledge of the real estate markets and the conduct of rating agencies in continuing to treat and rate the risk as low: Unfortunately, distance between borrowers, lenders, and investors increases moral hazard and asymmetric information problems. Thinking that the risk is passed on quickly or diffused across several investment instruments creates incentives for individual brokers, lenders and investors to take on riskier practices that threaten the system as a whole. Senior managers also failed to fully understand the mathematical models used to spread risk, and investment banks had too limited knowledge about on-the-ground real estate markets. Rating came to believe that the individual risks are low and that the system is the sum of the parts, failing to understand the risk building in the system as a whole.73

 Walker Review 2009, above n 64, Para 1.10, p 26.  Jack Knott, “Governance and the Financial Meltdown: The Implications of Madisonian Checks and Balances for Regulatory Reform”, APSA 2010 Annual Meeting Paper, (11 August 2010), accessed 10 April 2017 at SSRN: https://ssrn.com/abstract=1642079. 70  Ibid, 6. The author cites R Pindyck and D Rubinfeld, Microeconomics, 6th Ed, Prentice Hall, Upper Sadler River, NJ, 2005. 71  Ibid (footnote omitted) 72  Ibid. 73  Ibid, 6–7. 68 69

1120

42  The Three Lines of Defence

Lang and Jagtiani considered that the high concentrations of the securitized mortgage products violated the modern principles of risk management:74 Typically, large firms did apply sophisticated analytical resources to evaluating individual complex structured financial products. Managers at the business line level must have understood that they were booking very large numbers of securities whose underlying assets were tied to the health of the subprime mortgage market. At the business line level, managers’ incentives were to increase the profitability of the business line rather than consider the firm’s overall risk position. This is a basic internal principal-agent problem that risk management controls and corporate oversight are meant to address. 75

The authors explain that such principal-agent problems are approached in two ways – first, aligning the incentives of the agent through remuneration and, second, using internal controls, monitoring and oversight.76 For the authors, both these failed:77 The events leading up to the financial crisis of August 2007 were the types of events that modern financial risk management systems were designed to avoid. Risk management systems are designed to avoid excessive harm from unexpected but knowable events. The risk of large scale defaults generated by house price depreciation was precisely that type of event. This suggests a fundamental failure of the risk control systems at large financial firms. These controls failed to pierce through the lack of transparency in these complex structured financial instruments that generated excessive concentration of risk in the mortgage market. Business line managers making huge bonuses from increasing their firm’s investment in structured financial products gained from these instruments’ lack of transparency. It allowed them to increase these exposures unchecked.78

Thus in the end  – the authors draw these two lines together  – the large scale defaults were a known event which risk management systems were designed to detect but the lack of transparency in the structure of securitized mortgage-products caused excessive concentrations of risk which were exacerbated by the huge bonus compensation of business unit managers. Issues in incentives including equity and option compensation and bonuses and their effect on risk-taking were examined in Part 4 above of this Stage 2 Key Code and Advanced Handbook.

 William W Lang and Julapa Jagtiani, “The Mortgage and Financial Crises: The Role of Credit Risk Management and Corporate Governance”, Federal Reserve Bank of Philadelphia, accessed 10 April 2017 at http://fic.wharton.upenn.edu/fic/papers/10/10-12.pdf, Abstract. 75  Ibid, 21. 76  Ibid. 77  Ibid. 78  Ibid, 22. 74

42.8  Governance Variables for Complexity of Financial Products

1121

42.8 Governance Variables for Complexity of Financial Products The review of failings in relation to the complexity of financial products raises a number of governance variables related to the inadequacy of board oversight of the risk management process. Risk Modelling Deficiency Variables In Sect. 27.1 of Chap. 27 above, the Stage 2 relational approach introduced two variables relating to deficiencies of information in risk models resulting in a failure to price the risk of the products accurately: • [NEDRiskModelInfo] (−) – Banks – Non-executive Directors – Risk Modelling of Securitized Products  – Failure to Price Risk Accurately  – Reduction in Decision Quality, coverage/rating −4/50.00 rprox (relational effect path in Sect. 27.1); and • [EDRiskModelPrice] (−) – Banks – Executive Directors – Risk Modelling of Securitized Products – Failure to Price Risk Accurately – Reduction in Decision Quality, coverage/rating −7/87.50 rprox (relational effect path in Sect. 27.1). The failures in pricing risk in risk modelling identified by Van Den Berghe79 in Sect. 27.1 – and, therefore, these two variables – are attributable to: • complexity/opaqueness of risk structures of securitized products; • failure to scrutinize the quality of a counterparty; • failure to assess the size and location of credit risk – whether risk was spread or re-concentrated; and • most significantly – failure to account for unstable markets in the underlying real estate market and therefore systemic risk. Credit Rating Deficiency Variables In Sect. 27.2 of Chap. 27 above, the Stage 2 relational approach introduced two variables relating to a deficiency of information on credit ratings of securitized products on account of conflicts of interest of ratings agencies: • [NEDRatingsInfo] (−) – Banks – Non-Executive Directors – Credit Ratings of Securitized Products – Conflicts of Interest of Ratings Agencies – Reduction in Decision Quality, coverage/rating −4/50.00 rprox (relational effect path in Sect. 27.2); and • [EDRatingsGrade] (−)  – Banks  – Executive Directors  – Credit Ratings of Securitized Products – Conflicts of Interest of Ratings Agencies – Reduction in Decision Quality, coverage/rating −7/87.50 rprox (relational effect path in Sect. 27.2).  Lutgart A A Van Den Berghe, “To What Extent is the Financial Crisis a Governance Crisis? From Diagnosis to Possible Remedies”, (27 May 2009), accessed 4 April 2017 at SSRN: http://ssrn.com/ abstract=1410455. 79

1122

42  The Three Lines of Defence

Bank-Specific Variables Exhibiting Deficiency in Banking Industry Knowledge and Competence Adams’ observations in Sect. 26.2 of Chap. 26 above gave rise to two new governance variables reflecting the author’s view of a deficiency on the part of independent directors of the internal workings of banks and the securitization process: • [NEDBankWorksInfo] (−) – Banks – Non-Executive Directors – Deficiency in Knowledge of Internal Workings of Banks  – Reduction in Decision-making Quality, coverage/rating −4/50.00 (relational effect path in Sect. 26.2); and • [NEDBankSecurznInfo] (−) – Banks – Non-Executive Directors – Deficiency in Knowledge of Securitization Process – Reduction in Decision-making Quality, coverage/rating −4/50.00 (relational effect path in Sect. 26.2). Thus, the relational effect paths of the [NEDBankWorksInfo] (−) variable and the [NEDBankSecurznInfo] (−) variable were hypothesized in Sect. 26.2 above to have an identical relational effect path to the [BrdIndInfo] (−)80 variable examined in section 7.3.2.1.3 of Stage 1. This gives rise to a coverage/rating for these variables of −4/50.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Inadequate Risk Management and Internal Controls The observations of the OECD Kirkpatrick Report 2009, Cheffins and Hopt in Sect. 33.2 of Chap. 33 above gave rise to the following variables in addition to the [NEDBankWorksInfo] (−) variable and the [NEDBankSecurznInfo] (−) variable and again based on the behaviour and relational effect path of the [BrdIndInfo] (−)81 variable examined in section 7.3.2.1.3 of Stage 1 with a coverage/rating of −4/50.00 rprox: • [NEDBankRiskManInfo] (−) – Banks – Non-Executive Directors – Deficiency in Knowledge of Risk Management Processes, Measurement and Methodology – Reduction in Decision Quality, coverage/rating −4/50.00 (relational effect path in Sect. 33.2); and • [NEDBankNonExpertInfo] (−)  – Banks  – Non-Executive Directors  – Deficiency in Banking Expertise – Reduction in Decision Quality, coverage/rating −4/50.00 (relational effect path in Sect. 33.2). This gave rise to a coverage/rating for these variables of −4/50.00 in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). As noted above, a detailed examination of internal controls is beyond the scope of this Stage 2 Key Code and Advanced Handbook.

 Board Independent Director: Executive Director Proportion – Information Flow and Decision Quality ‘Trade-off’. 81  Ibid. 80

42.9  Factors Contributing to Short-Term Emphasis and Acceptance of Increased…

1123

Failure of Information Flow on Risks in CDOs and Other Financial Products A board oversight variable in relation to a failure of information flow on the risks in CDOs and other financial products based on Mülbert’s findings was introduced in Sect. 38.9: • [FailCDORisks] (−) – Banks – Board Oversight of Risk Management – Failure to Identify Risks inherent in CDOs and Other Financial Products – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating −8/100.00 rprox (relational effect path in Sect. 38.9)(Mülbert). Complex and Opaque Nature of Securitized/Financial Products A non-executive director oversight variable in relation to the complex and opaque nature of securitised products was introduced in Sect. 37.5 of Chap. 37 above: • [NEDFinProdInfo] (−)  – Banks  – Non-executive Directors  – Complex and Opaque Financial Products – Reduction in Decision-making Quality, coverage/ rating −4/50.00 rprox (relational effect path in Sect. 37.5).

42.9 Factors Contributing to Short-Term Emphasis and Acceptance of Increased Leverage The Walker Review 2009 considered that banks had focused too much on short term gains/performance which was exacerbated by a number of factors stemming from full quarterly reporting which in turn had led to a “greater acceptance of increased leverage”: Key elements here are the increased weight placed on full reporting of company performance on a quarterly basis, increasing short-term pressures on market valuations that inevitably feed back to the way in which chief executives and, by inference, their boards seek to run their businesses and the pressure exerted by relative benchmarks that have sharpened fund manager attention to short-term performance. These feedback loops, boosted by the substantial quantum of sellside equity research with its own heavy reliance on quarterly disclosures, have increased board attentiveness to short-term performance in terms of revenue, market share and margin and in many cases led to both encouragement and greater acceptance of increased leverage. All this has is in turn been relevant internally for executive bonuses and externally for share buybacks and dividend decisions, in many cases potentially or actually to the detriment of adequate attention to the longer term.82

For the Review, quarterly reporting will remain a source of short-term pressure.83

82 83

 Walker Review 2009, above n 64, Para 1.13, p 27.  Ibid, Para 1.14, p 27.

1124

42  The Three Lines of Defence

The Stage 2 relational approach introduced a variable in relation to variable pay and short-term profit results and reporting in Sect. 11.9 of Chap. 11 above: • [BankShortProfit] (−)  – Banks  – Short-Term Profit Results and Reporting  – Effects of Risk-Taking – Risk-Taking in Excess of Risk Appetite – Likelihood of Bank Failure  – coverage/rating of −7/87.50 rprox (relational effect path in Sect. 11.9).

Chapter 43

Board Risk Committee (BRC)

Abstract Chapter 43 of the Stage 2 Key Code and Advanced Handbook examines the Board Risk Committee (BRC) beginning with the requirements for ASX listed entities and APRA’s Prudential Standard CPS 510 Governance. We review the non-executive director number, time commitment and number of meetings for the BRC and review the Walker Review 2009 variables for establishment of the BRC. Section 2 reviews the nature of risks and responsibilities monitored by the BRC including ‘fundamental prudential risks’ and other risks. There follows the responsibilities of the BRC proposed by Walker Review 2009, BCBS Guidelines 2015, NAB Self-Assessment 2018, Westpac Review Team 2018 and the ASIC Governance Taskforce 2019. We recognise the ASIC Governance Taskforce 2019 discussion on the “Emerging Issue: Implications of changing BRC membership and attendance patterns” and “full board attendance at BRC meetings”. We conclude with APRA’s failings in operation, reporting and reliance on key individuals of the BRC and Westpac reporting to the BRC. Keywords  Board Risk Committee (BRC) · ASX · APRA Prudential Standard CPS 510 governance · NED number and time commitment · Number of meetings for BRC · Risks monitored by BRC · Responsibilities of BRC · Failings in BRC operation and reporting · Key individuals

ASX Listed Entities The composition, independence and roles and functions of the Board Risk Committee are set out in the ASX’s Corporate Governance Principles and Recommendations Fourth Edition.1

1  Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition, February 2019, accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-principles-and-recommendationsfourth-­edn.pdf (‘2019ASX’).

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_43

1125

1126

43  Board Risk Committee (BRC)

Except where noted otherwise, these ASX variables track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 12 with a coverage/rating of +7/87.50 rprox. Like the [BrdSkills] (+) variable, there is an hypothesised enhancement in risk management and therefore internal monitoring. Thus, the effect of these governance variables is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, these variables can be seen as an enhancement in the quality of decision-making reflected in an enhancing effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Thus, like the [BrdSkills] (+) variable, coverage/rating + 7/87.50 rprox, these ASX governance variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 1). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the risk management functions and responsibilities of the BRC. Compliance Factor No 2 thus remains constant for these variables. This equates to a coverage/rating of +7/87.50 rprox for the following ASX variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • [2019ASXBRC] (+)  – 2019ASXBRC  - Board Risk Committee  – Presence, Operation and Frequency of Board Risk Committee3  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, (coverage/rating of +7/87.50 rprox) (2019ASX) including: –– has At least 3 members;4 –– a majority of members are independent directors;5 and –– BRC is chaired by an independent director;6 • [2019ASXBRCDisclose] (+)  – 2019ASXBRC  - Board Risk Committee  – Disclosure Requirements for Board Risk Committee  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating of +7/87.50 rprox) (2019ASX) including:

 Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 3  2019ASX, above n 1, Rec 7.1, p 26. 4  Ibid, Rec 7.1(a)(1), p 26. 5  Ibid. 6  Ibid, Rec 7.1(a)(2), p 26. 2

43  Board Risk Committee (BRC)

1127

–– charter;7 –– number of times BRC met in each reporting period;8 and –– individual attendances of members in each reporting period;9 • [2019ASXBRCRoles&Resps] (+) – 2019ASXBRC - Board Risk Committee Roles and Responsibilities for Board Risk Committee10 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, (coverage/rating of +7/87.50 rprox) (2019ASX) including: –– [m]onitor management’s performance against the entity’s risk management framework, including whether it is operating within the risk appetite set by the board; –– [r]eview any material incident involving fraud or a break- down of the entity’s risk controls and the “lessons learned”; –– [r]eceive reports from internal audit on its reviews of the adequacy of the entity’s processes for managing risk; –– [r]eceive reports from management on new and emerging sources of risk and the risk controls and mitigation measures that management has put in place to deal with those risks; –– [m]ake recommendations to the board in relation to changes that should be made to the entity’s risk management framework or to the risk appetite set by the board; [and] –– [o]versee the entity’s insurance program, having regard to the entity’s business and the insurable risks associated with its business.11

• [2019ASXBRCPowers (+) – 2019ASXBRC - Board Risk Committee – Powers of Board Risk Committee12 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating of +7/87.50 rprox) (2019ASX) including: –– [t]he right to obtain information; –– [i]nterview management and internal and external auditors (with or without management present); [and] –– [s]eek advice from external consultants or specialists where the committee considers that necessary or appropriate.13

• [2019ASXBRCReviewRMF (+)  – 2019ASXBRC  - Board Risk Committee  – Review of Risk Management Framework at Least Annually14 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating of +7/87.50 rprox) (2019ASX) including: –– disclose whether review has taken place for each reporting period;15 and –– whether:  Ibid, Rec 7.1(a)(3), p 26.  Ibid, Rec 7.1(1)(4), p 26. 9  Ibid, Rec 7.1(a)(5), p 26. 10  Ibid, Commentary to Rec 7.1, p 26. 11  Ibid. 12  Ibid, Commentary to Rec 7.1, p 26. 13  Ibid. 14  Ibid, Rec 7.2(a), p 27. 15  Ibid, Rec 7.2(b), p 27. 7 8

1128

43  Board Risk Committee (BRC)

• [e]ntity is operating with due regard to the risk appetite set by the board;16 • [i]ncludes satisfying itself that the risk management framework deals adequately with contemporary and emerging risks such as: –– –– –– –– –– ––

conduct risk; digital disruption cyber-security; privacy and data breaches; sustainability; [and] climate change.17

APRA’s Prudential Standard CPS 510 Governance The composition, independence and roles and functions of the Board Risk Committee are set out in APRA’s Prudential Standard CPS 510 Governance of July 2019.18 Again, like the above ASX variables, these CPS 510 variables track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox.19 Like the [BrdSkills] (+) variable, there is an hypothesised enhancement in risk management and therefore internal monitoring. Thus, the effect of these governance variables is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, these variables can be seen as an enhancement in the quality of decision-making reflected in an enhancing effect on Decision-making Factor No. 7 and therefore the other spine governance factors. This equates to a coverage/rating of +7/87.50 rprox for the following CPS 510 BRC variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • [510BRCNonExecOsightRMF] (+)  – Banks  – CPS 510BRC  - Board Risk Committee  – Requirement for BRC with Non-executive Oversight of the Implementation and Operation of the RMF – Enhancement in Risk Management

 Ibid, Commentary to Rec 7.2, p 27.  Ibid. 18  Australian Prudential Regulation Authority, Prudential Standard CPS 510 Governance, July 2019, accessed 22 September 2019, available at: https://www.legislation.gov.au/Details/ F2019L00662/Download (‘CPS 510’). In addition to finalisation of APRA’s Draft Prudential Standard 511 Remuneration, APRA has announced that it intends to consult on revised versions of Prudential Standard CPS 510 Governance, Prudential Standard CPS 220 Risk Management and Prudential Standard 520 Fit and Proper in the second half of 2020 with expected effective dates of 2022. See Australian Prudential Regulation Authority, Information Paper, APRA’s Policy Priorities, section 2.1.1 Governance and risk management, section 2.1.3 Accountability and Attachment B: Timelines. 19  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp. 198–201. 16 17

43  Board Risk Committee (BRC)

1129

and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating of +7/87.50 rprox) (APRA CPS 510);20 • [510BRCPowersForFns] (+) – Banks – CPS 510BRC - Board Risk Committee – BRC to Have Powers Necessary to Perform its Functions – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating of +7/87.50 rprox) (APRA CPS 510);21 • [510BRCComposition&IndepRequirements] (+)  – Banks  – CPS 510BRC  Board Risk Committee  – BRC Composition and Member Requirements  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating of +7/87.50 rprox) (APRA CPS 510),22 including: –– Chairperson must be an independent director;23 –– “Chairperson of the Board may be a member of the Board Risk Committee, but may not chair the Committee”;24 –– “Chair of the Board Audit Committee may also chair the Board Risk Committee”;25 –– BRC must have at least three members;26 –– all members of the BRC must be non-executive directors;27 and –– “A majority of the members of the [BRC] must be independent”;28 • [510BRCWrittenCharterTermRoles&Resps] (+)  – Banks  – CPS 510BRC  Board Risk Committee  – BRC Written Charter, Roles, Responsibilities and Terms of Operation – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating of +7/87.50 rprox) (APRA CPS 510),29 including: –– “advising the Board on the institution’s overall current and future risk appetite and risk management strategy”;30 –– “oversight of an institution-wide view of the institution’s current and future risk position relative to its risk appetite and capital strength”;31

 CPS 510, above n 18, section 101, p 22.  Ibid, section 102, p 22. 22  Ibid, sections 103–105, p 22. 23  Ibid, section 103, p 22. 24  Ibid, section 104, p 22. 25  Ibid. 26  Ibid, section 105, p 22. 27  Ibid. 28  Ibid. 29  Ibid, section 106, p 22. 30  Ibid, section 106(a), p 22. 31  Ibid, section 106(b), p 22. 20 21

1130

43  Board Risk Committee (BRC)

–– “oversight of senior management’s implementation of the risk management strategy”;32 –– “constructive challenge of senior management’s proposals and decisions on all aspects of risk management arising from the institution’s activities”;33 –– “reviewing the performance and setting the objectives of the institution’s Chief Risk Officer (CRO) [with reference to CPS 220]”;34 –– “ensuring the CRO has unfettered access to the Board and the [BRC]”;35 and –– “oversight of the appointment and removal of the CRO”;36 • [510BRCEndorseAppointRemoveCRO] (+) – Banks – CPS 510BRC - Board Risk Committee  – BRC to Provide Prior Endorsement for Appointment and Removal of CRO – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating of +7/87.50 rprox) (APRA CPS 510),37 including: –– “if the CRO is removed from their position, the reasons for removal must be discussed with APRA as soon as practicable, and no more than 10 business days, after the [BRC’s] endorsement is agreed upon”;38 • [510BRCFree&UnfetteredAccess] (+) – Banks – CPS 510BRC - Board Risk Committee – BRC to Have Free and Unfettered Access in Carrying Out Duties – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating of +7/87.50 rprox) (APRA CPS 510),39 including to: –– senior management; –– risk and financial control personnel; and –– other internal and external parties;40 • [510BRCInviteCROAttendMeetings] (+)  – Banks  – CPS 510BRC  - Board Risk Committee  – BRC Must Invite CRO to Attend All Relevant Sections of BRC Meetings  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating of +7/87.50 rprox) (APRA CPS 510).41

 Ibid, section 106(c), p 22.  Ibid, section 106(d), p 22. 34  Ibid, section 106(e), p 22. 35  Ibid. 36  Ibid, section 106(f), p 23. 37  Ibid, section 107, p 23. 38  Ibid. 39  Ibid, section 108, p 23. 40  Ibid. 41  Ibid, section 109, p 23. 32 33

43.1  Review – Non-Executive Director Number, Time Commitment and Number…

1131

43.1 Review – Non-Executive Director Number, Time Commitment and Number of Meetings for BRC The relational effect paths of three variables in relation to the establishment of the BRC and non-executive directors were introduced in Sect. 33.5 of Chapter 33 above: • [BRCIndInfo] (−)  – Board Risk Committee  – Independence  – Information Flow and Decision Quality ‘Trade-off’, −4/50.00 rprox (relational effect path in Sect. 33.5); • [BRCIndMon] (+) – Board Risk Committee – Independence – Enhancement in Monitoring Effect, +7/87.50 rprox (relational effect path in Sect. 33.5); and • [BRCIndFreq] (+)  – Board Risk Committee  – Independence in combination with Frequency of Meeting – Enhancement in Risk Management and Internal Monitoring, coverage/rating + 7/87.50 rprox (relational effect path in Sect.33.5). The relational effect path of one variable in relation to the BRC’s responsibility for the risk adjustments to pay benchmarks advised by the CRO was introduced in Sect. 12.6 of Chap. 12: • Compensation/Remuneration Committee to obtain advice from Board Risk Committee (BRC) on risk adjustments to performance objectives42: –– [CCRiskAdjustBRC] (+)  – Banks  – Compensation/Remuneration Committee –– Compensation/Remuneration Committee to Obtain Advice from Board Risk Committee (BRC) advised by the Chief Risk Officer (CRO) on Risk Adjustments to Performance Objectives - Enhancement of Level of Risk-­Taking in Alignment with Shareholders (Walker Review 2009), coverage/rating + 7/87.50 rprox (relational effect path in Sect. 12.6). Walker Review 2009 Variables for Establishment of BRC The Walker Review 200943 recommended that banks and financial firms should establish a Board Risk Committee separate from the Audit Committee44 and made a number of further recommendations in relation to its operation. The recommendations of the Walker Review 2009 raise a number of additional governance variables relating to the establishment of the BRC and its responsibilities/functions. Except where noted otherwise, these variables track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox.45 Like the [BrdSkills] (+) variable, there is an hypothesised enhancement in risk management  David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), Recommendation 35, p 22. 43  Ibid, Executive summary and recommendations, pp. 19–20. 44  Ibid, Para 6.11–6.12, p 94. 45  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp. 198–201. 42

1132

43  Board Risk Committee (BRC)

and therefore internal monitoring. Thus, the effect of these governance variables is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, these variables can be seen as an enhancement in the quality of decision-making reflected in an enhancing effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Thus, like the [BrdSkills] (+) variable, coverage/rating + 7/87.50 rprox, these governance variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 1). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the risk management functions and responsibilities of the BRC. Compliance Factor No 2 thus remains constant for these variables. This equates to a coverage/rating of +7/87.50 rprox for the following BRC variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • A Board Risk Committee (BRC) separate to the audit committee which has responsibility for “current risk exposures…and future risk strategy, including strategy for capital and liquidity management” and a supportive risk culture46: –– [BRCCurrRiskExpose] (+) – Banks – Board Risk Committee – Monitoring of Current Risk Exposures by Type – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox); –– [BRCAggRiskExpose] (+) – Banks – Board Risk Committee – Monitoring of Aggregate Risk Exposures  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox); –– [BRCRiskAppTolStrat] (+)  – Banks  – Board Risk Committee  – Establishment and Monitoring of Risk Appetite, Risk Tolerance and Future Risk Strategy – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox); –– [BRCCapStrat] (+) – Banks – Board Risk Committee – Establishment and Monitoring of Capital Strategy  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox); –– [BRCLiqManStrat] (+) – Banks – Board Risk Committee – Establishment and Monitoring of Liquidity Management Strategy – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox); and

46

 Walker Review 2009, above n 42, Recommendation 23, p 19.

43.2  The Nature of Risks and Responsibilities Monitored by the BRC

1133

–– [BRCRiskCulture] (+) – Banks – Board Risk Committee – Establishment and Monitoring of Risk Culture  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating of +7/87.50 rprox); • A Chief Risk Officer (CRO) participating in the highest-level risk management who reports to the BRC with direct access to the Chairperson, including the tenure and independence of the CRO47 and the CRO’s roles and responsibilities is examined in Sect. 44.1–44.2 of Chap. 44 below; • Expert external input to the BRC48 is examined in Sect. 44.6 below; • The BRC to undertake due diligence appraisal of acquisitions and disposals focusing on risk aspects49 is examined in Sect. 44.7 below; and • A BRC (or board) report to be included as a separate report within the annual report and accounts including key risks, risk appetite and tolerance, the effectiveness of the risk management process and the scope and outcome of stress testing50 is examined in Sect. 44.8 below.

43.2 The Nature of Risks and Responsibilities Monitored by the BRC ‘Fundamental Prudential Risks’ The BRC is designed to focus on monitoring “fundamental prudential risks” comprising: • leverage; • liquidity risk is examined in the [BRCLiqManStrat] (+)51 variable in Sect. 1 above; • interest rate and currency risk; • credit/counterparty risk; and • other market risks.52 Accordingly, these variables track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 153 with a coverage/rating of +7/87.50 rprox. Thus, the effect of these governance variables is predicted to be significant on the spine of the relational effect  Ibid, Recommendation 24, p 19.  Ibid, Recommendation 25, p 20. 49  Ibid, Recommendation 26, p 20. 50  Ibid, Recommendation 27, p 20. 51  Banks  – Board Risk Committee  – Establishment and Monitoring of Liquidity Management Strategy – Enhancement in Risk Management and Internal Monitoring Effect. 52  Walker Review 2009, above n 42, Para 6.12, p 94. 53  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp. 198–201. 47 48

1134

43  Board Risk Committee (BRC)

path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, these variables can be seen as an enhancement in the quality of decision-making reflected in an enhancing effect on Decision-­ making Factor No. 7 and therefore the other spine governance factors: • [BRCLeverage] (+)  – Banks  – Board Risk Committee  – Monitoring of Leverage – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox); • [BRCIntRates&Curr] (+) – Banks – Board Risk Committee – Monitoring of Interest Rates and Currency Risk  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox); • [BRCCredit/Counter] (+) – Banks – Board Risk Committee – Monitoring of Credit/Counterparty Risk  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox); and • [BRCOtherMktRisks] (+) – Banks – Board Risk Committee – Monitoring of Other Market Risks – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox). Other Risks Other risks – still important – beyond these risks exist but should be attended to by a “different focus and expertise” and committee: • • • •

operational; information technology; business continuity compliance; and reputational risk.54 And yet, in Sect. 4 below, the BCBS55 assigns to the BRC responsibility for:

• oversight of the strategies for: • “capital and liquidity management”  – liquidity risk is examined in the [BRCLiqManStrat] (+)56 variable in Sect. 1 above; and • “all relevant risks of the bank, such as:

 Walker Review 2009, above n 42, Para 6.12, p 94.  The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’), Paras 72–73, p  17 (format altered and bullet-points added). 56  Banks  – Board Risk Committee  – Establishment and Monitoring of Liquidity Management Strategy – Enhancement in Risk Management and Internal Monitoring Effect. 54 55

43.2  The Nature of Risks and Responsibilities Monitored by the BRC

1135

–– credit – credit risk is examined in the [BRCCredit/Counter] (+)57 variable in this Sect. 2 above; –– market – other market risk is examined in the [BRCOtherMktRisks] (+)58 variable in this Sect. 2 above; –– operational; and –– reputational risks to ensure they are consistent with the stated risk appetite”. An examination of these risks through separate or dedicated committees is beyond the scope of this Stage 2 Key Code and Advanced Handbook for the governance of Australian major banks. However, Stage 2 of the relational approach – to avoid omissions - is to adopt these risks as the responsibility of the BRC. Accordingly, these variables track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 159 with a coverage/rating of +7/87.50 rprox. Thus, the effect of these governance variables is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, these variables can be seen as an enhancement in the quality of decision-making reflected in an enhancing effect on Decision-­ making Factor No. 7 and therefore the other spine governance factors: • [BRCOperRisk] (+)  – Banks  – Board Risk Committee  – Monitoring of Operational Risks – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox); • [BRCITRisk] (+) – Banks – Board Risk Committee – Monitoring of Information Technology Risks – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox); • [BRCBusCont] (+) – Banks – Board Risk Committee – Monitoring of Business Continuity Compliance  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox); and • [BRCReputRisk] (+)  – Banks  – Board Risk Committee  – Monitoring of Reputational Risks – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox).

 Banks  – Board Risk Committee  – Monitoring of Credit/Counterparty risk  – Enhancement in Risk Management and Internal Monitoring Effect. 58  Banks – Board Risk Committee – Monitoring of Other Market Risks – Enhancement in Risk Management and Internal Monitoring Effect. 59  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp. 198–201. 57

1136

43  Board Risk Committee (BRC)

43.3 Responsibilities of the BRC BRC Responsibilities Proposed by Walker Review 2009 Again, unless otherwise stated, the following variables track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 160 with a coverage/rating of +7/87.50 rprox. Thus, the effect of these governance variables is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-­ making Factor No 7 and Responsibility Factor No 8. Alternatively, these variables can be seen as an enhancement in the quality of decision-making reflected in an enhancing effect on Decision-making Factor No. 7 and therefore the other spine governance factors. In the Walker Review 2009, Recommendation 23,61 the BRC is to have the responsibility of advising the board on: • Current risk exposures of the prudential types set out above - examined in Sect. 2 above; • Future risk strategy  – the [BRCRiskAppTolStrat] (+)62 variable examined in Sect. 1 above; • Strategy for capital and liquidity management – the [BRCLiqManStrat] (+)63 variable in Sect. 1 above; • A “supportive” culture in relation to the management of risk  – the [BRCRiskCulture] (+)64 variable examined in Sect. 1 above; • Overall risk appetite, tolerance and strategy – the [BRCRiskAppTolStrat] (+)65 variable examined in Sect. 1 above; and • The “[c]urrent and prospective macroeconomic and financial environment drawing on financial stability assessments” of relevant authoritative agencies is introduced here based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, coverage/rating + 7/87.50 rprox: –– [BRCFinStabAssess] (+) – Banks – Board Risk Committee – Monitoring of Financial Stability Assessments of Authoritative Agencies - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox).

 Ibid.  Walker Review 2009, above n 42, Recommendation 23, pp. 94–95 (bullet-points added). 62  Banks – Board Risk Committee – Establishment and Monitoring of Risk Appetite, Risk Tolerance and Future Risk Strategy – Enhancement in Risk Management and Internal Monitoring Effect. 63  Banks  – Board Risk Committee  – Establishment and Monitoring of Liquidity Management Strategy – Enhancement in Risk Management and Internal Monitoring Effect. 64  Banks – Board Risk Committee – Establishment and Monitoring of Risk Culture – Enhancement in Risk Management and Internal Monitoring Effect. 65  Banks – Board Risk Committee – Establishment and Monitoring of Risk Appetite, Risk Tolerance and Future Risk Strategy – Enhancement in Risk Management and Internal Monitoring Effect. 60 61

43.4  BRC Responsibilities Proposed by BCBS Guidelines 2015, NAB Self-Assessment… 1137

43.4 BRC Responsibilities Proposed by BCBS Guidelines 2015, NAB Self-Assessment 2018, Westpac Review Team 2018 and ASIC Again, unless otherwise stated, these variables track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 166 with a coverage/rating of +7/87.50 rprox. Thus, the effect of these governance variables is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, these variables can be seen as an enhancement in the quality of decision-making reflected in an enhancing effect on Decision-making Factor No. 7 and therefore the other spine governance factors. BCBS Guidelines 2015 The following variables are based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, coverage/rating + 7/87.50 rprox. For the BCBS, the role of the BRC67: • “should discuss all risk strategies on both an aggregated basis and by type of risk and make recommendations to the board thereon, and on the risk appetite”  examined in sections 43.1–43.2 above of this Chap. 43; • “is required to review the bank’s risk policies at least annually”: • [BRCReviewRiskPolicies] (+) – Banks – Board Risk Committee – Review of Risk Policies (Annual) - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/ rating + 7/87.50 rprox); and • “should oversee that management has in place processes to promote the bank’s adherence to the approved risk policies”: –– [BRCReviewMmtPolicies] (+) – Banks – Board Risk Committee – Review of Management Policies for Adhering to Approved Risk Policies  Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/ rating + 7/87.50 rprox). Other responsibilities that the BCBS68 has assigned to the BRC are: • “advising the board on the bank’s overall current and future risk appetite”  – examined in Sect. 1 above;

 Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp. 198–201. 67  BCBS Guidelines 2015, above n 55, Para 71, p 17. 68  Ibid, Paras 72–73, p 17 (format altered and bullet-points added). 66

1138

43  Board Risk Committee (BRC)

• “overseeing senior management’s implementation of the RAS [risk appetite statement]”: –– [BRCReviewMmtRAS] (+) – Banks – Board Risk Committee – Review of Management’s Implementation of Risk Appetite Statement (RAS)  Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/ rating + 7/87.50 rprox); • “reporting on the state of risk culture in the bank” – examined in Sect. 43.1 above; • “interacting with and overseeing the CRO”: –– [BRCOseeCRO] (+) – Banks – Board Risk Committee – Oversight of CRO Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating  +  7/87.50 rprox); and • as examined in Sect. 43.2 above, oversight of the strategies for: –– “capital and liquidity management”  – liquidity risk is examined in the [BRCLiqManStrat] (+)69 variable in Sect. 43.1 above; and –– “all relevant risks of the bank, such as: • credit – credit risk is examined in the [BRCCredit/Counter] (+)70 variable in Sect. 43.2 above; • market – other market risk is examined in the [BRCOtherMktRisks] (+)71 variable in Sect. 43.2 above; • operational; and • reputational • risks to ensure they are consistent with the stated risk appetite”. NAB Self-Assessment 2018 Again following the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 172 with a coverage/rating of +7/87.50 rprox for the NAB Self-Assessment 2018,73 the role of the BRC is to:

 Banks  – Board Risk Committee  – Establishment and Monitoring of Liquidity Management Strategy – Enhancement in Risk Management and Internal Monitoring Effect. 70  Banks  – Board Risk Committee  – Monitoring of Credit/Counterparty risk  – Enhancement in Risk Management and Internal Monitoring Effect. 71  Banks – Board Risk Committee – Monitoring of Other Market Risks – Enhancement in Risk Management and Internal Monitoring Effect. 72  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp. 198–201. 73  National Australia Bank, NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/content/dam/ nabrwd/documents/reports/corporate/nab-self-assessment-2018.pdf (‘NAB Self-­ Assessment 2018’). 69

43.4  BRC Responsibilities Proposed by BCBS Guidelines 2015, NAB Self-Assessment… 1139

• “establish NAB’s risk appetite and oversight of NAB’s risk management strategy and risk profile”:74 –– [NABBRCRiskApp] (+)  – Banks  – Board Risk Committee  – Establish Bank’s Risk Appetite  - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/ rating + 7/87.50 rprox); –– [NABBRCOseeRMS] (+) – Banks – Board Risk Committee – Oversee Bank Risk Management Strategy (RMS) - Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox); –– [NABBRCOseeRiskProfile] (+) – Banks – Board Risk Committee – Oversee Bank Risk Profile  - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/ rating + 7/87.50 rprox); • “review management’s plans to mitigate risk”75: • [NABBRCReviewMitRisk] (+) – Banks – Board Risk Committee – Review of Management Plans to Mitigate Risk - Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­ making, (coverage/rating + 7/87.50 rprox); • “promote a risk-based culture across the bank”76: –– [NABBRCPromoteRiskCult] (+)  – Banks  – Board Risk Committee  – Promotion of Risk-Based Culture Across the Bank - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox); • “oversee the effectiveness of the risk management framework”77: –– [NABBRCOseeRMF] (+) – Banks – Board Risk Committee – Oversee the Effectiveness of Bank Risk Management Framework (RMF)  Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/ rating + 7/87.50 rprox). Westpac Review Team 2018 Practice – Positive (+) Direction Again, following the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 178 with a coverage/rating of +7/87.50 rprox for the Westpac Review Team 2018,79 the operation of the BRC should involve in the positive (+) direction:  Ibid, p 11.  Ibid. 76  Ibid. 77  Ibid. 78  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp. 198–201. 79  Westpac Banking Corporation, Review Team, Governance, Accountability and Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. 74 75

1140

43  Board Risk Committee (BRC)

• the Chair of the BRC meeting with all presenters before BRC meetings80: –– [WBCBRCChairMeetPresent] (+) – Banks – Board Risk Committee – BRC Chair to Meet Presenters Before BRC Meeting  - Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, (coverage/rating + 7/87.50 rprox) (Westpac); • the BRC with “direct access to employees with day-to-day responsibility for oversight and management of specific risks”81: –– [WBCBRCDirectAccess] (+)  – Banks  – Board Risk Committee  – Direct Access to Responsible Employees for Specific Risks - Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox) (Westpac); • the BRC “assess[ing] the capabilities of individuals and [to] ensure that undue reliance is not placed on just a few individuals”82: –– [WBCBRCAssessEmploy] (+)  – Banks  – Board Risk Committee  – Assessment of Employees to Avoid Over-reliance on Individuals  Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox) (Westpac); • the attendance of the General Manager of Group Audit83: –– [WBCBRCAttendGMGrpAudit] (+)  – Banks  – Board Risk Committee  – Attendance of General Manager of Group Audit  - Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox) (Westpac); • an assessment of the efficiency and adequacy of time allocated for BRC work84: –– [WBCBRCAssessEffic&AdeqTime] (+)  – Banks  – Board Risk Committee – Assessment of the Efficiency and Adequacy of Time Allocated for BRC Work -Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, (coverage/rating + 7/87.50 rprox) (Westpac).

au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-Assessment_Report_.pdf (‘Westpac Review Team 2018’). 80  Ibid, section 5.2.6, p 33. 81  Ibid, section 5.2.7, p 33. 82  Ibid. 83  Ibid, section 5.2.8, p 33. 84  Ibid, section 5.2.9 and Recommendation G1, p 33.

43.4  BRC Responsibilities Proposed by BCBS Guidelines 2015, NAB Self-Assessment… 1141

Westpac Review Team 2018 Practice – Negative (−) Direction For the Westpac Review Team 2018 and following the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 185 but in the negative (−) direction, coverage/rating − 7/87.50 rprox, the operation of the BRC involves: • BRC oversight of issue resolution and closure86: –– [WBCBRCExtendedIssues] (−) – Banks – Board Risk Committee –- BRC Oversight of Issue Resolution and Closure – 30% of Issues are Extended – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (Westpac)87; –– [WBCBRCLong-OutstandIssues] (−) – Banks – Board Risk Committee –BRC Oversight of Issue Resolution and Closure – 16% of Open Issues are Long-outstanding Issues (more than 365  days)  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-­making, coverage/rating − 7/87.50 rprox (Westpac)88; –– [WBCBRCHigh-RatedExtendedIssues] (−)  – Banks  – Board Risk Committee –- BRC Oversight of Issue Resolution and Closure – “Percentage of High-Rated Issues Extended More than Once is Outside of Risk Appetite” Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (Westpac)89 including remediation: • “to develop realistic, verifiable timeframes and associated accountabilities for the prompt and effective resolution of long-outstanding issues”.90 ASIC Governance Taskforce 2019 For the ASIC Governance Taskforce 2019,91 its recommendations in relation to BRCs included: (1) BRCs need to dedicate enough time to discharging their mandate; (2) BRCs need to meet often enough to oversee material risks in a timely manner; (3) BRC members need to ensure they are providing informed oversight; (4) Boards need to actively engage in decisions and proposals at the BRC level; (5) There should be clear escalation processes for urgent material risks; [and]

 Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp. 198–201. 86  Westpac Review Team 2018, above n 79, sections 5.3.11–5.3.13, p 37. 87  Ibid, section 5.3.11, p 37. 88  Ibid. 89  Ibid, section 5.3.12, p 37. 90  Ibid, Recommendation G8, p 37. 91  Australian Securities and Investments Commission, ASIC Corporate Governance Taskforce, Director and Officer Oversight of Non-financial Risk Report, October 2019, accessed 15 April 2020, available at https://download.asic.gov.au/media/5290879/rep631-published-2-10-2019.pdf (‘2019ASIC’). 85

1142

43  Board Risk Committee (BRC)

(6) Emerging issue: Implications of changing BRC membership and attendance patterns.92

Following the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 193 but in the negative (−) direction, coverage/rating − 7/87.50 rprox, the operation of the ASIC BRC involves (with ASIC better practice noted): • [2019ASICBRCFailSufficTimeDischarge] (−) – 2019ASICBRC – Board Risk Committee – Failure to Dedicate Sufficient Time to Discharge BRC Mandate94 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating  −  7/87.50 rprox (2019ASIC) including: –– “BRCs are not considering significant risks, which are being dealt with at other venues such as full board meetings”;95 and/or –– “BRCs are not being fully utilised to resolve the challenges non-financial risks represent to companies”;96 and –– ASIC better practice: • [c]ommittees dealing with risk need to ensure they give sufficient time to discharging their risk mandate. This includes the need to consider ‘big picture’ framework issues as well as current and future risk positions or significant risk events that emerge;97 and • [d]irectors who chair or sit on a BRC and multiple other boards should ensure they have capacity to attend to their oversight duties not only during ‘business as usual’ periods but also during periods of intense activity”;98

• [2019ASICBRCFailMeetFreqMatRisksTimely] (−)  – 2019ASICBRC  – Board Risk Committee  – Failure of BRC to Meet Often Enough to Oversee Material Risks in a Timely Manner99  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (2019ASIC) including: –– “oversee[ing] management’s implementation and operation of the risk management framework and risk management strategy”;100 –– “BRCs oversaw current and emerging risks, in addition to risk framework matters”;101 and –– ASIC better practice:  Ibid, p 1.  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp. 198–201. 94  2019ASIC, above n 91, p 43. 95  Ibid. 96  Ibid (footnote omitted). 97  Ibid, p 44 (bullet-point added). 98  Ibid. 99  Ibid, p 45. 100  Ibid. 101  Ibid. 92 93

43.4  BRC Responsibilities Proposed by BCBS Guidelines 2015, NAB Self-Assessment… 1143 • [i]t is important to identify trends or significant risks early. Two companies formalised this in their charters. One gave its BRC a mandate to ‘identify thematic issues that require attention’ and the other required the escalation to the BRC of ‘new, heightened or significantly varying risks in a timely way;102 • [h]owever, BRCs need to ensure this occurs in practice and is not just an aspirational statement in the charter. We saw evidence of one BRC requesting ‘deep dives’ into certain risks, as a form of root cause analysis;103 [and] • [w]hile it is important to have processes for escalating urgent risks, if material risks are routinely addressed outside committee meetings, companies should consider whether the frequency of their BRC meetings is adequate;104

• [2019ASICBRCFailInformedOsightEnquire] (−) – 2019ASICBRC – Board Risk Committee – Failure of BRC Members to Provide Informed Oversight and Duty to Make Enquiries of Management105 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (2019ASIC) including: –– failure to receive adequate information to “identify the root causes of issues that arise [or] monitor how the [bank] is tracking against its risk appetite”;106 and –– ASIC better practice to have positive duty on BRC to make enquiries: • [m]embers of the committee must ensure they are providing informed oversight; • [i]f the BRC believes management is not giving it adequate information about compliance with the risk management framework, or if it is only receiving ‘good news’, then the BRC has a duty to make enquiries of management and take steps to rectify the information flow; • BRCs should ensure that their charter accurately reflects actual practice in relation to informed oversight; [and] • [g]etting management to undertake root cause or thematic analysis of non-­financial risks that continue to arise in the company’s operations demonstrates active stewardship on the part of directors. These enquiries are for the purposes of informing the BRC, not undertaking the role of management.107

• [2019ASICBRCFailBrdEngageBRCLevel] (−)  – 2019ASICBRC  – Board Risk Committee  – Failure of Board to Actively Engage in Decisions and Proposals at BRC Level108  – Reduction in Risk Management and Internal ­ Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (2019ASIC) including: –– ‘signs of active oversight’ by directors: • requesting further information, analysis or action from management; • asking questions of management; • requesting changes to recommendations or proposals;  Ibid, p 46 (bullet-point added).  Ibid. 104  Ibid. 105  Ibid, p 47. 106  Ibid. 107  Ibid (bullet-points added). 108  Ibid, p 48. 102 103

1144

43  Board Risk Committee (BRC) • rejecting recommendations or proposals; [and] • driving the implementation of changes to address identified failures by management109;

–– ASIC better practice: • [a]sking questions of management is good practice. But simply expressing concern, or passively providing feedback for management’s ‘consideration’, is not the same as genuine active oversight; [and] • [s]uch oversight can involve changing behaviours and imposing consequences, where necessary. This is especially so where the board or BRC sees evidence of systemic issues (for instance, the continued failure of internal controls that result in not seeking board approval);110

–– ASIC examples of ‘boards providing active oversight’ • [o]ne company introduced a requirement that accountable executives from the responsible business unit attend board meetings to talk to high-rated ‘red’ risk incidents and to take responsibility for closing them out; [and] • [w]here the board expressed concern over a particular course of action, we also observed an example of members asking specific questions about methodology, managing consequences and the adequacy of resourcing before requesting updates on progress and changes to reporting.111

• [2019ASICBRCFailEscalationUrgentMatRisks] (−)  – 2019ASICBRC  – Board Risk Committee  – Failure of Clear Escalation Processes for Urgent Material Risks Arising Between BRC Meetings112  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decisionmaking, coverage/rating − 7/87.50 rprox (2019ASIC) including: –– [d]ealing in an ad hoc manner with time-sensitive issues that are sufficiently material to be escalated to the BRC can result in: • • • •

no consistency in the matters escalated; fractured information flows to the board; [and] board members only partially participating in significant decisions; [and] issues not being followed up appropriately;113

–– ASIC better practice: • [d]ifferent circumstances may warrant different responses. What is important is that there should be transparent and consistent processes for escalating urgent material risks outside committee meetings. These should detail who, where and how to deal with and close out these issues;114 • [t]ransparent escalation processes should define: –– [w]ho to escalate the matter to initially (the BRC chair, the CEO and/or the board chair);

 Ibid (bullet-points in original).  Ibid, p 49 (bullet-points added). 111  Ibid (bullet-points in original). 112  Ibid, p 50. 113  Ibid (bullet-points in original). 114  Ibid (no bullet-points in original). 109 110

43.4  BRC Responsibilities Proposed by BCBS Guidelines 2015, NAB Self-Assessment… 1145 –– [t]he forum for addressing the issue and how to involve BRC members (for example, hold an ad hoc BRC meeting or full board meeting, or have the BRC chair and CRO reach a decision, which is then communicated to other BRC members); [and] –– [h]ow issues are recorded and closed out so the BRC retains oversight if these matters will not be captured in the action items register of regular committee meetings;115

ASIC Governance Taskforce 2019 “Emerging Issue: Implications of Changing BRC Membership and Attendance Patterns”116 and “Full Board Attendance at BRC Meetings”117 Following the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1118 and in the dual (+/−) direction, coverage/rating +/−7/87.50 rprox, ASIC sees both advantages and disadvantages in having all NEDs as members of the BRC or all NEDs routinely attend the BRC: • in the negative (−) direction: –– [2019ASICBRCFullBrdRoutineAttendBRCMeet] (−) – 2019ASICBRC – Board Risk Committee  – Full Board Routinely Attends BRC Meetings  Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 7/87.50 rprox (2019ASIC) including: • [i]f a company has inefficient information flows, resulting in the full board having to attend BRC meetings, the company should also prioritise improving its processes.119

• for the positive (+) direction or effect, ASIC requires all directors to be formal members of the BRC and an effective BRC chairperson: –– [2019ASICBRCFullBrdFormalMshipBRCChair] (+) – 2019ASICBRC – Board Risk Committee – Full Board is Formally Made BRC Members and Effective BRC Chair120  - Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/ rating + 7/87.50 rprox (2019ASIC) including: • [t]his would ensure that attending directors have the requisite voting rights, so they are not disenfranchised from material risk decisions; • [f]ormalising membership also reduces the risks involved with informally reducing information flows to the full board in circumstances where directors may stop attending BRC meetings at any time; [and]

 Ibid (bullet-points in original).  Ibid, Emerging Issue: Implications of changing BRC membership and attendance patterns, p 51. 117  Ibid, p 52. 118  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp. 198–201. 119  2019ASIC, above n 91, p 52. 120  Ibid. 115 116

1146

43  Board Risk Committee (BRC) • [i]t is also essential for companies to have an effective BRC chair who retains control and carriage of BRC meetings. This is more likely to maintain structured and robust decision-making frameworks and accountabilities, regardless of membership and attendance.121

43.5 APRA Failings in Operation, Reporting and Reliance on Key Individuals of the BRC In Sect. 38.6 above, the relational approach introduced a governance variable modelled on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 with a coverage/rating of +8/100.00 rprox – but negative (−) in effect – representing failure or deficiency in the flow of information to escalate problems or ‘red flags’ upward through the bank to senior management and/or the board. This variable represents a failing in the Board’s responsibilities or functions in the oversight of the risk management function by failing to escalate problems or red flags: • [FailRedFlag] (−) – Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (OECD Key Findings 2009), (OECD Kirkpatrick Report 2009), (EC Green Paper 2010). This ‘red flag’ variable is a (failure of) disclosure variable identical to the [TransTimeMon] (+)122 variable except in the negative (−) direction to reflect a reduction in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the deficiency in information flow. Alternatively, there is a reduction in the quality of decision-­ making – Decision-making Factor No 7 and/or a failure of clear lines of accountability/responsibility affecting negatively Responsibility Factor No 8. The Stage 2 relational approach turns in this section to consider failings in the BRC identified by APRA and modelled on the [FailRedFlag] (−) variable in Sect. 38.6 above and, in turn, the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 – but negative (−) in effect, coverage/rating − 8/100.00 rprox. For APRA, failings in relation to the BRC were in relation to: • operation of the BRC123:

 Ibid.  See discussion in section 9.1.2.1 of Stage 1, above n 2, pp. 198–199. 123  Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (‘APRA Final Report’), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-Report_30042018.pdf, p 17. Ibid. 121 122

43.5  APRA Failings in Operation, Reporting and Reliance on Key Individuals…

1147

–– failure to consider operational compliance and non-financial risks124: • [BRCFailOpsComplyNon-Fin] (−) – Banks – Board Risk Committee – Failure to Consider Operational Compliance and Non-Financial Risks  – Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making - Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report)125; • failure to consider workings of controls126: –– [BRCFailControls] (−)  – Banks  – Board Risk Committee  – Failure to Consider Workings of Controls  – Reduction in Information Flow  Reduction in Quality of Risk Management and Internal Monitoring and Decision-­making - Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report)127; • failure to consider reputational standing from non-financial risks128: –– [BRCFailReputRisk] (−) – Banks – Board Risk Committee – Failure to Consider Reputational Standing from Non-Financial Risks – Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making - Reduction in Quality of Accountability/ Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report);129 • reporting of the BRC:130 –– consideration of only aggregate measures of untested or unsatisfactory controls:131 • [BRCFailAggMeasures] (−)  – Banks  – Board Risk Committee  – Consideration of Only Aggregate Measures of Untested or Unsatisfactory Controls – Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making - Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox, (APRA Final Report);132 –– failure to consider individual key risk indicators:133  Ibid, p 17.  Ibid, p 17. 126  Ibid. 127  Ibid. 128  Ibid. 129  Ibid. 130  Ibid, p 18. 131  Ibid. 132  Ibid. 133  Ibid. 124 125

1148

43  Board Risk Committee (BRC)

• [BRCFailIndivRisk] (−) – Banks – Board Risk Committee – Failure to Consider Individual Key Risk Indicators  – Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  - Reduction in Quality of Accountability/ Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report)134; –– failure to analyse trends and trajectory of risk135: • [BRCFailTrendAnalyse] (−) – Banks – Board Risk Committee – Failure to Analyse Trends and Trajectory of Risk  – Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  - Reduction in Quality of Accountability/ Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report);136 • Key individual reliance:137 –– over-reliance on CRO to determine risks to be reported to directors:138 • [BRCFailCROOverRely] (−) – Banks – Board Risk Committee – Over-­ reliance on CRO to Determine Risks to be Reported to Directors  – ­Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making - Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report);139 • failure to disclose issue escalation protocols to BRC in bank policies: 140 –– [BRCFailEscalProtocol] (−) – Banks – Board Risk Committee – Failure to Disclose Issue Escalation Protocols to BRC in Bank Policies – Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making - Reduction in Quality of Accountability/ Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report);141 and • failure to challenge expert individuals on the BRC: 142 –– [BRCFailChallengeExpert] (−) – Banks – Board Risk Committee – Failure to Challenge Expert Individuals on the BRC  – Reduction in Information Flow  - Reduction in Quality of Risk Management and Internal Monitoring

 Ibid.  Ibid. 136  Ibid. 137  Ibid. 138  Ibid. 139  Ibid. 140  Ibid. 141  Ibid. 142  Ibid. 134 135

43.6  Westpac Reporting to the BRC

1149

and Decision-making - Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox, (APRA Final Report).143

43.6 Westpac Reporting to the BRC The Stage 2 relational approach turns in this section to consider variables for reporting to the BRC identified by Westpac and modelled (in the negative (−) direction) on the [FailRedFlag] (−) variable in Sect. 38.6 above and, in turn, the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 – but negative (−) in effect, coverage/rating − 8/100.00 rprox. Variables in the positive direction are similarly modelled in the opposite direction. For Westpac, variables in relation to reporting to the BRC in the negative (−) direction were: • volume and complexity of agenda items, reports and information for BRC members144: –– [WBCBRCVolumeComplexInfo] (−)  – Banks  – Board Risk Committee  Volume and Complexity of Agenda items, Reports and Information for BRC Members  – Reduction in Information Flow  - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  - Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox, (Westpac); • “overly-extensive level of analysis and documentation” in a “completeness culture” contributing to volume of reporting to BRC145: –– [WBCBRCOverExtenAnalyis&Docs] (−)  – Banks  – Board Risk Committee  – Overly-extensive Level of Analysis and Documentation in Reporting to BRC – Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making - Reduction in Quality of Accountability/Responsibility, coverage/rating  −  8/100.00 rprox, (Westpac); • “Key Considerations” section not always highlighting the main points nor giving gravity of particular risk:146 –– [WBCBRCFailKeyConsids&Gravity] (−)  – Banks  – Board Risk Committee – Key Considerations Do Not Always Highlight Main Points or Gravity of a Particular Risk – Reduction in Information Flow - Reduction in  Ibid.  Westpac Review Team 2018, above n 79, section 5.2.11, p 33. 145  Ibid, section 5.2.12, p 33. 146  Ibid, section 5.2.13, pp. 33–34. 143 144

1150

43  Board Risk Committee (BRC)

Quality of Risk Management and Internal Monitoring and Decision-making Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox, (Westpac); • failure to highlight “top issues” and failure to be forthright in reporting and escalation of issues which requires more balanced information:147 –– [WBCBRCFailTopIssues&Escalate] (−) – Banks – Board Risk Committee – Failure to Highlight “Top Issues” and Report and Escalate Issues – Reduction in Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making - Reduction in Quality of Accountability/ Responsibility, coverage/rating − 8/100.00 rprox, (Westpac); For Westpac, variables in relation to reporting to the BRC based on the [TransTimeMon] (+) variable in the positive (+) direction were: • “Group Executives of each division prepare and submit an update to the [BRC] on the main issues being managed in their division and divisional risk and compliance committees” to enhance accountability of Line 1:148 –– [WBCBRCGroupExecDivnUpdate] (+) – Banks – Board Risk Committee – Group Executives of each Division Prepare and Submit an Update to the BRC - Enhancement in Information Flow - Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making - Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox, (Westpac); • contents of BRC reports to be enhanced:149 –– [WBCBRCEnhanceReportContents] (+)  – Banks  – Board Risk Committee –– Enhancement of Contents of BRC Reports - Enhancement in Information Flow  - Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making  - Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox, (Westpac) including: • summary of options for management with relevant features, considerations and explanation why another option was favoured; • assumptions, judgements, sensitivities and limitations of options; • analysis of impact on resources and FTE; and • rating of importance and urgency for BRC attention to allocate agenda time;150

 Ibid, section 5.2.14, p 34.  Ibid, section 5.2.10, p 33. 149  Ibid, section 5.2.16, p 34. 150  Ibid. See also Recommendation G2, p 34. 147 148

43.6  Westpac Reporting to the BRC

1151

• Chair of BRC to attend as member of Board Audit Committee:151 –– [WBCBRCChairMemberAudCom] (+) – Banks – Board Risk Committee – Chair of BRC to be Member of Board Audit Committee - Enhancement in Information Flow - Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making - Enhancement in Quality of Accountability/ Responsibility, coverage/rating + 8/100.00 rprox, (Westpac).

 Ibid, section 5.2.18 and Recommendation G3, p 34.

151

Chapter 44

Board Risk Committee Composition

Abstract  In Chap. 44 we examine the composition of the Board Risk Committee. This begins with the independence, status and reporting lines of the CRO. By way of summary, we construct governance variables for the establishment, independence, status and reporting lines of the CRO: • • • •

establishment and independence of the CRO; status of the CRO; reporting lines of the CRO; and access of the CRO.

We conclude our examination of the CRO with the role and responsibilities of the CRO. There follows discussion of the role and contribution of non-executive directors on the BRC. Continuing, we examine the BRC and risk appetite and weightings for incentives and economic assessments, “stress” testing and metrics including authoritative financial stability assessments and stress, scenario and fail testing. We move on to external advisers to the BRC and the BRC and significant mergers, acquisitions and disposals. A separate BRC Report is examined with two disclosure variables. We conclude with the APRA requirement that there should be no constraints on persons providing information to APRA. Keywords  BRC composition · Chief Risk Officer (CRO) · CFO independence · CFO status · CFO reporting lines · CFO roles and responsibilities · Contribution of NEDs on BRC · BRC and risk appetite · BRC and weightings for incentives · Stress testing and metrics · Separate BRC report

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_44

1153

1154

44  Board Risk Committee Composition

The Walker Review 2009’s BRC is composed of a majority of non-executive directors (NEDs) with a non-executive director as chairperson.1 A number of executives are contemplated as members or present: • CFO; • Chief Risk Officer (CRO); • by agreement between the Chair of the BRC and CEO, the CEO depending on whether their (possibly dominating) presence would promote or reduce open discussion;2 and • there should be overlap with the Audit Committee by attendance of the Audit Committee Chairperson.3 For the BCBS, the composition of the BRC should: • be required for systemically important banks and is strongly recommended for other banks based on a bank’s size, risk profile or complexity; • should be distinct from the audit committee, but may have other related tasks, such as finance; • should have a chair who is an independent director and not the chair of the board or of any other committee; • should include a majority of members who are independent; [and] • should include members who have experience in risk management issues and practices[.]4

For the Westpac Review Team 20185, the BRC is comprised of all NEDs6 and there should be overlapping of membership with the Board and other committees.7 The Walker Review 2009 also requires NEDs on the BRC to have “substantial financial experience”8 examined in Sect. 44.3 below. Governance variables for the establishment, independence, status and reporting lines of the CRO are set out in the Sect. 44.1 following below. A governance variable for the role and responsibilities of the CRO is set out in Sect. 44.2.

 David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury. gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’), Para 6.15, p 95. 2  Ibid, Para 6.15, p 96. 3  Ibid. 4   The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’), Para 71, p 17. 5  Westpac Banking Corporation, Review Team, Governance, Accountability and Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-Assessment_Report_.pdf (‘Westpac Review Team 2018’). 6  Ibid, section 5.2.3, p 32. 7  Ibid, section 5.2.4, p 32. 8  Walker Review 2009, above n 1, Para 6.17, p 96. 1

44.1  Independence, Status and Reporting Lines of CRO

1155

44.1 Independence, Status and Reporting Lines of CRO The CRO today is, of course, a well-established office within the risk management framework of the bank. Tarraf’s review of GFC literature cites a paper delivered by Brian Bolton which found that firms with a CRO “enjoyed higher profitability and suffered fewer loan losses during the crisis”.9 The Walker Review 2009 calls for an independent Chief Risk Officer (CRO) with oversight at the highest level, independent of, but interacting with, all business units, particularly the treasury for which the CRO’s role may overrule the Treasurer: In support of board-level risk governance, a BOFI board should be served by a CRO who should participate in the risk management and oversight process at the highest level, covering all risks across the organisation, on an enterprise-wide basis, and should have a status of total independence from individual business units. Apart from interface with business units, this role will also require clear understanding and collaboration at corporate level, for example and in particular with the treasury function. The Treasurer has day-to-day responsibility for liquidity and funding, but it should be understood that on specifically risk aspects of the liquidity position and policies of the entity, the CRO has a decisive role.10

For the BCBS, the CRO must be independent and have separate executive functions apart from other executive functions, have direct access to the BRC and be able to meet with the board or BRC in the absence of executive directors.11 The EC Green Paper 2010 required that, to strengthen risk management functions, the CRO should have at least equal status to the CFO and have direct access to the board to report problems: It therefore seems necessary to strengthen the independence and authority of the risk management function, particularly by enhancing the status of the chief risk officer (CRO). In particular, it seems desirable that the chief risk officer should have at least equal status to the chief financial officer within the internal organisation of a financial institution, and that they should be able to directly report any risk-related problem to the board of directors.12

Indeed, the OECD Kirkpatrick Report 2009 also noted that, at some banks, risk management staff were of a lower status and prestige than traders.13

 Hussein Tarraf, “Literature Review on Corporate Governance and the Recent Financial Crisis”, (27 December 2010), accessed 10 April 2017 at SSRN: http://ssrn.com/abstract=1731044, 15 citing B Bolton, “Corporate Governance Structures and the US Financial Crisis”, Paper presented at the Annual Conference of Corporate Governance: An International Perspective, Philadelphia, PA. 10  Walker Review 2009, above n 1, Para 6.21, p 98. See also Recommendation 24, p 99. 11  BCBS Guidelines 2015, above n 4, Para 110, p 26. 12  European Commission, Green Paper, Corporate Governance in Financial Institutions and Remuneration Policies, COM(2010) 284 final, Brussels, 2 June 2010, accessed 23 March 2017 at http://www.ecgi.org/commission/documents/green_paper_com2010_284_en.pdf (‘EC Green Paper 2010’), section 5.2, p 13. 13  Grant Kirkpatrick, The Corporate Governance Lessons from the Financial Crisis, Report of the OECD Steering Group on Corporate Governance, 11 February 2009, Financial Market Trends, Vol 2009/1, ISSN 1995-2864, accessed 27 March 2017 at http://search.oecd.org/finance/financial-­ markets/42229620.pdf, (‘OECD Kirkpatrick Report 2009’), 12. 9

1156

44  Board Risk Committee Composition

To ensure independence, and as in the provisions for company secretaries, removal of the CRO should require board agreement and the CRO’s pay should be agreed with the Chairperson of the board or the Chair of the remuneration committee: The tenure of the CRO should be underpinned by a provision, as in many companies for the company secretary, that removal from office requires the prior agreement of the board. The remuneration of the CRO should be subject to the specific approval of the chair[person] or the chair[person] of the board remuneration committee with the purpose of ensuring that the overall package is appropriate to the significance of the role.14

The CRO should report internally to the CEO or CFO and also to the BRC “with direct access to the chair[person] of the committee in the event of need.”15 The IIF made a number of similar recommendations for the CRO, summarized here as: • the CRO should have senior management-level responsibility for risk management;16 • be autonomous and independent of business management “and have sufficient seniority and internal voice in the firm to have a meaningful impact on decisions”;17 • the CRO should report directly to the CEO with a seat on the (senior) management committee and with regular reporting to the full board and more frequently to the BRC;18 • must bring to the attention of line and senior management and the board concerns of risk management or breach of risk-appetite guidelines;19 and • the CRO must be independent of business units but interact regularly with them “so that the CRO and all risk managers have sufficient access to business information.”20 The CRO oversees the second line of defence – the risk management function – examined in more detail in Chap. 45 below.

 Walker Review 2009, above n 1, Para 6.22, p 98. See also Recommendation 24, p 99.  Ibid, Recommendation 24, p 99. 16  Institute of International Finance, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, Financial Services Industry Response to the Market Turmoil of 2007–2008, Washington, DC, July 2008, accessed 24 March 2017 at http://www.apec.org.au/docs/11_CON_GFC/IIF_Final_Report_of_the_Committee_on_Market_ Best_Practices.pdf (‘IIF Final Report 2008’), Recommendation I.15, p 36. 17  Ibid, Recommendation I.16, p 36. 18  Ibid, Recommendation I.17, p 36. 19  Ibid, Recommendation I.18, p 36. 20  Ibid, Recommendation I.19, p 36. 14 15

44.1  Independence, Status and Reporting Lines of CRO

1157

Summary – Governance Variables for Establishment, Independence, Status and Reporting Lines of the CRO The discussion in this Sect. 44.1 raises a number of governance variables relating to establishment, independence, status and reporting lines of the CRO. The discussion in Sect. 44.2 raises a governance variable for the role and responsibilities of the CRO. Unless otherwise stated, these variables track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 121 with a coverage/rating of +7/87.50 rprox. Thus, the effect of these governance variables is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, these variables can be seen as an enhancement in the quality of decision-making reflected in an enhancing effect on Decision-making Factor No. 7 and therefore the other spine governance factors. Establishment and Independence of CRO As noted in this Sect. 44.1, the following variable is based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, coverage/rating +7/87.50 rprox: • [CROIndConds] (+)  – Banks  – Chief Risk Officer (CRO)  – Independence Conditions  – Enhancement of Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating +7/87.50 rprox. The recommended ‘independence conditions’ cover: –– independence from  – but interaction with  – business units (Walker Review 2009), (BCBS); –– CRO “must have the necessary independence to provide effective challenge to the business” (APRA);22 –– the CRO must be independent of business units but interact regularly with them “so that the CRO and all risk managers have sufficient access to business information” (IIF);23 –– collaboration with treasury function (Walker Review 2009):

 Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See Board – Director Skills ‘Mix’ – see discussion in section 7.3.1.2.1 of Stage 1, pp 198–201. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 22  Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (‘APRA Final Report’), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-Report_30042018.pdf, Recommendation 10, p 31. 23  IIF Final Report 2008, above n 16, Recommendation I.19, p 36. 21

1158

44  Board Risk Committee Composition

• on risk aspects of the liquidity position and policies, the CRO can overrule the Treasurer; –– CRO’s executive function must be separate from other executive functions (BCBS); –– removal of the CRO should require board agreement (Walker Review 2009); –– CRO’s pay should be agreed with the Chairperson of the board or the Chairperson of the remuneration committee (Walker Review 2009); and –– CRO should be autonomous and independent of business management “and have sufficient seniority and internal voice in the firm to have a meaningful impact on decisions” (IIF).24 Status of CRO As noted in this Sect. 44.1, the following variable is based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, coverage/rating +7/87.50 rprox: • [CROStatusConds] (+)  – Banks  – Chief Risk Officer (CRO)  – Status Conditions  – Enhancement of Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating +7/87.50 rprox. The recommended ‘status conditions’ cover: –– CRO to have at least equal status to the CFO (EC); –– CFO to have direct access to the board to report problems (EC); –– CRO should have senior management-level responsibility for risk management (IFF);25 and –– CRO should report directly to the CEO with a seat on the (senior) management committee (IFF). Reporting Lines of CRO As noted in this Sect. 44.1, the following variable is based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, coverage/rating +7/87.50 rprox: • [CROReportLines] (+)  – Banks  – Chief Risk Officer (CRO)  – Reporting Lines  – Enhancement of Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating +7/87.50 rprox. The recommended reporting lines are: –– CRO to have direct access to the board to report problems (EC); –– CRO should report internally to the CEO or CFO (Walker Review 2009); –– CRO should report internally to the BRC “with direct access to the chair[person] of the committee in the event of need” 26 (Walker Review 2009);

 Ibid, Recommendation I.16, p 36.  Ibid, Recommendation I.15, p 36. 26  Walker Review 2009, above n 1, Recommendation 24, p 99. 24 25

44.2  The Role and Responsibilities of the CRO

1159

–– CRO should report directly to the CEO with a seat on the (senior) management committee (IFF); –– CRO to report regularly to the full board and more frequently to the BRC (IFF); –– CRO must bring to the attention of line and senior management and the board concerns of risk management or breach of risk-appetite guidelines (IFF); and –– CRO and other functions will report to the BRC on (BCBS – see Sect. 44.2 below): • • • •

“bank’s current risk profile”; “current state of the risk culture”; “utilisation against the established risk appetite”; and “limits, limit breaches and mitigation plans.”27

Access of CRO As noted in this Sect. 44.1, the following variable is based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, coverage/rating +7/87.50 rprox: • [CROAccessConds] (+)  – Banks  – Chief Risk Officer (CRO)  – Access Conditions  – Enhancement of Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating +7/87.50 rprox. The recommended ‘access conditions’ cover: –– direct access to the BRC (BCBS); –– CRO is able to meet with the board or BRC in the absence of executive directors (BCBS); –– CRO to have direct access to the board to report problems (EC); –– CRO should report internally to the BRC “with direct access to the chair[person] of the committee in the event of need” 28 (Walker Review 2009); and –– communication and coordination by the CRO with the Audit Committee “to facilitate the exchange of information and effective coverage of all risks, including emerging risks, and any needed adjustments to the risk governance framework of the bank.”29 (BCBS – see Sect. 44.2 below).

44.2 The Role and Responsibilities of the CRO As noted in Sect. 44.1, the following variable is based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1, coverage/rating +7/87.50 rprox: • [CRORole&Resps] (+)  – Banks  – Chief Risk Officer (CRO)  – Role and Responsibilities – Enhancement of Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating +7/87.50 rprox.

 BCBS Guidelines 2015, above n 4, Para 74, p 17.  Walker Review 2009, above n 1, Recommendation 24, p 99. 29  BCBS Guidelines 2015, above n 4, Para 75, p 17. 27 28

1160

44  Board Risk Committee Composition

The IIF recommends the following key responsibilities for the CRO, here set out in full: • Guiding senior management in their risk management responsibilities; • Bringing a particularly risk-focused viewpoint to strategic planning and other activities of senior management; • Overseeing the risk management organization; • Assessing and communicating the institution’s current risk level and outlook; • Strengthening systems, policies, processes, and measurement tools as needed to provide robust underpinnings for risk management; • Ensuring that the firm’s risk levels and business processes are consistent with the firm’s risk appetite, internal risk policies, and regulatory requirements for risk management; and • Identifying developing risks, concentrations, and other situations that need to be studied through stress testing or other techniques.30

Further recommendations by the IIF for the CRO’s role involved: • reporting to senior management, the Board and the BRC on concentrations, imbalances, risks and their impact on the bank including in relation to off-­ balance-­sheet vehicles;31 • overseeing, controlling, validating and updating “internal risk-rating systems, segmentation systems, and models”;32 and • analysing new products and the extension of products into new markets.33 As noted in Sect. 44.1 above, the BCBS also contemplates that the CRO and other functions will report to the BRC on “the bank’s current risk profile, current state of the risk culture, utilisation against the established risk appetite, and limits, limit breaches and mitigation plans.”34 The BCBS also requires in Sect. 44.1 above that there will be communication and coordination by the CRO with the Audit Committee: There should be effective communication and coordination between the audit committee and the risk committee to facilitate the exchange of information and effective coverage of all risks, including emerging risks, and any needed adjustments to the risk governance framework of the bank.35

 IIF Final Report 2008, above n 16, Recommendation I.20, p 37 (emphasis omitted).  Ibid, Recommendation I.21, p 37. 32  Ibid. 33  Ibid, Recommendation I.22, p 37. 34  BCBS Guidelines 2015, above n 4, Para 74, p 17. 35  Ibid, Paras 75, p 17. 30 31

44.3  Role and Contribution of Non-Executive Directors on BRC

1161

44.3 Role and Contribution of Non-Executive Directors on BRC For the Walker Review 2009, “substantial financial experience” is contemplated of non-executive directors on the BRC to avoid “groupthink” tendencies: On this basis, and with appropriate briefing and training on particular key risk topics (an important responsibility of the CRO), a NED with substantial financial experience should be in a position to make an insightful contribution through well-prepared discussion with and challenge to the executive. While up-to-date industry and market industry knowledge is with the executive, board level experience of review, challenge and commonsense should be expected from the NEDs whose informed detachment alongside sound financial, commercial and industry experience should be an important counterweight to what can otherwise become executive or board “groupthink”.36

Thus, the following variable requires non-executive directors on the BRC to have such “substantial financial experience” as required by the Walker Review 2009: • [BRCNEDFinExper] (+) – Banks – Board Risk Committee – Non-Executive Directors – Substantial Financial Experience – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-­making, coverage/rating +7/87.50 rprox. Due to the independence ingredient of non-executive directors, this variable tracks the [BrdIndMon] (+)37 variable in section 7.3.2.1.2 of Stage 1 which has a coverage/rating +7/87.50 rprox. Like the [BrdIndMon] (+) variable, the [BRCNEDFinExper] (+) variable hypothesises an enhanced monitoring effect based on the independence ingredient of the NEDs. Thus, the independent ingredient of NEDs is hypothesized to improve the quality of monitoring of management and thus reduce agency costs.38 Similarly, an improvement in risk management and the quality of monitoring of management by NEDs with ‘substantial financial experience’ is hypothesized to increase the capacity of bank NEDs to challenge and test strategy formulated by the CEO, executives and management. Thus, the relational effect path of the [BRCNEDFinExper] (+) variable is hypothesized to be identical to the [BrdIndMon] (+) variable and in the same positive (+) direction giving rise to a coverage/rating for this variable of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). The relational effect paths for governance variables for NED induction, training, development programs, ‘dedicated support’ and financial industry awareness are set out in Sect. 23.4 of Chap. 23 above.

 Walker Review 2009, above n 1, Para 6.17, p 96.  Board Independent: Executive Director Proportion – Monitoring Effect. See discussion in section 7.3.2.1.2 of Stage 1, above n 21, pp 211–212. 38  See discussion in section 7.3.2 of Stage 1, above n 21, pp 206–207. 36 37

1162

44  Board Risk Committee Composition

44.4 BRC and Risk Appetite and Weightings for Incentives The BRC should advise the board on risk appetite and tolerance in future strategy and has responsibility for advising the remuneration committee on “risk weightings” affecting CEO and executive incentives.39 Indeed, the OECD 2010 Conclusions and Practices noted that the link between risk management and incentives for remuneration and promotion was missing as were strong internal controls over excessive risk-taking: An important feature of the crisis has been the realisation that in a number of companies there appeared to be a disconnect between strategy and risk management on the one hand, and incentives on the other. By incentives is meant not just remuneration but also other aspects such as promotion…In a number of cases, strong incentives were not matched by strong risk management and internal controls leading to excessive risk taking compared with the company’s stated risk appetite.40

A detailed discussion of the use of risk management practices and risk adjustments in the determination of remuneration and incentives was set out in Part 4 of this Stage 2 Key Code and Advanced Handbook above in Sect. 12.6. For these aspects of the Compensation/Remuneration Committee’s functions – and the related functions of the BRC – there are a number new governance variables in Sect. 12.6 above, each with identical behaviour, direction and, therefore, relational effect paths to the [EqOptRiskAlignHighEnd] (+) variable in Sect. 12.5 and, in turn, the [EqOptIncent] (+) variable in Sect. 12.4 above and section 10.2.4 of Stage 1 with a coverage/rating of +7/87.50 rprox: • confirm satisfaction with and explain performance objectives and risk adjustments for high end employees:41 –– [CCPerfObjectBenchHighEnd] (+) – Banks – Compensation/Remuneration Committee – Responsibility for Performance Objectives and Benchmarks for All Executives and High End Employees – Enhancement of Level of Risk-­ Taking in Alignment with Shareholders, coverage/rating of +7/87.50 rprox (relational effect path Sect. 12.6) (Walker Review 2009); –– [CCRiskAdjustHighEnd] (+)  – Banks  – Compensation/Remuneration Committee  – Responsibility for Risk Adjustments (Generally) for All Executives and High End Employees – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating of +7/87.50 rprox (relational effect path Sect. 12.6) (Walker Review 2009); and

 Walker Review 2009, above n 1, Para 6.18, pp 96–97.  OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis, Conclusions and emerging good practices to enhance implementation of the Principles, accessed 13 June 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/44679170. pdf, (‘OECD 2010 Conclusions and Practices’), Para 43, pp 15–16. 41  Walker Review 2009, above n 1, Recommendation 30, p 21. 39 40

44.5  The BRC, Economic Assessments, “Stress” Testing and Metrics

1163

• Compensation/Remuneration Committee to obtain advice from Board Risk Committee (BRC) on risk adjustments to performance objectives:42 –– [CCRiskAdjustBRC] (+)  – Banks  – Compensation/Remuneration Committee –– Compensation/Remuneration Committee to Obtain Advice from Board Risk Committee (BRC) advised by the Chief Risk Officer (CRO) on Risk Adjustments to Performance Objectives – Enhancement of Level of Risk-­Taking in Alignment with Shareholders, coverage/rating of +7/87.50 rprox (relational effect path Sect. 12.6) (Walker Review 2009).

44.5 The BRC, Economic Assessments, “Stress” Testing and Metrics Authoritative Financial Stability Assessments As noted above, the Walker Review 2009 emphasises the use of authoritative financial stability assessments: In preparing its advice to the board on overall risk appetite and tolerance, the board risk committee should take account of the current and prospective macroeconomic and financial environment, drawing on reviews and areas of concern that are raised in relevant financial stability assessments such as those published by the Bank of England, the FSA and other authoritative sources relevant for the risk policies of the entity.43

Section 43.3 above noted that, in Recommendation 2344 of the Walker Review 2009, the BRC is to have the responsibility of advising the board on “current and prospective macroeconomic and financial environment drawing on financial stability assessments” of relevant authoritative agencies: • [BRCFinStabAssess] (+)  – Banks  – Board Risk Committee  – Monitoring of Financial Stability Assessments of Authoritative Agencies  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox, (relational effect path in Sect. 43.3). Stress, Scenario and Fail Testing Variables for stress, scenario and fail testing appear in this section by way of overview. As noted in Sect. 42.5, on account of size considerations, a number of technical areas have been excluded from the scope of this Stage 2 Key Code and Advanced Handbook but were addressed by the IIF including risk management methodologies and procedures and stress-testing.45  Ibid, Recommendation 35, p 22.  Ibid, Para 6.18, p 97. 44  Ibid, Recommendation 23, pp 94–95 (bullet-points added). 45  IIF Final Report 2008, above n 16, Section B, Risk Management Methodologies and Procedures, Principles I.iv – I.vi and Recommendations I.26 – I.44, pp 39 – 44. See also Section C, Stress-­ 42 43

1164

44  Board Risk Committee Composition

As part of this, stress, scenario and fail testing is urged for informing the preventative measures required: Drawing in part on such assessments, the board risk committee should decide, in consultation as appropriate with the board, on rigorous stress and scenario testing. Within the context of stress testing, the board risk committee and board should understand the circumstances under which the entity would fail and be satisfied with the level of risk mitigation that is built in and the actions that would be taken in such circumstances.46

The OECD Kirkpatrick Report 2009 also identified the failure of some banks’ managements to undertake “forward-looking stress scenarios that assumed large price movements”47 and that this constituted a board failure to review strategy, risk policy and “for ensuring that appropriate systems for risk management are in place”.48 In overview, these passages give rise to four governance variables which track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 149 with a coverage/rating of +7/87.50 rprox. Thus, the effect of these governance variables is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, these variables can be seen as an enhancement in the quality of decision-making reflected in an enhancing effect on Decision-making Factor No. 7 and therefore the other spine governance factors: • [BRCFwdStressTest] (+) – Banks – Board Risk Committee – Forward Stress Testing – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; • [BRCFwdScenTest] (+) – Banks – Board Risk Committee – Forward Scenario Testing – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; • [BRCFwdFailTest] (+)  – Banks  – Board Risk Committee  – Forward Fail Testing – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; and • [BRCFwdLrgPriceMove] (+)  – Banks  – Board Risk Committee  – Forward Stress Testing with Large Price Movements – Enhancement in Risk Management and Internal Monitoring Effect, coverage/rating of +7/87.50 rprox.

Testing Issues, Principles I.vi – I.viii and Recommendations I.45 – I.58, pp 45 – 48. 46  Ibid. 47  OECD Kirkpatrick Report 2009, above n 13, 10 citing Senior Supervisors Group (2008), Observations on Risk Management Practices during the Recent Market Turbulence, 5. 48  Ibid. 49  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 21, pp 198–201.

44.6  External Advisers to the BRC

1165

Both qualitative and quantitative metrics should be employed in risk assessment: The risk assessment process, leading to advice on options ultimately for decision by the board, should not be merely qualitative but, as a matter of best practice, should involve some quantitative metrics to serve as a way of tracking risk management performance in implementation of the agreed strategy. The approach to some form of calibration of risk appetite might include one or a combination of preferred risk asset ratios; value at risk; target agency ratings for the entity; a system of risk or exposure limits including metrics for the range of tolerance for bad and doubtful debts through the cycle; concentrations in risk positions; leverage ratios; economic capital measures and acceptable stress losses and the results of stress and scenario analysis.50

Again in overview, the description of qualitative assessment and quantitative metrics gives rise to two governance variables which track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 151 with a coverage/rating of +7/87.50 rprox: • [BRCQualTesting] (+)  – Banks  – Board Risk Committee  – Qualitative Risk Assessment Testing – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; and • [BRCQuantMetrics] (+)  – Banks  – Board Risk Committee  – Quantitative Metrics for Risk Assessment Testing – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox. It was also necessary to monitor – in overlap with the Audit Committee – “particular large exposures or risk types whose relevance, possibly because of some external shock, may become of critical importance”:52 • [BRCLrgExpose&Shock] (+) – Banks – Board Risk Committee – Monitoring of Large Exposures Open to External Shocks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-­making, coverage/rating of +7/87.50 rprox. To perform its functions, the BRC required access to all material which was required, although it is contemplated that this is less than the Audit Committee.53

 Walker Review 2009, above n 1, Para 6.19, p 97.  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 21, pp 198–201. 52  Walker Review 2009, above n 1, Para 6.19, p 97. 53  Ibid, Para 6.25, p 100. 50 51

1166

44  Board Risk Committee Composition

44.6 External Advisers to the BRC External advisers to the BRC are looked upon very favourably – provided they are trusted to act confidentially, especially for “core” issues and stress and scenario testing: Risk matters are, of course, key to a BOFI’s strategy and a necessary condition is plainly that any such engagement with an external adviser should be on a dependably confidential basis. But where this condition is satisfied, recourse to a high-quality source of external advice might be found to serve the board risk committee as a sounding board and to assist the NEDs through articulation of the core issues as far as possible in succinct format questioning, supplementing or validating the input to the committee from the executive.54

Indeed, the Walker Review 2009 saw external advice as part of fulfilling the board’s duty of care in negligence: But a reasonable presumption would be that, where it is available, high-quality external advice would be likely to assist the board risk committee and board in reaching decisions on risk tolerance and strategy that, as far as possible and on the basis of rigorous stress-­ testing, minimise the risk of serious disruption in future. The taking of such external advice might be seen as the course of action most consistent with the board’s duty of care.55

Recommendation 25 thus requires external input and experience to the work of the BRC56 which gives rise to the following variable which tracks the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 157 with a coverage/rating of +7/87.50 rprox: • [BRCExtAdvice] (+) – Banks – Board Risk Committee – External Advisers to the Board Risk Committee  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox.

44.7 The BRC and Significant Mergers, Acquisitions and Disposals As noted in Sect. 44.1, the BRC is to undertake due diligence appraisal of acquisitions and disposals focusing on risk aspects.58 The Walker Review 2009 saw a critical role for the BRC in “strategic transactions” which should be analysed first  – before seeking investment banking

 Ibid, Para 6.26, p 100.  Ibid, Para 6.29, p 101. 56  Ibid, Recommendation 25, p 102. 57  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 21, pp 198–201. 58  See discussion in Sect. 44.1 above. See also Walker Review 2009, above n 1, Recommendation 26, p 20. 54 55

44.8  Separate BRC Report

1167

advice – for risk in determining their long-term benefit to the company and shareholders59 and again saw a role for external advice: In respect of a proposed strategic transaction involving acquisition or disposal, it should as a matter of good practice be for the board risk committee in advising the board to ensure that a due diligence appraisal of the proposition is undertaken, focussing in particular on risk aspects and implications for the risk appetite and tolerance of the entity, drawing on independent external advice where appropriate and available, before the board takes a decision whether to proceed.60

The ‘strategic transaction’ role for the BRC gives rise to three variables which track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 161 with a coverage/ rating of +7/87.50 rprox: • [BRCMergerRisk] (+)  – Banks  – Board Risk Committee  – Risk Analysis of Significant Mergers for Risk Aspects and Implications (including Risk Appetite and Tolerance)  – Enhancement in Risk Management and Internal Monitoring Effect, coverage/rating of +7/87.50 rprox; • [BRCAcquisitionRisk] (+) – Banks – Board Risk Committee – Risk Analysis of Significant Acquisitions for Risk Aspects and Implications (including Risk Appetite and Tolerance)  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox; and • [BRCDisposalRisk] (+) – Banks – Board Risk Committee – Risk Analysis of Significant Disposals for Risk Aspects and Implications (including Risk Appetite and Tolerance)  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox. External advisers to the BRC were discussed in the preceding Sect. 44.6 – the [BRCExtAdvice] (+) variable.

44.8 Separate BRC Report In Sect. 43.1, a BRC (or board) report is to be included as a separate report within the annual report and accounts including key risks, risk appetite and tolerance, the effectiveness of the risk management process and the scope and outcome of stress testing.62

 Walker Review 2009, above n 1, Para 6.30, p 102.  Ibid, Recommendation 26, p 103. 61  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 21, pp 198–201. 62  Walker Review 2009, above n 1, Recommendation 27, p 20. 59 60

1168

44  Board Risk Committee Composition

The Walker Review 2009 considered that further – and more focused – disclosure was required by banks and financial firms on risk: Recent experience suggests that the form and content of external financial disclosures have been given much higher priority than the internal processes and capabilities of boards, above all, the quality, coverage and timeliness of the internal information flow, informing discussion and decision-taking on the entity’s risk strategy.63

Thus, a separate BRC risk report is Recommendation 27: The board risk committee (or board) risk report should be included as a separate report within the annual report and accounts. The report should describe thematically the strategy of the entity in a risk management context, including information on the key risk exposures inherent in the strategy, the associated risk appetite and tolerance and how the actual risk appetite is assessed over time covering both banking and trading book exposures and the effectiveness of the risk management process over such exposures. The report should also provide at least high-level information on the scope and outcome of the stress-testing programme. An indication should be given of the membership of the committee, of the frequency of its meetings, whether external advice was taken and, if so, its source.64

Thus, the separate risk report for the BRC gives rise to two Stage 2 governance variables. First Disclosure Variable for Separate Risk Report The first variable is a (failure of) disclosure variable introduced in Sect. 38.23 above: • [FailTransRiskFactors&Rank] (−)  – Banks  – Board Oversight of Risk Management  – Failure to Disclose Risks in Transparent and Understandable Manner – Failure to Rank Risk Factors in Order of Importance – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating −8/100.00 rprox. (EC Green Paper 2010), (relational effect path in Sect. 38.23). Repeated here, the effect of a failure by management to disclose risks in a transparent and understandable manner and to rank risk factors in order of importance – is the opposite effect of the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1.65 In that section, the [TransTimeMon] (+) variable hypothesizes an improvement in the quality and reliability of information which flows to the board and, therefore, the market. This, in turn, enhances the quality of external or market monitoring of the board with a predicted improvement in internal monitoring. There, Compliance Factor No 2 and the reflexive relationship between Reporting Factor No 1 and Risk Management, Monitoring & Audit Factor no 5 are the ‘sources’ of the positive influence represented in Figure 9.1 of Stage 1 for the [TransTimeMon] (+) variable. In the case here of the [FailTransRiskFactors&Rank] (−) variable, there is an opposite effect  – there is a reduction in the quality and reliability of information which flows to the board from management. Thus, this also results in a reduction of  Ibid, Para 6.32, p 103.  Ibid, Recommendation 27, p 105. 65  See discussion in section 9.1.2.1 of Stage 1, above n 21, pp 262–266. 63 64

44.9  No Constraints on Persons Providing Information to APRA

1169

the quality and reliability of information which flows to the market. This in turn reduces the quality of external or market monitoring of the board with a predicted reduction in internal monitoring. Thus, the Stage 2 relational approach hypothesizes an effect opposite to the [TransTimeMon] (+) variable for the [FailTransRiskFactors&Rank] (−) variable. This gives rise to a coverage/rating for the [FailTransRiskFactors&Rank] (−) variable of −8/100.00 in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Second Disclosure Variable for Separate Risk Report The second variable is also a disclosure variable modelled on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1, this time in the same positive (+) direction. This gives rise to a coverage/rating for the [BRCRiskReportContents] (+) variable of +8/100.00  in the Bank Combined Coverage and Relational Proximity Table (Table 10.2) above: • [BRCRiskReportContents] (+) – Banks – Board Risk Committee – Separate BRC Risk Report within Annual Report and Accounts – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating of +8/100.00 rprox. The BRC separate report ‘contents’ from Recommendation 27 include:66 –– a thematic description of “the strategy of the entity in a risk management context”, including: • “information on the key risk exposures inherent in the strategy”; • “the associated risk appetite and tolerance”; • “how the actual risk appetite is assessed over time covering both banking and trading book exposures and the effectiveness of the risk management process over such exposures”; • “at least high-level information on the scope and outcome of the stress-testing programme”; and –– “an indication…of the membership of the committee, of the frequency of its meetings, whether external advice was taken and, if so, its source”.67

66 67

 Walker Review 2009, above n 1, Recommendation 27, p 105.  Ibid, Recommendation 27, p 105 (format altered and bullet-points added).

1170

44  Board Risk Committee Composition

44.9 No Constraints on Persons Providing Information to APRA People are not permitted to be constrained from providing information to APRA as set out in sections 110 – 111 of APRA’s Prudential Standard CPS 510 Governance.68 These CPS 510 variables are also disclosure variables modelled on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1, coverage/rating +8/100.00 rprox, this time in the same positive (+) direction. This gives rise to a coverage/rating for the following disclosure variables of +8/100.00  in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • [510BRCNoConstraintsInfoAPRA] (+)  – CPS 510BRC  – Board Risk Committee  – Prohibition on Constraining Any Person from Disclosing Information to APRA  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating +8/100.00 rprox (APRA CPS 510);69 and • [510BRCNoConstraintsPolicies&Contracts] (+) – CPS 510BRC – Board Risk Committee – Prohibition on Internal Policies or Contractual Arrangements from Constraining Auditor or Other Parties from Communicating with APRA  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating +8/100.00 rprox (APRA CPS 510).70

68  Australian Prudential Regulation Authority, Prudential Standard CPS 510 Governance, July 2019, accessed 22 September 2019, available at: https://www.legislation.gov.au/Details/ F2019L00662/Download (‘CPS 510’), sections 110–111, p  23. In addition to finalisation of APRA’s Draft Prudential Standard 511 Remuneration, APRA has announced that it intends to consult on revised versions of Prudential Standard CPS 510 Governance, Prudential Standard CPS 220 Risk Management and Prudential Standard 520 Fit and Proper in the second half of 2020 with expected effective dates of 2022. See Australian Prudential Regulation Authority, Information Paper, APRA’s Policy Priorities, section 2.1.1 Governance and risk management, section 2.1.3 Accountability and Attachment B: Timelines. 69  CPS 510, ibid, section 110, p 23. 70  Ibid, section 111, p 23.

Chapter 45

The Risk Management Function

Abstract  Chapter 45 of the Stage 2 Key Code and Advanced Handbook examines the risk management function beginning with APRA’s requirements for the second line of defence risk management function. There follows other functions and responsibilities of the second line of defence including second line of defence variables, risk identification variables and monitoring variables. We then examine the Westpac second line of defence monitoring variables, second line of defence skills, capabilities and stature and the Westpac Reassessment on second line frameworks, controls and standards. We continue with APRA’s failings in operational and compliance risk policies, frameworks and management, the Westpac common risk and control language, Westpac’s process to regularly review, assess and test controls and Westpac’s identification of new, emerging and heightened risks. We conclude this section of the Chapter with risk reporting of the second line risk management function. Section 45.2 examines the Enterprise Risk Management (ERM) framework and shortcomings in ERM practice. Section 45.3 reviews resources for risk management. Section 45.4 then moves to examine risk identification, monitoring and control with an introduction to internal controls. Section 45.5 is an introduction to communication of risk including principles for identification, escalation/communication and disclosure of risk: • • • • •

at customer level; at the first-line of defence business unit level; at the second line of defence risk management function level; at whistleblower level; and at the board level reporting to shareholders and the external market/stakeholders.

Section 45.6 examines escalation of risk information upwards through ‘red flags’ including reporting lines of the CRO. There follows discussion of the failure of ‘red flags’ as a failure in board’s oversight of risk management, failure by senior management to escalate ‘red flags’ or information upwards to the board and failure by the second-line risk management function to escalate ‘red flags’ or information upwards to the board including © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_45

1171

1172

45  The Risk Management Function

communication in corporate hierarchies with unitary boards. The latter includes two steps – the second-line ‘red flag’ functions and second-line principles for communication of risk. Section 45.10 reviews the APRA and Westpac Review Team 2018 identification of failures to escalate ‘red flags’ from staff including APRA issue identification, escalation and resolution and Westpac issues and incidents identified by Westpac employees. Section 45.11 examines APRA and the Westpac Review Team 2018 identification of failures to escalate ‘red flags’ from customers including: • • • • •

Westpac customer complaints; Westpac identification of systemic customer complaints; Westpac customer complaint reporting; Westpac escalation of customer complaints; and Westpac identification of vulnerable customers.

In Sect. 45.12 we review APRA and the Westpac Review Team 2018 identification of failures to escalate ‘red flags’ from regulators and whistleblowers. Section 45.13 reviews the APRA identification of failures in financial objectives and prioritisation. There follows in Sect. 45.14 a discussion of compliance as part of the second line of defence including the effectiveness of the compliance function. Chapter 45 concludes in 45.15 with APRA’s identification of failings in accountability and responsibility including: • the approach to governance variables for failings in accountability and responsibility; • the governance variables themselves for failings in accountability and responsibility; and • APRA’s recommendations for accountability. Keywords  Risk management function · Second line of defence · Second line functions and responsibilities · Enterprise Risk Management (ERM) framework · Risk identification · Monitoring and control · Communication of risk · Escalation of risk information or red flags · Failures in financial objectives and prioritisation · Compliance · Accountability and responsibility

The first line of defence – the Business Units or Line 1 – was examined in Sect. 42.1 above. APRA’s Requirements for the Second Line of Defence Risk Management Function APRA’s requirements for the risk management function are set out in sections 37–42 of Prudential Standard CPS 220 Risk Management.1  Australian Prudential Regulation Authority, Prudential Standard CPS 220 Risk Management, July 2019, accessed 22 September 2019, available at https://www.apra.gov.au/sites/default/files/ 1

45  The Risk Management Function

1173

The following variables are hypothesized to be ‘strong’ versions of the [BrdSkills] (+)2 variable, coverage/rating + 7/87.50 rprox. The behaviours of these ‘second line of defence’ variables are hypothesized to be identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same positive (+) direction to reflect an enhancement in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5). Alternatively, there is an enhancement in the quality of decision-making (Decision-making Factor No 7) and/ or an enhancement in the Reporting Factor No 1 (Transparency, Timing and Integrity of Financial and other Reports). These variables track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox: • [220SecLineRiskManFnMinRequire] (+) – Banks – 220SecLine – 2nd Line Risk Management Function – Minimum Requirements for the Risk Management Function – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating  +  7/87.50 rprox (APRA CPS 220), including3: –– assisting Board, committees and senior management to maintain the risk management function; –– appropriate for size, business mix and complexity of the bank; –– operationally independent; –– necessary authority and reporting lines to the Board, committees and senior management; –– staff with clearly defined roles and responsibilities, experience and qualifications; –– access to all aspects of bank which may generate material risk; and –– required to notify the Board of material breach/deviation from the RMF. • [220SecLineDesignateCRO] (+)  – Banks  – 220SecLine  – 2nd Line Risk Management Function – Bank to Designate CRO with Authority to Challenge cps_220_risk_management_effective_from_1_july_2019.pdf (‘CPS 220’), sections 37–42, pp  10–11. In addition to finalisation of APRA’s Draft Prudential Standard 511 Remuneration, APRA has announced that it intends to consult on revised versions of Prudential Standard CPS 510 Governance, Prudential Standard CPS 220 Risk Management and Prudential Standard 520 Fit and Proper in the second half of 2020 with expected effective dates of 2022. See Australian Prudential Regulation Authority, Information Paper, APRA’s Policy Priorities, section 2.1.1 Governance and risk management, section 2.1.3 Accountability and Attachment B: Timelines. 2  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See Board – Director Skills ‘Mix’ – see discussion in section 7.3.1.2.1 of Stage 1, pp 198–201. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 3  CPS 220, above n 1, section 37(a)–(g), p 10

1174

45  The Risk Management Function

Activities and Decisions Affecting Risk Profile4  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (APRA CPS 220); • [220SecLineCROIndependence] (+) – Banks – 220SecLine – 2nd Line Risk Management Function  – CRO to be Independent from Business Lines/Units, Revenue-Generation and Finance Function and Cannot be the CEO, CFO, Appointed Actuary or Head of Internal Audit,5  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox (APRA CPS 220); and • [220SecLineCROReportLines&Access] (+) – Banks – 220SecLine – 2nd Line Risk Management Function – CRO to Have Direct Reporting Line to CEO and Regular and Unfettered Access to Board and BRC6  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox (APRA CPS 220); In the case of the compliance function: • [220SecLineDesignateComplyFn] (+) – Banks – 220SecLine – 2nd Line Risk Management Function – Bank Must Have Designated Compliance Function to Manage Compliance Risk7  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (APRA CPS 220) including8: –– –– –– ––

adequately staffed; trained and qualified; sufficient authority; and reporting line independent of business lines.

45.1 Other Functions and Responsibilities of the Second Line of Defence The BCBS’ second line of defence is directed by the CRO and includes: • identifying material individual, aggregate and emerging risks; • assessing these risks and measuring the bank’s exposure to them; • subject to the review and approval of the board, developing and implementing the enterprise-wide risk governance framework, which includes the bank’s risk culture, risk appetite and risk limits;

 Ibid, section 38, p 10.  Ibid, section 39, p 10. 6  Ibid, section 40, p 10. 7  Ibid, section 43, p 11. 8  Ibid. 4 5

45.1  Other Functions and Responsibilities of the Second Line of Defence

1175

• ongoing monitoring of the risk-taking activities and risk exposures in line with the board-approved risk appetite, risk limits and corresponding capital or liquidity needs (ie capital planning); • establishing an early warning or trigger system for breaches of the bank’s risk appetite or limits; • influencing and, when necessary, challenging decisions that give rise to material risk; and • reporting to senior management and the board or risk committee on all these items, including but not limited to proposing appropriate risk-mitigating actions.9

Risk management must be separate from the business units and not involve any revenue generation activity.10 The IIF similarly recommends that: • risk management and governance structures be employed in managing day-to-­ day business; • “control and audit functions are independent of organizations whose activities they review”; and • finance and treasury functions be coordinated with the risk management function ‘to ensure important checks and balances”.11 Second Line of Defence Variables The Stage 2 relational approach Key Code and Advanced Handbook here introduces new governance variables to represent the risk management responsibilities of the second line of defence as required by the BCBS, IIF and APRA. These appear under the following two areas: • risk identification variables; and • monitoring variables. Second Line of Defence Risk Identification Variables Again, in Sect. 38.6 above, the relational approach introduced a governance variable modelled on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 – but negative (−) in effect giving rise to a coverage/rating of − 8/100.00 rprox – representing failure or deficiency in the flow of information to escalate problems or ‘red flags’ upward through the bank to senior management and/or the board. This [FailRedFlag] (−)12 variable represents a failing in the Board’s responsibilities or

  The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’), Para 105, p 25. 10  Ibid, Para 106, p 25. 11  Institute of International Finance, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, Financial Services Industry Response to the Market Turmoil of 2007–2008, Washington, DC, July 2008, accessed 24 March 2017 at http://www.apec.org.au/docs/11_CON_GFC/IIF_Final_Report_of_the_Committee_on_Market_ Best_Practices.pdf (‘IIF Final Report 2008’), Recommendations I.6 – I.8, p 34. 12  Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal 9

1176

45  The Risk Management Function

functions in the oversight of the risk management function by failing to escalate problems or red flags. This ‘red flag’ variable is a (failure of) disclosure variable identical to the [TransTimeMon] (+)13 variable except in the negative (−) direction giving rise to a coverage/rating of − 8/100.00 rprox to reflect a reduction in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the deficiency in information flow. Alternatively, there is a reduction in the quality of decision-making – Decision-making Factor No 7 and/or a failure of clear lines of accountability/responsibility affecting negatively Responsibility Factor No 8. The Stage 2 relational approach turns in this section to consider identification of risk variables each with a coverage/rating of +8/100.00 in the same configuration and direction as the [TransTimeMon] (+) variable: • [SecLineIDRisksIndiv] (+) – Banks – 2nd Line Risk Management Function – Identification of Material Risks (Individual)  – Enhancement in Information Flow  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating  +  8/100.00 rprox (BCBS); • [SecLineIDRisksAgg] (+)  – Banks  – 2nd Line Risk Management Function  – Identification of Material Risks (Aggregate)  – Enhancement in Information Flow  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (BCBS); and • [SecLineIDRisksEmerge] (+) – Banks – 2nd Line Risk Management Function – Identification of Material Risks (Emerging)  – Enhancement in Information Flow  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating  +  8/100.00 rprox (BCBS). Again, following the [TransTimeMon] (+) variable but in the negative (−) direction, APRA identifies a number of failings in relation to “operational and compliance risk metrics in the Group Risk Appetite Statement (RAS)”,14 giving rise to a coverage/rating of −8/100.00 rprox: • [SecLineOpComplyMetrics] (−)  – Banks  – 2nd Line Risk Management Function  – Absence of Metrics for Operational and Compliance Risks  – Reduction in Information Flow – Reduction in Risk Management and Internal

Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox. See discussion in Sect. 38.6 above. 13  See discussion in section 9.1.2.1 of Stage 1, above n 2, pp 198–199. 14  Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (‘APRA Final Report’), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-Report_30042018.pdf, section 4.2.2, Operational and compliance risk management, p 31.

45.1  Other Functions and Responsibilities of the Second Line of Defence

•

•

•

•

•

1177

Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (APRA)15; [SecLineRiskProfileMetrics] (−)  – Banks  – 2nd Line Risk Management Function – Absence of Metrics for Operational and Compliance Risk Profile – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (APRA)16; [SecLineBackLookMetrics] (−)  – Banks  – 2nd Line Risk Management Function  – Backward-looking Metrics for Operational and Compliance Risk Profile – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (APRA)17; [SecLineDetailedMetrics] (−) – Banks – 2nd Line Risk Management Function – Absence of Detailed Metrics for Operational and Compliance Risk Profile  – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (APRA)18; [SecLineAggResidRiskMetrics] (−)  – Banks  – 2nd Line Risk Management Function  – Use of Aggregate Metrics for Residual Risks rather than ‘More Granular Metrics’ – Erroneous Communication as being within Risk Appetite – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (APRA)19; and [SecLineAggControlEffectMetrics] (−) – Banks – 2nd Line Risk Management Function – Use of Aggregate Metrics for Control Effectiveness rather than ‘More Granular Metrics’ – Erroneous Communication as being within Risk Appetite – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (APRA).20

Second Line of Defence Monitoring Variables The following variables are hypothesized to be ‘strong’ versions of the [BrdSkills] (+)21 variable, coverage/rating + 7/87.50 rprox. The behaviours of these ‘second line of defence’ variables are hypothesized to be identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same direction to reflect an enhancement in the quality of risk management and internal monitoring (Risk Management,  Ibid.  Ibid. 17  Ibid. 18  Ibid. 19  Ibid. 20  Ibid. 21  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp 198–201. 15 16

1178

45  The Risk Management Function

Monitoring & Audit Factor No 5). Alternatively, there is an enhancement in the quality of decision-making (Decision-making Factor No 7) and/or an enhancement in the Reporting Factor No 1 (Transparecy, Timing and Integrity of Financial and other Reports). These variables track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox: • [SecLineAssess&Meas] (+) – Banks – 2nd Line Risk Management Function – Assessment and Measurement of Risks and Bank Exposures – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (BCBS); • [SecLineRiskFrameDayToDay] (+)  – Banks  – 2nd Line Risk Management Function – Risk Governance Framework including Risk Culture, Appetite and Limits in Managing Day-to-Day Activities – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (BCBS), (IIF); • [SecLineRiskMonApp] (+) – Banks – 2nd Line Risk Management Function – Risk Monitoring of Risk Activities including Risk Appetite – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (BCBS); • [SecLineRiskMonLimits] (+) – Banks – 2nd Line Risk Management Function – Risk Monitoring of Risk Activities including Risk Limits – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (BCBS); • [SecLineRiskMonCap/Liq] (+)  – Banks  – 2nd Line Risk Management Function  – Risk Monitoring of Risk Activities including Capital/Liquidity Needs  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (BCBS); • [SecLineEarlyWarnSys] (+) – Banks – 2nd Line Risk Management Function – Early Warning System for Breach of Risk Appetite or Limits – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (BCBS); • [SecLineChallengeRisks] (+) – Banks – 2nd Line Risk Management Function – Challenging Decisions with Material Risks – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (BCBS); • [SecLineInd] (+)  – Banks  – 2nd Line Risk Management Function –Independence from Organisations/Activities/Business Units to be Reviewed  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (IIF and APRA22); • [SecLineSetRoles&Resp] (+)  – Banks  – 2nd Line Risk Management Function –- Specify Roles and Responsibilities of Line 1 and Line 22

 APRA Final Report, above n 14, p 29.

45.1  Other Functions and Responsibilities of the Second Line of Defence

1179

2  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (APRA)23 including the sub-variables: –– [SecLineReviewRoles&Resp] (+)  – Banks  – 2nd Line Risk Management Function  – Review of Roles and Responsibilities of Line 1 and Line 2 to Executive Committee and BRC  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (APRA)24; and –– [SecLineDeviations] (+)  – Banks  – 2nd Line Risk Management Function  – Approval and Documentation of Deviations from Roles and Responsibilities – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (APRA)25; • [SecLineBestPracTemplate] (+)  – Banks  – 2nd Line Risk Management Function –- Best Practice Template of Operational Risk and Compliance Risk Activities by Line of Accountability – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (APRA)26; and • [SecLineCoordFinTreas] (+)  – Banks  – 2nd Line Risk Management Function –- Coordination with Finance and Treasury Functions – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-­making, coverage/rating of +7/87.50 rprox (IIF). As noted above, these monitoring variables track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 127 in the same positive (+) direction with a coverage/rating of +7/87.50 rprox. Again, based on the [BrdSkills] (+)28 variable, but in the negative (−) direction giving rise to a coverage/rating of  −  7/87.50 rprox, APRA identifies important shortcomings in the operation of the Second Line with a coverage/rating of −7/87.50 rprox: • [SecLineSign-OffRiskProfile] (−)  – Banks  – 2nd Line Risk Management Function –- Failure of Second Line to Sign-Off for Initiatives that Materially Change Risk Profile – Reduction in Risk Management and Internal Monitoring

 Ibid, p 30.  Ibid. 25  Ibid. 26  Ibid. 27  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp 198–201. 28  Ibid. 23 24

1180

45  The Risk Management Function

Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (APRA)29; • [SecLineEarlyEngage&Input] (−)  – Banks  – 2nd Line Risk Management Function –- Failure of Early and Open Engagement of Line 2 Experts by Line 1 in Decision-making – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (APRA)30; • [SecLineCultLowPriority] (−)  – Banks  – 2nd Line Risk Management Function  – Bank Culture  – Perception of Second Line as Low Priority or Administrative  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (APRA)31; and • [SecLineStaffTraining] (−)  – Banks  – 2nd Line Risk Management Function –- Failure of Staff Training in Roles and Responsibilities – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­making, coverage/rating of −7/87.50 rprox (APRA).32 Westpac Second Line of Defence Monitoring Variables • [WBCSecLineSmallDivTeams] (−)  – Banks  – Westpac 2nd Line Risk Management Function  – Small Teams for Divisional CROs  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (Westpac)33 including: –– information and other resources; and –– CRO-prioritised access to specialists. Westpac Second Line of Defence Skills, Capabilities and Stature • [WBCSecLineSkills&Capability] (−)  – Banks  – Westpac 2nd Line Risk Management Function  – Enhancement Required in Skills and Capabilities of 2nd Line Staff  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (Westpac)34 including: –– increase in understanding of the business; • [WBCSecLinePerceiveStature] (−)  – Banks  – Westpac 2nd Line Risk Management Function – Perception of Lower Skills and Capabilities of 2nd Line

 APRA Final Report, above n 14, p 29.  Ibid. 31  Ibid. 32  Ibid, p 30. 33  Westpac Banking Corporation, Review Team, Governance, Accountability and Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-Assessment_Report_.pdf (‘Westpac Review Team 2018’), section 6.1.11 and Recommendation G11, p 43. 34  Ibid, section 6.2.8, p 44. 29 30

45.1  Other Functions and Responsibilities of the Second Line of Defence

1181

Staff affecting Stature, Standing and Authority to Challenge Line 1 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (Westpac)35; and • [WBCSecLineSnrPresenceFail] (−)  – Banks  – Westpac 2nd Line Risk Management Function  – Incomplete Representation of Senior 2nd Line at Divisional and Functional Executive Team Levels  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decisionmaking, coverage/rating of −7/87.50 rprox (Westpac).36 Westpac Reassessment Second Line Frameworks, Controls and Standards Again, based on the [BrdSkills] (+)37 variable, but in the negative (−) direction giving rise to a coverage/rating of − 7/87.50 rprox, the Westpac Reassessment38 identifies important shortcomings in the operation of the Second Line with a coverage/ rating of −7/87.50 rprox. The shortcomings are in “setting frameworks, controls (including policies and limits) and standards for use across the Group” which is “to be supported by increased capability and capacity in the Second Line Risk function”39: • [2020WBCSecLineBlurredRoles&Resps] (−) – 2020WBCSecLine – Banks – Westpac 2nd Line Risk Management Function  – Blurred Roles and Responsibilities between Line 1 and Line 2 – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (2020Westpac)40; • [2020WBCSecLineCapability&ResourceGaps] (−)  – 2020WBCSecLine  – Banks – Westpac 2nd Line Risk Management Function – Capability and Resource Gaps in Line 2  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (2020Westpac)41 including: –– “limited capacity at senior levels within Risk which is creating a bottleneck for risk uplift and change”42;

 Ibid, section 6.2.9, p 44.  Ibid, section 6.2.10, pp 44–45. 37  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp 198–201. 38  Westpac Banking Corporation, Reassessment of the Culture, Governance and Accountability Remediation Plan, June 2020, accessed 20 November 2020, available at https://www.westpac. com.au/content/dam/public/wbc/documents/pdf/aw/media/WBC_CGA_Reassessment.pdf (‘Westpac Reassessment’). 39  Ibid, Chapter 4, Shortcomings in culture, governance and accountability frameworks and practices, Table 1, 3. Risk boundaries, frameworks and capabilities, p 16. 40  Ibid. 41  Ibid. 42  Ibid. 35 36

1182

45  The Risk Management Function

• [2020WBCSecLineFailIdentifyRootCauses] (−)  – 2020WBCSecLine  – Banks  – Westpac 2nd Line Risk Management Function  – Failings to Identify Root Causes of Issues – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (2020Westpac)43 including: –– “issues have not been closed promptly and effectively”44; • [2020WBCSecLineFailUnderstandRisk&Obs] (−)  – 2020WBCSecLine  – Banks – Westpac 2nd Line Risk Management Function – Failings to Understand Some Risk Areas and Associated Obligations – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −7/87.50 rprox (2020Westpac)45 including: –– “implications of not meeting those obligations”46; • [2020WBCSecLineFailClarity&GranularityNFRAppetite] (−)  – 2020WBCSecLine – Banks – Westpac 2nd Line Risk Management Function – Failings in Clarity and Granularity of Non-financial Risk Appetite – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­making, coverage/rating of −7/87.50 rprox (2020Westpac)47 including: –– “certain risks were continuously out of appetite”48; • [2020WBCSecLineMultipleSystems&DataDefns] (−) – 2020WBCSecLine – Banks – Westpac 2nd Line Risk Management Function – “Multiple Systems and Data Definitions” Reduce Ability to Manage Issues  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­ making, coverage/rating of −7/87.50 rprox (2020Westpac)49 including: –– “reflects and amplifies organisational complexity ”50; • [2020WBCSecLineRegulatorIssues] (−)  – 2020WBCSecLine  – Banks  – Westpac 2nd Line Risk Management Function  – Insufficient Remediation of Regulator Issues in Timely and Effective Manner  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decisionmaking, coverage/rating of −7/87.50 rprox (2020Westpac)51; and

 Ibid.  Ibid. 45  Ibid. 46  Ibid. 47  Ibid. 48  Ibid. 49  Ibid. 50  Ibid. 51  Ibid. 43 44

45.1  Other Functions and Responsibilities of the Second Line of Defence

1183

• [2020WBCSecLineGuideAccountAllEmployees] (−)  – 2020WBCSecLine  – Banks – Westpac 2nd Line Risk Management Function – More Guidance Needed for Accountability in Practice for Employees at All Levels – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-­ making, coverage/rating of −7/87.50 rprox (2020Westpac).52 APRA Failings in Operational and Compliance Risk Policies, Frameworks and Management53 Again, following the [TransTimeMon] (+)54 variable but in the negative (−) direction, APRA identifies a number of failings giving rise to a coverage/rating of −8/100.00 rprox: • “operational and compliance risk policies and frameworks”55: –– [SecLineFailComplexPolicies] (−) – Banks – 2nd Line Risk Management Function – Complex Documentation of Policies – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −8/100.00 rprox (APRA)56; • “managing operational and compliance risks”57: –– [SecLineFailRuleBasedPolicies] (−) – Banks – 2nd Line Risk Management Function  – Rules-based Policies with Heavy Procedural Bias  – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-­making, coverage/rating of −8/100.00 rprox (APRA)58; –– [SecLineFailRuleAssessComply] (−) – Banks – 2nd Line Risk Management Function  – Over-Focus on Assessing Compliance with Policies and Procedures  – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating of −8/100.00 rprox (APRA)59;  Ibid.  APRA Final Report, above n 14, section 4.2.2, Operational and Compliance Risk Management, pp 31–32. 54  See discussion in section 9.1.2.1 of Stage 1, above n 2, pp 198–199. 55  APRA Final Report, above n 14, section 4.2.2, Operational and compliance risk management, p 31. 56  Ibid. 57  Ibid, p 32. 58  Ibid. 59  Ibid. 52 53

1184

45  The Risk Management Function

–– [SecLineFailRuleProactive] (−)  – Banks  – 2nd Line Risk Management Function  – Failure to Proactively Identify, Measure and Manage Potential Risks and Vulnerabilities  – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – ­ Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −8/100.00 rprox (APRA)60; • “resourcing and capability of the operational risk and compliance functions”61: –– [SecLineFailRiskProfess] (−)  – Banks  – 2nd Line Risk Management Function  – Failure of Adequate Number of Risk Professionals with Skill Sets  – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating of −8/100.00 rprox (APRA)62; –– [SecLineFailAggregate] (−)  – Banks  – 2nd Line Risk Management Function  – Failure to Aggregate Risks from Specific Disaggregated Reporting  – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow  – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making, coverage/rating of −8/100.00 rprox (APRA)63; • “Line 2’s assurance responsibilities”64: –– [SecLineFailLine1Activity] (−)  – Banks  – 2nd Line Risk Management Function – Line 2 Performing Line 1 Activities – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating of −8/100.00 rprox (APRA)65; –– [SecLineFailCloseAudIssue] (−)  – Banks  – 2nd Line Risk Management Function  – Lack of Urgency and Comprehensiveness in Closing Audit Issues  – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow  – Reduction in Risk Management and Internal Monitoring Effect  –

 Ibid, pp 32–33.  Ibid, p 33. 62  Ibid. 63  Ibid. 64  Ibid. 65  Ibid. 60 61

45.1  Other Functions and Responsibilities of the Second Line of Defence

1185

Reduction in Quality of Decision-making, coverage/rating of −8/100.00 rprox (APRA)66; –– [SecLineFailKeyControls] (−)  – Banks  – 2nd Line Risk Management Function  – Key Controls for Inherently ‘Very High’ or ‘High’ Risks being Rated as Marginal or Unsatisfactory – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating of −8/100.00 rprox (APRA)67; –– following the [TransTimeMon] (+)68 variable and in the same positive (+) direction, APRA identifies a number of improvements giving rise to a coverage/rating of +8/100.00 rprox: • [SecLineOpRiskMonReg] (+)  – Banks  – 2nd Line Risk Management Function – Operational Risk Monitoring Register – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +8/100.00 rprox (APRA)69; • [SecLineDeepDiveReview] (+)  – Banks  – 2nd Line Risk Management Function  – Operational and Compliance Risk ‘Deep Dive’ Reviews  – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Enhancement in Information Flow  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +8/100.00 rprox (APRA)70; and • [SecLineStandMonReqs] (+)  – Banks  – 2nd Line Risk Management Function  – Standard and Methodology for Completing Minimum Compliance Monitoring Requirements  – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +8/100.00 rprox (APRA)71; • bank control environment72:

 Ibid.  Ibid. 68  See discussion in section 9.1.2.1 of Stage 1, above n 2, pp 198–199. 69  APRA Final Report, above n 14, section 4.2.2, Operational and compliance risk management, p 34 70  Ibid. 71  Ibid. 72  Ibid, section 4.2.3, CBA’s control environment, p 34. 66 67

1186

45  The Risk Management Function

–– following the [TransTimeMon] (+)73 variable and in the same positive (+) direction, APRA identifies a number of recommendations giving rise to a coverage/rating of +8/100.00 rprox: • [SecLineGrpRASLimitTrig] (+) – Banks – 2nd Line Risk Management Function – Group Risk Appetite Statement (RAS) to Include “Limits and Triggers for ‘More Granular’ Operational and Compliance Risk Metrics by Theme” – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +8/100.00 rprox (APRA)74; • [SecLineMinStandGrpPols] (+) – Banks – 2nd Line Risk Management Function – Minimum Standards in Group Policies – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +8/100.00 rprox (APRA)75; • [SecLineIDEmergeRisk] (+)  – Banks  – 2nd Line Risk Management Function  – “Focus on ‘Big Picture’ and Identify Emerging Risks”  – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Enhancement in Information Flow  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +8/100.00 rprox (APRA)76; • [SecLineAssureResps] (+)  – Banks  – 2nd Line Risk Management Function – Line 2 to Fulfil Assurance Responsibilities – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making – Enhancement in Quality of Accountability/ Responsibility, coverage/rating of +8/100.00 rprox (APRA)77; • [SecLineContDesignTest] (+)  – Banks  – 2nd Line Risk Management Function – “Control Environment is Robust, Reflecting Effective Control Design and Testing”  – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Enhancement in Information Flow – Enhancement in Risk Management

 See discussion in section 9.1.2.1 of Stage 1, above n 2, pp 198–199.  APRA Final Report, above n 14, section 4.2.3, CBA’s control environment, Recommendation 12, p 35. 75  Ibid. 76  Ibid. 77  Ibid. 73 74

45.1  Other Functions and Responsibilities of the Second Line of Defence

1187

and Internal Monitoring Effect  – Enhancement in Quality of Decision-­ making, coverage/rating of +8/100.00 rprox (APRA)78; and • [SecLineRootCauses] (+)  – Banks  – 2nd Line Risk Management Function  – ‘Root Causes’ Addressed in Timely and Effective Manner  – ­Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Enhancement in Information Flow  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +8/100.00 rprox (APRA)79; –– based on the [BrdSkills] (+)80 variable, and in the same positive (+) direction, APRA identifies a number of recommendations giving rise to a coverage/rating of +7/87.50 rprox: • [SecLineExpertRiskStaff] (+)  – Banks  – 2nd Line Risk Management Function – “Capabilities and Subject Matter Expertise of Operational and Risk Compliance Staff”  – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating  +  7/87.50 rprox (APRA)81; and • [SecLineTrainRecruit] (+)  – Banks  – 2nd Line Risk Management Function –- Risk Staff Training and Recruitment – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (APRA)82; • bank compliance function83: –– based on the [TransTimeMon] (+)84 variable in section 9.1.2.1 of Stage 1, and in the same positive (+) direction, APRA identifies a number of recommendations giving rise to a coverage/rating of +8/100.00 rprox: • [SecLineComplyRecogStat&Auth] (+)  – Banks  – 2nd Line Risk Management Function – Recognition, Stature and Authority of Compliance

 Ibid.  Ibid. 80  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp 198–201. 81  APRA Final Report, above n 14, section 4.2.3, CBA’s control environment, Recommendation 13, p 35. 82  Ibid. 83  Ibid, section 4.2.4, CBA’s compliance function, p 35. 84  Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 2, pp 262–263. 78 79

1188

45  The Risk Management Function

•

•

•

•

•

Function – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Enhancement in Information Flow  – Enhancement in Risk Management and Internal ­Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (APRA)85; [SecLineComplyShouldWe?] (+) – Banks – 2nd Line Risk Management Function  – Whether Bank Should Engage in an Activity or Product  – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Enhancement in Information Flow  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (APRA)86; [SecLineBUSepOpComp] (+)  – Banks  – 2nd Line Risk Management Function – Business Unit Separation of Operational Risk and Compliance Function – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Enhancement in Information Flow  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making coverage/rating + 8/100.00 rprox, (APRA)87; [SecLineHeadComplyEC] (+)  – Banks  – 2nd Line Risk Management Function – Head of Compliance to be Member of Executive Committee – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Enhancement in Information Flow  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (APRA)88; [SecLineHeadComplyNFRC] (+) – Banks – 2nd Line Risk Management Function  – Head of Compliance to be Member of Non-Financial Risk Committee  – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (APRA)89; [SecLineHeadAppointRemoveBRC] (+)  – Banks  – 2nd Line Risk Management Function  – Head of Compliance to be Appointed and Removed by BRC  – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Enhancement in Information Flow – Enhancement in Risk Management

 APRA Final Report, above n 14, section 4.2.4, CBA’s compliance function, p 35.  Ibid. 87  Ibid. 88  Ibid, Recommendation 14, p 36. 89  Ibid. 85 86

45.1  Other Functions and Responsibilities of the Second Line of Defence

1189

and Internal Monitoring Effect  – Enhancement in Quality of Decisionmaking, coverage/rating + 8/100.00 rprox (APRA)90; and • [SecLineHeadBrdAccess] (+)  – Banks  – 2nd Line Risk Management Function – Head of Compliance to have Direct Access to Board – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (APRA)91; • conduct risk92: –– based on the [TransTimeMon] (+)93 variable in section 9.1.2.1 of Stage 1, and in the same positive (+) direction, APRA identifies a number of recommendations giving rise to a coverage/rating of +8/100.00 rprox: • [SecLineCondRiskProducts] (+) – Banks – 2nd Line Risk Management Function – Policy for “Frontline and Risk Management Staff to Consider and Manage Conduct Risk arising from New and Changed Products”  – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Enhancement in Information Flow  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (APRA)94; • [SecLineCondRiskDefine] (+)  – Banks  – 2nd Line Risk Management Function – ASIC Definition for Conduct Risk Policy – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (APRA)95: –– “the risk of inappropriate, unethical or unlawful behaviour on the part of an organisation’s management or employees. Such conduct can be caused by deliberate actions or may be inadvertent and caused by inadequacies in an organisation’s practices, frameworks or education programs.”96

• [SecLineCondRiskStrategy] (+) – Banks – 2nd Line Risk Management Function – Conduct Risk Strategy “to Embed the ‘Should We?’ Question  Ibid.  Ibid. 92  Ibid, section 4.2.5, Conduct risk, p 36 93  Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 2, pp 262–263. 94  APRA Final Report, above n 14, section 4.2.5, Conduct risk, p 36. 95  Ibid. 96  Ibid citing Australian Securities and Investments Commission, Market Supervision Update Issue 57 – Conduct Risk, March 2015. 90 91

1190

45  The Risk Management Function

into Key Decision-Making Processes”  – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and ­Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating  +  8/100.00 rprox (APRA)97; and • [SecLineCondRiskReview] (+)  – Banks  – 2nd Line Risk Management Function – Conduct Risk Review for Business Units and Decision-Making Processes – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Enhancement in Information Flow  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (APRA).98 Westpac Common Risk and Control Language99 Again, following the [TransTimeMon] (+)100 variable and in the same positive (+) direction, the Westpac Review Team identifies a number of enhancements in relation to the risk and control language giving rise to a coverage/rating of +8/100.00 rprox: • “describing each risk and control in the same way, using an intuitive, internally consistent and common language”101: –– [WBCSecLineRisk&ContLanguage] (+)  – Banks  – 2nd Line Risk Management Function – Common Risk and Control Language – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Enhancement in Information Flow – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (Westpac)102 including: • “enables comparisons of risks and controls…across functions”; • “facilitates identification ansd rationalisation of key controls”; • “effective communication across different divisions and control functions;” and • “facilitates establishment of common data and technology infrastructure”103; Following the [TransTimeMon] (+) variable but in the negative (−) direction, coverage/rating − 8/100.00 rprox:

 APRA Final Report, above n 14, section 4.2.5, Conduct risk, p 36.  Ibid, Recommendation 15. 99  Westpac Review Team 2018, above n 33, section 6.3, pp 45–46. 100  See discussion in section 9.1.2.1 of Stage 1, above n 2, pp 198–199. 101  Westpac Review Team 2018, above n 33, section 6.3.2, pp 45–46. 102  Ibid. 103  Ibid, p 46. 97 98

45.1  Other Functions and Responsibilities of the Second Line of Defence

1191

• A common risk language for operational risk requiring enhanced granularity104: –– [WBCSecLineRisk&ContLanguageInsuffGran] (−)  – Banks  – 2nd Line Risk Management Function  – Common Risk and Control Language for Operational Risk Lacking Sufficient Granularity – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (Westpac)105; • “Risk division maintains a master control library…that features a single, consistent identifier for each common controls across Westpac” but business units can tailor their own controls and identifiers106: –– [WBCSecLineRisk&ContLanguageBUControl] (−)  – Banks  – 2nd Line Risk Management Function – Common Risk and Control Language Across Bank but Business Units can Tailor Their Own Controls and Identifiers  – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Reduction in Information Flow  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (Westpac)107; • “not all controls are linked to compliance obligations in JUNO [which] challenges the ability of employees across the 3 LOD to promptly identify controls established to manage compliance obligations”108: –– [WBCSecLineRisk&ContLanguageFailCompy] (−)  – Banks  – 2nd Line Risk Management Function – Common Risk and Control Language Across Bank but Not All Controls Linked to Compliance Obligations – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks – Reduction in Information Flow – Reduction in Risk Management and Internal Monitoring Effect  – Reduction in Quality of Decision-­making, coverage/rating − 8/100.00 rprox (Westpac)109; Westpac Process to Regularly Review, Assess and Test Controls110 Again, following the [TransTimeMon] (+)111 variable and in the positive (+) direction, the Westpac Review Team identifies a number of enhancements in relation to the risk and control language giving rise to a coverage/rating of +8/100.00 rprox:

 Ibid, section 6.3.4, p 46.  Ibid. See also section 6.3.6. 106  Ibid, section 6.3.5, p 46. 107  Ibid. 108  Ibid, section 6.3.7, p 46. 109  Ibid. 110  Ibid, sections 6.3.8–6.3.11, p 47. 111  See discussion in section 9.1.2.1 of Stage 1, above n 2, pp 198–199. 104 105

1192

45  The Risk Management Function

• process to review, assess and test controls112: –– [WBCSecLineReviewAssessTestConts] (+)  – Banks  – 2nd Line Risk Management Function  – Process to Regularly Review, Assess and Test Controls  – Reduction in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Enhancement in Information Flow  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/ rating + 8/100.00 rprox (Westpac)113; Following the [TransTimeMon] (+) variable but in the negative (−) direction, coverage/rating − 8/100.00 rprox: • testing of controls for managing compliance obligations performed by Assurance but no additional process for compliance employees to test controls114: –– [WBCSecLineNoAdditionTestComply] (−)  – Banks  – 2nd Line Risk Management Function  – No Additional Test for Compliance Employees Outside Assurance Testing  – Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Reduction in Information Flow –Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (Westpac)115 including, to remediate this variable: • need for Compliance to draw on existing processes; and • Compliance initiative to build monitoring and surveillance capabilities.116 Westpac Identification of New, Emerging and Heightened Risks117 Again, following the [TransTimeMon] (−)118 variable but in the negative (−) direction, Westpac identifies a number of gaps in its Line 2 Key Risk Issues report giving rise to a coverage/rating of −8/100.00 rprox: • gaps in Compliance Key Risk Issues report for internal and external developments to identify new and emerging risks or changes to materiality level of existing risks119: –– [WBCSecLineKeyRiskIssuesGap] (−)  – Banks  – 2nd Line Risk Management Function – Gaps in Compliance Key Risk Issues Report – New and Emerging Risks or Changes to Materiality Level of Existing Risks  –

 Westpac Review Team 2018, above n 33, section 6.3.8, p 47.  Ibid. 114  Ibid, section 6.3.9, p 47. 115  Ibid. 116  Ibid, section 6.3.11, p 47. 117  Ibid, section 6.3.1.2, p 47. 118  See discussion in section 9.1.2.1 of Stage 1, above n 2, pp 198–199. 119  Westpac Review Team 2018, above n 33, section 6.3.12, p 47. 112 113

45.2  Enterprise Risk Management (ERM) Framework

1193

Increase in Risk of Gaps in Identification, Measurement and Management of Operational and Compliance Risks  – Reduction in Information Flow  – Reduction in Risk Management and Internal Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (Westpac)120 including internal and external developments including: • change to business activities and areas of focus; • control breakdowns; and • other risk issues at peers.121 Risk Reporting of Second Line Risk Management Function Separate variables are assigned to the risk reporting requirements of the second Line risk-management function (and other levels) in Sects. 45.5, 45.6, 45.7, 45.8, 45.9, 45.10, 45.11, 45.12 and 45.13 below.

45.2 Enterprise Risk Management (ERM) Framework By way of introduction, the OECD Key Findings 2009 relied on the work of Anderson to identify some common risk management problems: • Risks are frequently not linked to strategy… • Risk definitions are often poorly expressed... • Developing intelligent responses to risks by the company: There are five key dimensions to consider: strategy, people, detail, tasks and drivers... By the latter is meant the need for someone or something to make sure that the whole process takes place. These drivers include managers in the organisation, outside regulators or the culture of the organisation. • Taking into account stakeholders and guardians in detailing responses to risk. • Paying more than lip service to the extended enterprise…122

A detailed examination of the methodologies and procedures of Enterprise Risk Management (ERM) is beyond the scope of this Stage 2 Key Code and Advanced Handbook. In this section, ERM is presented in overview with the failings of ERM identified in government and market participant reports.

 Ibid.  Ibid. 122  OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis: Key Findings and Main Messages, June 2009, approved for publication 29 May 2009, accessed 12 April 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/43056196. pdf, (‘OECD Key Findings 2009’), p 38 citing R Anderson, Independent Governance: Risk and Assurance, Consultants Report for the OECD, 2009. 120 121

1194

45  The Risk Management Function

ERM Framework The OECD Kirkpatrick Report 2009 sets out an “ERM Framework” of eight components123 numbered below, here with the relevant Stage 2 relational approach ­governance variables attached. The relational approach here describes the components in terms taken from the OECD Kirkpatrick Report 2009 and introduces new governance variables to represent the ERM function required by that Report. These variables are hypothesized to be ‘strong’ versions of the [BrdSkills] (+)124 variable, coverage/rating + 7/87.50 rprox. The behaviours of these ‘second line of defence’ variables are hypothesized to be identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same direction to reflect an enhancement in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5). Alternatively, there is an enhancement in the quality of decision-making (Decision-making Factor No 7) and/or an enhancement in the Reporting Factor No 1 (Transparency, Timing and Integrity of Financial and other Reports). Thus, these variables track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox: 1. “Internal environment: it encompasses the tone of an organisation, and sets the basis for how risk is viewed and addressed by an entity’s people”: • [SecLineERMIntEnviro] (+)  – Banks  – 2nd Line Risk Management Function  – ERM Function  – Internal Environment and Basis of Assessing Risk  – Enhancement in Risk Management and Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; 2. “Objective setting: objectives must exist before management can identify potential events affecting their achievement”: • [SecLineERMObjective] (+)  – Banks  – 2nd Line Risk Management Function  – ERM Function  – Objective Setting in Assessing Risk  – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; 3. “Event identification: internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities”: • [SecLineERMIDRiskEventInt] (+) – Banks – 2nd Line Risk Management Function  – ERM Function  – Identification of Internal Risk Events  –  Grant Kirkpatrick, The Corporate Governance Lessons from the Financial Crisis, Report of the OECD Steering Group on Corporate Governance, 11 February 2009, Financial Market Trends, Vol 2009/1, ISSN 1995-2864, accessed 27 March 2017 at http://search.oecd.org/finance/financial-­ markets/42229620.pdf, (‘OECD Kirkpatrick Report 2009’), Box 1, An enterprise risk management framework, p 7 citing Committee of Sponsoring Organisations of the Treadway Commission. 124  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp 198–201. 123

45.2  Enterprise Risk Management (ERM) Framework

1195

Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [SecLineERMIDRiskEventExt] (+) – Banks – 2nd Line Risk Management Function  – ERM Function  – Identification of External Risk Events  – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [SecLineERMIDRiskEventOpp] (+) – Banks – 2nd Line Risk Management Function  – ERM Function  – Identification of Risk Event Opportunities  – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; 4. “Risk assessment: risks are analysed, considering likelihood and impact, as a basis for determining how they should be managed”: • [SecLineERMRiskAssess] (+)  – Banks  – 2nd Line Risk Management Function  – ERM Function  – Assessment of Risk Events (Generally)  – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [SecLineERMRiskLikely] (+)  – Banks  – 2nd Line Risk Management Function  – ERM Function  – Assessment of Likelihood of Risk Events  – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [SecLineERMRiskImpact] (+)  – Banks  – 2nd Line Risk Management Function – ERM Function – Assessment of Impact/Magnitude of Risk Event – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; 5. “Risk response: management selects risk responses developing a set of actions to align risks with the entity’s risk tolerances and its risk appetite”: • [SecLineERMRiskToler] (+)  – Banks  – 2nd Line Risk Management Function  – ERM Function  – Align Risk Response to Risk Tolerances  – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [SecLineERMRiskAppAlign] (+)  – Banks  – 2nd Line Risk Management Function  – ERM Function  – Align Risk Response to Risk Appetite  – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; 6. “Control activities: policies and procedures are established and implemented to help ensure the risk responses are effectively carried out”: • [SecLineERMRiskPolicy] (+)  – Banks  – 2nd Line Risk Management Function – ERM Function – Risk Response Policies – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decisionmaking, coverage/rating of +7/87.50 rprox; • [SecLineERMRiskProced] (+)  – Banks  – 2nd Line Risk Management Function  – ERM Function  – Risk Response Procedures  – Enhancement in

1196

45  The Risk Management Function

Risk Management and Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating of +7/87.50 rprox; 7. “Information and communication: relevant information is identified, captured, and communicated throughout the organisation in a form and timeframe that enable people to carry out their responsibilities” (here based on various Stage 1 and Stage 2 variables as noted in the following sections): • • • • • • • •

the [FailLowStatus] (−) variable examined in Sect. 38.5; the [FailRedFlag] (−) variable examined in Sect. 38.6; the [FailReviewStructCultInfoRisk] (−) variable examined in Sect. 38.14; the [FailMonRisksRealTime] (−) variable examined in Sect. 38.17; the various ‘SManRedFlag’-prefix variables examined in Sect. 40.3; the [RASEscalateReport] (+) variable examined in Sect. 40.5; the [SecLineEarlyWarnSys] (+) variable examined in Sect. 45.1; and the various ‘SecLineRedFlag’-prefix variables examined in Sect. 45.9;

8. “Monitoring: the entirety of enterprise risk management is monitored and modifications made as necessary” (based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox): • [SecLineERMRiskMan&Mod] (+) – Banks – 2nd Line Risk Management Function  – ERM Function  – Monitoring of Risk Management and Modifications Made  – Enhancement in Risk Management and Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox. Shortcomings in ERM Practice The OECD Kirkpatrick Report 2009 identified a number of shortcomings in ERM practice, summarized here125 with the bank-specific counter-measure governance variables of the Stage 2 relational approach introduced in this Stage 2 Key Code and Advanced Handbook: 1. “strategic decisions to retain large exposures to super senior tranches of collateralised debt obligations that far exceeded the firms understanding of the risks inherent in such instruments, and failed to take appropriate steps to control or mitigate those risks”126: • • • • • • •

the [FailCDORisks] (−) variable examined in Sects. 38.9 and 42.8; the [NEDBankSecurznInfo] (−) variable examined in Sect. 26.2; the [NEDRiskModelInfo] (−) variable examined in Sects. 27.1 and 42.8; the [EDRiskModelPrice] (−) variable examined in Sects. 27.1 and 42.8; the [NEDRatingsInfo] (−) variable examined in Sects. 27.2 and 42.8; the [EDRatingsGrade] (−) variable examined in Sects. 27.2 and 42.8; the [NEDFinProdInfo] (−) variable examined in Sects. 37.5, 37.8 and 42.8;

 OECD Kirkpatrick Report 2009, above n 123, pp 8–10.  Ibid, p 8.

125 126

45.2  Enterprise Risk Management (ERM) Framework

1197

• the [TransTimeFinProd] (−) variable examined in Sect. 37.8; • technical areas relating to liquidity risk, conduit and securitization issues have been excluded from the scope of this Stage 2 Key Code and Advanced Handbook but were addressed by the IIF127; and • technical areas relating to credit underwriting, ratings and investor due diligence in securitisation markets have been excluded from the scope of this Stage 2 Key Code and Advanced Handbook but were addressed by the IIF.128 2. failure to understand or control “balance sheet growth and liquidity needs”129 in relation to the funding of off-balance-sheet vehicles: • the [RASOff-BalanceRisk] (+) variable examined in Sect. 40.5; • the [BankHiddenLev] (−) variable examined in Sect. 27.3; and • the [TransTimeHideLev] (−) variable examined in Sect. 27.3. 3. failure to have a firm-wide view of exposures and risks130: • the [FailFirm-WideRisk] (−) variable examined in Sect. 38.4; • the [SecLineBank-WideRisk] (+) variable examined in Sect. 45.5; and • the [BrdBank-WideRisk] (+) variable examined in Sect. 45.5. 4. failure to have adaptive rather than static “risk measurement processes and systems that could rapidly alter underlying assumptions (such as valuations) to reflect current circumstances”131: • the [FailModelAssumpt] (−) variable examined in Sect. 38.13; • the [BUChangeCond&Assumpt] (+) variable examined in Sect. 42.1; and • technical matters in relation to valuation issues are beyond the scope of this Stage 2 Key Code and Advanced Handbook but have been addressed by the IIF as noted in Sect. 42.5.132 5. failure to gather information on risk exposures from different perspectives and failure of effective stress testing and scenario analysis133: • for risk exposures: –– the [FailInfoLevRisk] (−) variable examined in Sect. 38.7; –– the [FailIdentifyNewRisks] (−) variable examined in Sect. 38.8;

 IIF Final Report 2008, above n 11, Principle III, Liquidity Risk, Conduit, and Securitisation Issues, Principles III.i–III.vi and Recommendations III.1–III.19, pp 52–70. 128  Ibid, Principle V, Credit Underwriting, Ratings, and Investor Due Diligence in Securitisation Markets, Principles V.i–V.ix and Recommendations V.1–V.20, pp 85–97. 129  OECD Kirkpatrick Report 2009, above n 123, p 8. 130  Ibid. 131  Ibid. 132  IIF Final Report 2008, above n 11, Principle IV, Valuation Issues, Principles IV.i–IV.iv and Recommendations IV.1–IV.25, pp 71–84. 133  OECD Kirkpatrick Report 2009, above n 123, p 10. 127

1198

–– –– –– –– –– ––

45  The Risk Management Function

the [FailInfoSilos] (−) variable examined in Sect. 38.10; the [FailTransRiskFactors&Rank] (−) variable examined in Sect. 38.23; the [RASIndLevelType] (+) variable examined in Sect. 40.5; the [RASAggLevelType] (+) variable examined in Sect. 40.5; the various ‘BU’-prefix variables examined in Sect. 42.1; and the various ‘BU’-prefix variables examined in Sect. 45.5;

• for stress testing and scenario analysis: –– –– –– –– –– –– –– –– –– –– –– ––

the [FailStressTests] (−) variable in Sect. 38.11; the [BRCFwdStressTest] (+) variable examined in Sect. 44.5; the [BRCFwdScenTest] (+) variable examined in Sect. 44.5; the [BRCFwdFailTest] (+) variable examined in Sect. 44.5; the [BRCFwdLrgPriceMove] (+) variable examined in Sect. 44.5; the [BRCQualTesting] (+) variable examined in Sect. 44.5; the [BRCQuantMetrics] (+) variable examined in Sect. 44.5; the [SecLineStressRisk] (+) variable examined in Sect. 45.5; the [SecLineScenarioRisk] (+) variable examined in Sect. 45.5; the [BrdStressRisk] (+) variable examined in Sect. 45.5; the [BrdScenarioRisk] (+) variable examined in Sect. 45.5; and technical areas relating to risk methodologies and procedures and stress testing have been excluded from the scope of this Stage 2 Key Code and Advanced Handbook but were addressed by the IIF; 134

6. failure of governance systems to pass information upwards to the board135: • • • • • • • •

the [FailLowStatus] (−) variable examined in Sect. 38.5; the [FailRedFlag] (−) variable examined in Sect. 38.6; the [FailReviewStructCultInfoRisk] (−) variable examined in Sect. 38.14; the [FailMonRisksRealTime] (−) variable examined in Sect. 38.17; the various ‘SManRedFlag’-prefix variables examined in Sect. 40.3; the [RASEscalateReport] (+) variable examined in Sect. 40.5; the [SecLineEarlyWarnSys] (+) variable examined in Sect. 45.1; and the various ‘SecLineRedFlag’-prefix variables examined in Sect. 45.9;

7. failure to control the consolidated balance sheet, liquidity and capital136: • • • • •

the [RASQuantCapitalRisk] (+) variable examined in Sect. 40.5; the [RASQuantLiquidity] (+) variable examined in Sect. 40.5; the [RASMonitorLimits] (+) variable examined in Sect. 40.5; the [RASMonitorStratCapPlan] (+) variable examined in Sect. 40.5; the [BRCCapStrat] (+) variable examined in Sect. 43.1;

 IIF Final Report 2008, above n 11, Section B, Risk Management Methodologies and Procedures, Principles I.iv–I.vi and Recommendations I.26–I.44, pp 39–44. See also Section C, Stress-Testing Issues, Principles I.vi–I.viii and Recommendations I.45–I.58, pp 45–48. 135  OECD Kirkpatrick Report 2009, above n 123, p 10. 136  Ibid. 134

45.3  Resources for Risk Management

1199

• the [BRCLiqManStrat] (+) variable examined in Sect. 43.1; and • technical areas relating to liquidity risk, conduit and securitization issues have been excluded from the scope of this Stage 2 Key Code and Advanced Handbook but were addressed by the IIF;137 8. failure to align treasury functions with risk management processes138: • the [SecLineCoordFinTreas] (+) variable examined in Sect. 45.1. 9. failure to incorporate “information from all businesses into global liquidity planning, including actual and contingent liquidity risk”139: • see the variables above for items 2, 5 (risk exposures), 6 and 7.

45.3 Resources for Risk Management The IIF made three recommendations in relation to resources for risk management including that: • senior management under board oversight should provide a sufficient amount and quality of resources for risk management140; • such resources should be available during planning and budgeting including “personnel, data systems, and support and access to internal and external information necessary to assess risk”141; and • risk management personnel should have experience, qualifications and status to perform their functions.142 The failings identified by the BCBS in Sect. 40.3 raised in that section variables relating to failure by senior management to escalate information upwards to the board, all of which again track the relational effect path of the [TransTimeMon] (+)143 variable in section 9.1.2.1 of Stage 1 but in the negative (−) direction, giving rise to a coverage/rating of − 8/100.00 rprox. Here, the Stage 2 relational approach introduces three governance variables to represent the resource requirements for undertaking the risk management responsibilities of the Second Line of defence as required by the IIF. These variables track

 IIF Final Report 2008, above n 11, Principle III, Liquidity Risk, Conduit, and Securitisation Issues, Principles III.i – III.vi and Recommendations III.1 – III.19, pp 52–70. 138  OECD Kirkpatrick Report 2009, above n 123, p 10. 139  Ibid. 140  IIF Final Report 2008, above n 11, Recommendation I.23, p 38. 141  Ibid, Recommendation I.24, p 38. 142  Ibid, Recommendation I.25, p 38. 143  Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 2, pp 262–263. 137

1200

45  The Risk Management Function

the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1144 in the same positive (+) direction with a coverage/rating of +7/87.50 rprox: • [SManSecLineResources] (+)  – Banks  – Senior Management  – Amount and Quality of Resources Provided to 2nd Line by Senior Management – Enhancement in Risk Management and Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (IIF); • [SManSecLinePlanBudget] (+)  – Banks  – Senior Management  – Resources Provided to 2nd Line by Senior Management to be Available for Planning and Budgeting  – Enhancement in Risk Management and Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (IIF); and • [SManSecLineExperStatus] (+) – Banks – Senior Management – Experience, Qualification and Status (all High) of 2nd Line Risk Management Personnel – Enhancement in Risk Management and Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (IIF).

45.4 Risk Identification, Monitoring and Control – Introduction to Internal Controls A detailed examination of the structures, mechanisms, procedures and protocols of the internal control system for banks is beyond the scope of this Stage 2 Key Code and Advanced Handbook. Indeed, they would be worthy of an entire Key Field and handbook in themselves in future. Here the Stage 2 relational approach briefly examines some observations on internal controls contained in the BCBS Guidelines 2015. For the BCBS, risk identification extends to all risks which should be evaluated regularly and in an ad hoc basis, including ongoing, new and emerging risks.145 This should involve both quantitative and qualitative data.146 Internal controls are emphasized by the BCBS as ensuring that the policies, processes and other measures for key risks are working as intended as well as ensuring integrity, compliance and effectiveness and that financial and management information is reliable, timely and complete: Internal controls are designed, among other things, to ensure that each key risk has a policy, process or other measure, as well as a control to ensure that such policy, process or other measure is being applied and works as intended. As such, internal controls help ensure process integrity, compliance and effectiveness. Internal controls provide reasonable ­assurance that financial and management information is reliable, timely and complete and

 Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp 198–201. 145  BCBS Guidelines 2015, above n 9, Ibid, Para 113, p 27. 146  Ibid, Para 114, p 27. 144

45.5  Communication of Risk – Introduction

1201

that the bank is in compliance with its various policies and applicable laws and regulations.147

Internal controls prevent unauthorized individuals from taking action alone, reduce discretion and should have an escalation procedure.148 The BCBS contemplates that banks will have access to internal and external data149 and may use modelling,150 stress tests and scenario analyses to examine risk exposures in adverse circumstances.151 Actual performance should be compared to the risk estimates, known as ‘backtesting’.152 The BCBS requires risk management and approval processes for new or expanded products, large and complex transactions, risks which are hard to quantify and outsourcing of bank functions.153 This also extends to mergers, acquisitions, disposals and changes to bank organisational structures.154

45.5 Communication of Risk – Introduction The OECD 2010 Conclusions and Practices observed that risk disclosures were difficult to read with poor disclosure practices: [R]esearch indicates that the readability of risk disclosures is difficult or very difficult and that there is generally no consistent global set of generally accepted risk management principles and guidance available for risk disclosures in the annual report... Reporting tends to be boilerplate in nature. Moreover, previous work by the Steering Group indicated that discussion/disclosure about corporate strategy and business models, closely related to risk management, also tends to be poor even though there appears to be economic returns to improved disclosure... Major issues remain in the whole area of corporate reporting such as how to discourage boiler plate reporting without having to establish safe haven rules that might be difficult to do in practice.155

Thus, the OECD recommended disclosure of the process of risk management and the results of risk assessments as linked to the company’s strategy:

 Ibid, Para 115, p 27.  Ibid, Para 116, p 27. 149  Ibid, Para 118, p 27. 150  Ibid, Para 119, p 28. 151  Ibid, Para 120, p 28. 152  Ibid, Para 121, p 28. 153  Ibid, Para 123, pp 28–29. 154  Ibid, Para 125, p 29. 155  OECD Directorate for Financial and Enterprise Affairs, OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis, Conclusions and emerging good practices to enhance implementation of the Principles, 24 February 2010, accessed 11 May 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/44679170.pdf, (‘OECD 2010 Conclusions and Practices’), Para 42, p 15 (footnotes omitted). 147 148

1202

45  The Risk Management Function

The process of risk management and the overall results of risk assessments should be appropriately disclosed in a transparent and understandable fashion. Disclosure of risk factors should identify those most relevant to the company’s strategy.156

Principles for Identification, Escalation/Communication and Disclosure of Risk The BCBS devotes an entire Principle 8 to risk communication as part of a strong risk culture.157 Communication must be: • timely, accurate and understandable to promote informed decisions158; • prioritized, concise and contextualized159; • to initiate early action, presented to senior management, the board, responsible officers and heads of control functions160; • at board level, convey bank-wide, individual portfolio and other risks as well as stress tests and scenario analyses161; and • designed so banks avoid “organizational silos” which impede information sharing.162 APRA also devotes an entire section of its Final Report to issue identification and escalation.163 In section 12.17 of Chapter 12 of this Stage 2, the relational approach introduced the following variable in relation to the disclosure of the bands and elements of executive and high-end employee compensation and incentives: • [CCDiscloseBandElement] (+) – Compensation/Remuneration Committee  – Disclosure of Bands and Elements of Compensation for Executives and High End Employees – Enhancement in Risk Management and Internal and External Monitoring, coverage/rating  +  8/100.00 rprox (relational effect path in section 12.17). Again, the approach to the [CCDiscloseBandElement] (+) variable was to hypothesise that it is identical in direction, behaviour and relational effect path to the [TransTimeMon] (+)164 variable in section 9.1.2.1 of Stage 1. That variable links, most directly, the transparency and timing of reporting with both enhancement of the risk management and monitoring function (Risk Management,  Ibid, Para 42, p 15.  BCBS Guidelines 2015, above n 9, Para 126, p 30. 158  Ibid, Para 127, p 30. 159  Ibid. 160  Ibid, Para 128, p 30. 161  Ibid, Para 129, p 30. 162  Ibid, Para 131, p 30. 163  APRA Final Report, above n 14, Section 5, Issue Identification and Escalation, p 37. 164  Transparency and timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 2, pp 262–263. 156 157

45.5  Communication of Risk – Introduction

1203

Monitoring & Audit Factor No 5165) and the quality of decision-making (Decision-­ making Factor No 7166). Given its focus on risk management, monitoring and decision-­making, the [TransTimeMon] (+) variable’s relational effect path is positive (+) and the zone of effect of that relational effect path is hypothesised to be similar to that of the [BrdSkills] (+)167 and [BrdIndMon] (+)168 variables but with an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance169). This gave rise to a coverage/rating of +8/100.00 rprox for the [CCDiscloseBandElement] (+) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). This was depicted in Fig. 12.2 of Chap. 12. Stage 2 of the relational approach here will be to similarly craft a number of disclosure governance variables  – for the communication of risk  – based on the relational effect path of the [TransTimeMon] (+)170 variable in section 9.1.2.1 of Stage 1, coverage/rating + 8/100.00 rprox. What is striking for the Stage 2 relational approach here is that, generally speaking, the transparency and timing of disclosures in the [TransTimeMon] (+) variable of Stage 1 were to cure asymmetric information problems of dispersed shareholders. The point was that improvements in disclosure to the shareholders/market improves external monitoring of the firm which, in turn, causes the directors to monitor the management more closely. But the point of the BCBS and APRA-inspired variables in this section is that, in addition to external disclosures, they seek to cure asymmetric information about risk within the bank – for example, to the board level itself. Hence, these variables are linked in concept to the variables in Sect. 45.2 above which concern ‘escalating’ information about risk upwards to senior management and board level. Importantly, the new variables ‘carve-up’ or isolate desirable characteristics of the communication objective into individual variables to be applied at business unit, risk management function and board levels. The action for banks is to dedicate resources to attaining each of the attributes and eradicating the failings. Hence, the BCBS Guidelines 2015 and APRA Final Report relating to identification and escalation/communication of risk give rise to the following variables all tracking the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1. For the positive variables, this also gives rise to a coverage/rating of +8/100.00 rprox. For the negative variables, these again track the relational effect path of the  See discussion in section 2.6.5 of Stage 1, above n 2, pp 47–51.  See discussion in section 2.6.7 of Stage 1, above n 2, pp 51–58. 167  Board – Director Skills ‘Mix’ -–see Figure 7.2 and discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp 198–201. 168  Board Independent Director: Executive Director Proportion – Monitoring Effect – see discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, above 2, pp 208–212. 169  See discussion in section 2.6.2 of Stage 1, above n 2, pp 41–43. 170  Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 2, pp 262–263. 165 166

1204

45  The Risk Management Function

[TransTimeMon] (+) variable, but in the negative (−) direction. As noted above, these variables are applied at all levels of the bank – first-line business units, the second-line risk management function currently under consideration which should communicate information to board level and ultimately from the board to the shareholders and the market. Each variable prefix denotes the level. At Customer Level • [BUCustComplain] (+)  – Banks  – Business Units  – Customer Complaint Recording System  – Enhancement of Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (APRA).171 At the First-Line of Defence Business Unit Level • [BUIncidentLog] (+) – Banks – Business Units – Logging of ‘Incident’ “Causing Unexpected Outcomes from Business Processes” – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (APRA)172; • [BUIssueLog] (+) – Banks – Business Units – Logging of ‘Issue’ of “Control Weakness or Gap that Exposes the Bank to Potential Losses, Reputational Damage or Breach of Regulation”  – Enhancement in Information Flow  – Enhancement in Risk Management and Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (APRA)173; • [BUIssueRating] (+)  – Banks  – Business Units  – Rating of Logged Issues  – Rating According to “Likelihood an Incident Will Occur in Next 12 Months and Potential Impact” – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect  – Enhancement in Quality of Decision-­ making, coverage/rating + 8/100.00 rprox (APRA)174; • [BURiskReportTrigLevel] (+) – Banks – Business Units – Reporting of Risk According to Severity Trigger ($) to Appropriate/Predetermined Level  – Reporting to Business Unit Management, CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (BCBS and APRA175); • [BUTimeAccUstandRisk] (+)  – Banks  – Business Units  – Timing, Accuracy and Understandability of Risk Reporting for Early Action  – Reporting to Business Unit Management, CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions  – Enhancement in

 APRA Final Report, above n 14, Section 5, Issue Identification and Escalation, pp 38–39.  Ibid, p 37. 173  Ibid. 174  Ibid. 175  Ibid. 171 172

45.5  Communication of Risk – Introduction

•

•

•

•

1205

Information Flow  – Enhancement of Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 8/100.00 rprox (BCBS); [BUPriorityContextRisk] (+)  – Banks  – Business Units  – Prioritisation, Conciseness and Contextualisation of Risk Reporting for Early Action  – Reporting to Business Unit Management, CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow  – Enhancement of Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 8/100.00 rprox (BCBS); [BUIssueClosure] (+) – Banks – Business Units – Closure of Issue by ‘Issue Owner’ and ‘Issue Manager’ – Reporting to Business Unit Management, CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions  – Enhancement in Information Flow  – Enhancement in Risk Management and Monitoring Effect  – Enhancement in Quality of Decisionmaking, coverage/rating + 8/100.00 rprox (APRA176); [BUClosureVerify] (+) – Banks – Business Units – Closure of Issue by ‘Issue Owner’ and ‘Issue Manager’ – Specify Requirements to Verify Issue Closure – Reporting to Business Unit Management, CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-­ making, coverage/rating + 8/100.00 rprox (APRA177); In the negative (−) direction –– [BUNonDiscloseSilos] (−) Banks  – Business Units  – Information Silos  – Impediment to Risk Reporting for Early Action – Reduction in Information Flow – Diminution/Failure of Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (BCBS);

At the Second Line of Defence Risk Management Function Level • [SecLineIncidentLog] (+)  – Banks  – 2nd Line Risk Management Function  – Logging of ‘Incident’ “Causing Unexpected Outcomes from Business Processes”  – Enhancement in Information Flow  – Enhancement in Risk Management and Monitoring Effect  – Enhancement in Quality of Decisionmaking, coverage/rating + 8/100.00 rprox (APRA)178; • [SecLineIssueLog] (+)  – Banks  – 2nd Line Risk Management Function  – Logging of ‘Issue’ of “Control Weakness or Gap that Exposes the Bank to Potential Losses, Reputational Damage or Breach of Regulation” – Enhancement in Information Flow  – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (APRA)179;

 Ibid, p 38.  Ibid, p 38. 178  Ibid. 179  Ibid. 176 177

1206

45  The Risk Management Function

• [SecLineIssueRating] (+)  – Banks  – 2nd Line Risk Management Function  – Rating of Logged Issues  – Rating According to “Likelihood an Incident Will Occur in Next 12 Months and Potential Impact” – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (APRA)180; • [SecLineRiskReportTrigLevel] (+)  – Banks  – 2nd Line Risk Management Function  – Reporting of Risk According Severity Trigger ($) to Appropriate/ Predetermined Level  – Reporting to CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions on all 2nd Line Responsibilities/Functions – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 8/100.00 rprox (APRA)181; • [SecLineTimeAccUstandRisk] (+)  – Banks  – 2nd Line Risk Management Function – Timing, Accuracy and Understandability of Risk Reporting for Early Action – To CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making, coverage/ rating + 8/100.00 rprox (BCBS); • [SecLinePriorityContextRisk] (+)  – Banks  – 2nd Line Risk Management Function – Prioritisation, Conciseness and Contextualisation of Risk Reporting for Early Action  – To CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement of Monitoring Effect  – Enhancement in Quality of Decisionmaking, coverage/rating + 8/100.00 rprox (BCBS); • [SecLineIssueClosure] (+) – Banks – 2nd Line Risk Management Function – Closure of Issue by ‘Issue Owner’ and ‘Issue Manager’ – Reporting to Business Unit Management, CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions – Enhancement in Information Flow – Enhancement in Risk Management and Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (APRA)182; • [SecLineClosureVerify] (+) – Banks – 2nd Line Risk Management Function – Closure of Issue by ‘Issue Owner’ and ‘Issue Manager’ – Specify Requirements to Verify Issue Closure – Reporting to Business Unit Management, CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions  – Enhancement in Information Flow  – Enhancement in Risk Management and Monitoring Effect  – Enhancement in Quality of Decisionmaking, coverage/rating + 8/100.00 rprox (APRA)183; • [SecLineBank-WideRisk] (+) – Banks – 2nd Line Risk Management Function – Reporting of Bank-Wide (Aggregate of All Portfolios) Risk for Early Action – To

 Ibid.  Ibid. 182  Ibid, p 38. 183  Ibid. 180 181

45.5  Communication of Risk – Introduction

1207

•

CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions  – Enhancement in Information Flow  – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (BCBS); [SecLineIndivPortRisk] (+) – Banks – 2nd Line Risk Management Function – Reporting of Individual Portfolio Risk for Early Action  – To CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions  – Enhancement in Information Flow  – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (BCBS); [SecLineStressRisk] (+)  – Banks  – 2nd Line Risk Management Function  – Reporting of Stress-Test Risks for Early Action – To CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions  – Enhancement in Information Flow  – Enhancement of Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating  +  8/100.00 rprox (BCBS); [SecLineScenarioRisk] (+) – Banks – 2nd Line Risk Management Function – Reporting of Scenario Tests/Analyses for Early Action  – To CRO, Senior Management, Board, BRC, Responsible Officers and Heads of Control Functions  – Enhancement in Information Flow  – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (BCBS); and In the negative (−) direction:

•

•

•

–– [SecLineNonDiscloseSilos] (−) Banks  – 2nd Line Risk Management Function  – Information Silos  – Impediment to Risk Reporting for Early Action – Reduction in Information Flow – Diminution/Failure of Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (BCBS). At Whistleblower Level • In the negative (−) direction: –– [BURedFlagRiskWhistle] (−) – Banks – Business Units – Failure to Escalate Problems or Red Flags in relation to Whistleblowing Procedures – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)184; –– [SecLineRedFlagRiskWhistle] (−) variable in Sect. 45.9; and –– [SManRedFlagRiskWhistle] (−) variable in Sect. 40.3; At the Board Level Reporting to Shareholders and the External Market/ Stakeholders • [BrdRiskReport] (+) – Banks – Board of Directors – Reporting of Risk – To Shareholders and External Market/Stakeholders – Enhancement in Information

 Ibid.

184

1208

•

•

•

•

•

•

•

45  The Risk Management Function

Flow – Enhancement in Risk Management and Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (BCBS); [BrdTimeAccUstandRisk] (+) – Banks – Board of Directors – Timing, Accuracy and Understandability of Risk Reporting – To Shareholders and External Market/ Stakeholders – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (BCBS); [BrdPriorityContextRisk] (+)  – Banks  – Board of Directors  – Prioritisation, Conciseness and Contextualisation of Risk Reporting  – To Shareholders and External Market/Stakeholders  – Enhancement in Information Flow  – Enhancement of Monitoring Effect  – Enhancement in Quality of Decisionmaking, coverage/rating + 8/100.00 rprox (BCBS); [BrdBank-WideRisk] (+) – Banks – Board of Directors – Reporting of Bank-­ Wide (Aggregate of All Portfolios) Risk – To Shareholders and External Market/ Stakeholders – Enhancement in Information Flow – Enhancement of Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (BCBS); [BrdIndivPortRisk] (+) – Banks – Board of Directors – Reporting of Individual Portfolio Risk  – To Shareholders and External Market/Stakeholders  – Enhancement in Information Flow -– Enhancement of Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating  +  8/100.00 rprox (BCBS); [BrdStressRisk] (+) – Banks – Board of Directors – Reporting of Stress-Test Risks – To Shareholders and External Market/Stakeholders – Enhancement in Information Flow  – Enhancement of Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (BCBS); [BrdScenarioRisk] (+) – Banks – Board of Directors – Reporting of Scenario Tests/Analyses  – To Shareholders and External Market/Stakeholders  – Enhancement in Information Flow  – Enhancement of Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 8/100.00 rprox (BCBS); and In the negative (−) direction: –– [BrdNonDiscloseSilo] (−) Banks – Board of Directors – Information Silo – Impediment to Risk Reporting  – To Shareholders and External Market/ Stakeholders  – Reduction in Information Flow  – Diminution/Failure of Monitoring Effect – Reduction in Quality of Decision-making, coverage/rating − 8/100.00 rprox (BCBS).

45.6 Escalation of Risk Information Upwards – ‘Red Flags’ APRA identifies the general pathways for the identification and escalation of risks: Issue management follows the same general pathway at most banks. Firstly, issues must be identified and assessed, and a decision made whether any risks posed will be accepted or

45.6  Escalation of Risk Information Upwards – ‘Red Flags’

1209

mitigated. Issues can either be self-identified from scenario analysis, stress testing or thematic review, or identified via another process, including audit, compliance and regulatory review. Secondly, issues must be escalated to the proper level of the organisation, where actions to mitigate any risk posed are defined and approved. A process must be put in place to track progress in remediating the issue, culminating in completion of each appropriate action and closure of the issue. Banks will also have mechanisms in place to review and analyse individual risks. These will be used to determine root causes, trends, or patterns that may indicate larger systemic issues.185

The EC Green Paper 2010 also considered that communication and information related to the risk function required improvement.186 The EC in particular referred to escalation of risk problems to the bank’s hierarchy and updating IT infrastructure for communication of risk throughout the bank: It also seems desirable to improve the risk management function's communication system, in particular by introducing a procedure for referring any conflicts and problems encountered to the hierarchy for resolution. The board of directors should establish the frequency and content of the risk reports to be submitted to it regularly. Updating the IT infrastructure should also be a priority in order to substantially develop financial institutions' risk management capabilities and allow risk information to be circulated in good time.187

The OECD Kirkpatrick Report 2009 similarly found a governance failure to transmit risk information through effective channels.188 Expanding on this later in the Report, Kirkpatrick explains that risk management information did not always get to the board nor in an appropriate form for managing risk which can be remedied by giving the CRO a board seat: Reports have documented that risk management information was not always available to the board or in a form corresponding to their monitoring of risk. An important Principle in this respect is VI.F, which states that: “In order to fulfil their responsibilities, board members should have access to accurate, relevant and timely information”. The efficiency of the risk management process and its connection to board oversight has led a number of companies to establish a Chief Risk Officer (CRO) with board membership in unitary board systems.189

Reporting Lines of the CRO Reiterating this, the Report suggests that for more effective communication for risk management, the CRO should report directly to the CEO or have a seat on the board

 APRA Final Report, above n 14, Section 5, Issues Identification and Escalation, p 37.  European Commission, Green Paper, Corporate Governance in Financial Institutions and Remuneration Policies, COM(2010) 284 final, Brussels, 2 June 2010, accessed 23 March 2017 at http://www.ecgi.org/commission/documents/green_paper_com2010_284_en.pdf (‘EC Green Paper 2010’), section 5.2, p 13. 187  Ibid. 188  OECD Kirkpatrick Report 2009, above n 123, 11. 189  Ibid, 20 (footnotes omitted). 185 186

1210

45  The Risk Management Function

or management committee190 and interact directly with the board risk committee (BRC).191 The reporting lines of the CRO are examined in Sect. 44.1 above of Chap. 44.

45.7 Failure of ‘Red Flags’ as a Failure in Board’s Oversight of Risk Management In Sect. 38.6 above, the Stage 2 relational approach introduced a variable representing the failure to escalate problems or ‘red flags’ – described as deficiencies in the flow of information upward through the bank to senior management and/or the board. This was categorized as a failure in the board’s oversight of risk management and tracked the relational effect path of the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 but in the negative (−) direction, coverage/rating − 8/100.00 rprox: • [FailRedFlag] (−) – Banks – Board Oversight of Risk Management – Failure to Escalate Problems or Red Flags – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating − 8/100.00 rprox (OECD Key Findings 2009), (OECD Kirkpatrick Report 2009), (EC Green Paper 2010).

45.8 Failure by Senior Management to Escalate ‘Red Flags’ or Information Upwards to the Board Additionally, in Sect. 40.3, the Stage 2 relational approach introduced a wide range of variables relating to failure by senior management to escalate information upwards to the board, all of which again track the relational effect path of the [TransTimeMon] (+)192 variable in section 9.1.2.1 of Stage 1 but in the negative (−) direction, coverage/rating − 8/100.00 rprox.

 Ibid, 20.  Ibid. 192  Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 2, pp 262–263. 190 191

45.9  Failure by Second-Line Risk Management Function to Escalate ‘Red Flags…

1211

45.9 Failure by Second-Line Risk Management Function to Escalate ‘Red Flags’ or Information Upwards to the Board Communication in Corporate Hierarchies with Unitary Boards For Pirson and Turnbull, “[c]ommunication failures in corporate hierarchies are systematic when controlled by a single board.”193 For the authors, there were “systemic distortions” in banks and financial firms which resulted in CEOs and directors failing to be informed of risks.194 The Stage 2 relational approach to addressing the second-line risk management function to escalate ‘red flags’ or information upwards to the board is accomplished in two steps: Step 1 – Second-Line Red Flag Functions First is to replicate the ‘senior management’ red flag variables in Sect. 40.3 above with variables relating to the second-line risk management function failure to raise red flags of the same nature. Hence, these variables have a negative (−) direction. For the first step, the following variables all of which again track the relational effect path of the [TransTimeMon] (+)195 variable in section 9.1.2.1 of Stage 1 but in the negative (−) direction, have a coverage/rating of  −  8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • [SecLineRedFlagBusStrat] (−)  – Banks  – 2nd Line Risk Management Function  – Failure to Escalate Problems or Red Flags in relation to Business Strategy  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (BCBS); • [SecLineRedFlagRiskStrat] (−)  – Banks  – 2nd Line Risk Management Function  – Failure to Escalate Problems or Red Flags in relation to Risk Strategy  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (BCBS); • [SecLineRedFlagRiskApp] (−) – Banks – 2nd Line Risk Management – Failure to Escalate Problems or Red Flags in relation to Risk Appetite – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (BCBS);

  Shann Turnbull and Michael Pirson, “The Future of Corporate Governance: Network Governance  – A Lesson from the Financial Crisis”, Fordham University Schools of Business Research Paper No. 2010–010, (15 March 2010), accessed 5 April 2017 at SSRN: http://ssrn.com/ abstract=1570924, 1. 194  Ibid, 3. 195  See discussion in section 9.1.2.1 of Stage 1, above n 2. 193

1212

45  The Risk Management Function

• [SecLineRedFlagFinPerform] (−)  – Banks  – 2nd Line Risk Management Function – Failure to Escalate Problems or Red Flags in relation to Firm ­Financial Performance – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (BCBS); • [SecLineRedFlagFinCond] (−)  – Banks  – 2nd Line Risk Management Function – Failure to Escalate Problems or Red Flags in relation to Firm Financial Condition  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (BCBS); • [SecLineRedFlagRiskLimit] (−)  – Banks  – 2nd Line Risk Management Function – Failure to Escalate Problems or Red Flags in relation to Breaches of Risk Limits and Compliance Rules – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/ rating − 8/100.00 rprox (BCBS); • [SecLineRedFlagIntConts] (−)  – Banks  – 2nd Line Risk Management Function – Failure by Senior Management to Escalate Problems or Red Flags in relation to Failures in Internal Controls  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (BCBS); • [SecLineRedFlagLegal] (−) – Banks – 2nd Line Risk Management Function – Failure to Escalate Problems or Red Flags in relation to Legal or Regulatory Issues  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (BCBS); and • [SecLineRedFlagRiskWhistle] (−)  – Banks  – 2nd Line Risk Management Function – Failure to Escalate Problems or Red Flags in relation to Whistleblowing Procedures  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (BCBS). Step 2 – Second-Line Principles for Communication of Risk Second is to rely on the second-line risk management function variables relating to various aspects of risk reporting introduced in Sect. 45.5 above ‘at the second line of defence risk management function level’. As set out above, these variables have a positive direction except the variable relating to ‘information silos’. For this second step, the variables all of which again track the relational effect path of the [TransTimeMon] (+)196 variable in section 9.1.2.1 of Stage 1 in the same positive (+) direction (except the variable for ‘information silos’), coverage/rating + 8/100.00 rprox are set out in Sect. 45.5.

 Ibid.

196

45.10  APRA and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags… 1213

45.10 APRA and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags’ from Staff197 APRA Issue Identification, Escalation and Resolution APRA sets out in its Final Report a number of difficulties around issue identification, escalation and resolution: [The bank] has historically faced difficulties in the three phases of issue management: issue identification, escalation, and resolution: • issue identification has improved in recent years but there are weaknesses in [the bank’s] ability to identify large potential issues from across multiple areas and sources of information; • issue escalation is also improving, but there are critical issues that do not rise to the senior leadership of the organisation; • issue resolution has been a significant problem for [the bank], which has often approached the process of fixing problems without adequate urgency or thoroughness.198

The following failings identified by APRA, all of which again track the relational effect path of the [TransTimeMon] (+)199 variable in section 9.1.2.1 of Stage 1 but in the negative (−) direction, have a coverage/rating of  −  8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • “limited systemic issue identification across [the Bank]”200: –– [BUFailRedFlagMultiBU] (−) – Banks – Business Units – Failure to Assess Issues Across Multiple Business Units  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)201; –– [BUFailRedFlagMultiSource] (−)  – Banks  – Business Units  – Failure to Aggregate Issues from Multiple Sources – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)202; –– [SecLineFailRedFlagMultiBU] (−) – Banks – 2nd Line Risk Management Function  – Failure to Assess Issues Across Multiple Business Units  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)203;

 APRA Final Report, above n 14, section 5, Issues Identification and Escalation, section 5.2.1 Issues escalated from staff, p 39. 198  Ibid. 199  See discussion in section 9.1.2.1 of Stage 1, above n 2. 200  APRA Final Report, above n 14, section 5, Issues Identification and Escalation, section 5.2.1 Issues escalated from staff, p 40. 201  Ibid. 202  Ibid. 203  Ibid. 197

1214

45  The Risk Management Function

–– [SecLineFailRedFlagMultiSource] (−)  – Banks  – 2nd Line Risk Management Function – Failure to Aggregate Issues from Multiple Sources of Data  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)204; –– [CROFailRedFlagDefineLikelihood] (−)  – Banks  – CRO  – Failure to Adequately Define ‘Likelihood’ of Emerging Risks – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-­ making, coverage/rating − 8/100.00 rprox (APRA)205; –– [CROFailRedFlagDefineImpact] (−) – Banks – CRO – Failure to Adequately Define ‘Impact’ of Emerging Risks  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-­making, coverage/rating − 8/100.00 rprox (APRA)206; and –– [CROFailRedFlagMultiBU] (−)  – Banks  – CRO  – Failure to Aggregate Risks Across Multiple Business Units  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)207; • “weakness in remediating issues” (generally)208: –– [BankFailRemedIDActions] (−) – Banks – Remediation Issues – Failure to Identify Appropriate Remediation Actions – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)209; and –– [BankFailRemedTimeRigour] (−) – Banks – Remediation Issues – Failure to Carry-Out Remediation Actions in Timely and Rigourous Manner  – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (APRA)210; • “remediation of audit issues”211: –– in the positive (+) direction: • [AudComReviewControls] (+)  – Banks  – Audit Committee  – Review Control Environment of Business Units (Annually)  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management,

 Ibid  Ibid. 206  Ibid. 207  Ibid. 208  Ibid. 209  Ibid. 210  Ibid. 211  Ibid. 204 205

45.10  APRA and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags… 1215

Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (APRA)212; • [IntAudTrack&MonIssue] (+) – Banks – Internal Audit Function – Track and Monitor Significant Audit Issues  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (APRA)213; • [IntAudReportAudCom] (+) – Banks – Internal Audit Function – Report Quarterly to Audit Committee on Audit Issues  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (APRA)214; • [IntAudFollowUpMan] (+) – Banks – Internal Audit Function – (Regular) Follow-Up of Management on Audit Issues – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (APRA)215; –– in the negative (−) direction: • [AudComTrack&MonIssue] (−) – Banks – Audit Committee – Failure to Track and Monitor Audit Issues Systematically – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-­making, coverage/rating − 8/100.00 rprox (APRA)216; • [AudComIssueClose] (−)  – Banks  – Audit Committee  – Failure of Oversight to Close Audit Issues with Urgency – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-­making, coverage/rating − 8/100.00 rprox (APRA)217; • [AudComOpenHighRating25%] (−)  – Banks  – Audit Committee  – Failure of Oversight with 25% of Open Audit Issues Rated ‘Very High’ or ‘High’ – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)218; • “board attention to long-outstanding issues”219: –– in the negative (−) direction: • [BrdTrack&MonLongOutIssues] (−)  – Banks  – Board  – Failure to Track and Monitor Long-Outstanding Issues – Reduction in Information  Ibid.  Ibid, p 41. 214  Ibid. 215  Ibid. 216  Ibid, pp 40–41. 217  Ibid, p 41. 218  Ibid. 219  Ibid. 212 213

1216

45  The Risk Management Function

Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-­making, coverage/rating − 8/100.00 rprox (APRA)220; • [BrdTrack&MonControlGaps] (−) – Banks – Board – Failure to Track and Monitor Significant Control Gaps – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-­ making, coverage/rating − 8/100.00 rprox (APRA)221; and • [BrdECReportResidualRisks] (−)  – Banks  – Board  – Failure of Reporting to Board and Executive Committee to Assess Residual Risk During Remediation of Long-Outstanding Issues  – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-­making, coverage/rating − 8/100.00 rprox (APRA)222; • “remediation of issues raised by staff”223: –– in the negative (−) direction: • [BankRiskManSyst] (−) – Banks – Risk Management System – Failure of System Features for Resolving Issues  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-­making, coverage/rating − 8/100.00 rprox (APRA)224; and • the content/features of this variable including a lack of: –– ‘high quality data inputs’; –– ‘advanced analytics’; and –– ‘tracking of risk mitigation’;225 • “project execution capabilities”226: –– in the negative (−) direction: • [ProjectXBUComm] (−)  – Banks  – Project Execution Capability  – Failure of Cross-Business Communication  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)227; and • [ProjectReviewOSight] (−)  – Banks  – Project Execution Capability  – Failure of Adequate Review and Oversight on Long Projects – Reduction in Information Flow  – Reduction in Quality of Risk Management,

 Ibid.  Ibid. 222  Ibid, p 42. 223  Ibid. 224  Ibid. 225  Ibid. 226  Ibid. 227  Ibid. 220 221

45.10  APRA and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags… 1217

Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (APRA).228 Westpac Issues and Incidents Identified by Westpac Employees229 The following failings identified by the Westpac Review Team, all of which again track the relational effect path of the [TransTimeMon] (+)230 variable in section 9.1.2.1 of Stage 1 but in the negative (−) direction, have a coverage/rating of  −  8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • issue identification: –– in the negative (−) direction: • [WBCIssueManNewIssuesReportByLOD] (−)  – Banks  – Westpac  – Issue and Incident Management – Issue Identification by Staff – Failure to Report Break-down of New Issues by LOD  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-­making, coverage/rating − 8/100.00 rprox (Westpac)231; –– in the positive (+) direction: • [WBCIssueManIssuesLogJUNO] (+)  – Banks  – Westpac  – Issue and Incident Management – Issue Identification by Staff – Issues Logged in JUNO System by Line 1  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decisionmaking, coverage/rating + 8/100.00 rprox (Westpac)232; • [WBCIssueManLine1SpeakUpCult] (+) – Banks – Westpac – Issue and Incident Management – Issue Identification by Staff – Line 1 Speak-Up Culture – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (Westpac)233; • [WBCIssueManRemRewardPosRiskBehave] (+) – Banks – Westpac – Issue and Incident Management  – Issue Identification by Staff  – Remuneration Reward for Positive Risk Behaviour by Identifying and Preventing an Issue – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/ rating + 8/100.00 rprox (Westpac)234;

 Ibid.  Westpac Review Team 2018, above n 33, section 7.1, pp 53–57. 230  See discussion in section 9.1.2.1 of Stage 1, above n 2. 231  Westpac Review Team 2018, above n 33, section 7.1.8, p 54. 232  Ibid, section 7.1.3, p 53 233  Ibid, section 7.1.4, p 54. 234  Ibid, section 7.1.5, p 54. 228 229

1218

45  The Risk Management Function

• [WBCIssueManSpeakUpCultTest&Report] (+)  – Banks  – Westpac  – Issue and Incident Management  – Issue Identification by Staff  – Line 1 Speak-Up Culture – Mechanisms to Test and Report Speak-Up Culture – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (Westpac)235; • WBCIssueManReportSnrMan&BRC] (+)  – Banks  – Westpac  – Issue and Incident Management – Issue Identification by Staff – Line 1 Speak-­Up Culture – Regular Reporting of Issues to Senior Management and BRC by Theme and Division – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (Westpac)236; and • [WBCIssueManSpeakUpCultDashMetric] (+)  – Banks  – Westpac  – Issue and Incident Management  – Issue Identification by Staff  – Line 1 Speak-Up Culture – “Safe to Speak-Up Metric” on Group Risk Appetite Dashboard – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (Westpac)237; • systemic issue identification: –– in the negative (−) direction: • [WBCIssueManManualAggData] (−)  – Banks  – Westpac  – Issue and Incident Management  – Systemic Issue Identification  – Systemic Issues Require Manual Aggregation of Data – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-­ making, coverage/rating  −  8/100.00 rprox (Westpac)238 including remediation by: –– aggregate systemic issue data within and across divisions; –– link information to other sources including customer complaint, whistleblower and business process data; –– identify thematic trends; and –– reporting of thematic trends and systemic issues to RISKCO and BRC239; • issue escalation: –– in the negative (−) direction: • [WBCIssueManAssessBreach&SignifError] (−) – Banks – Westpac – Issue and Incident Management  – Issue Escalation  – Assessment of  Ibid, section 7.1.6, p 54.  Ibid, section 7.1.7, p 54. 237  Ibid. 238  Ibid, sections 7.1.9–7.1.10 and Recommendation G18, p 54. 239  Ibid. 235 236

45.10  APRA and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags… 1219

Incident of Breach of Compliance Obligations and Significance by Staff without Adequate Compliance or Operational Risk Knowledge – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (Westpac)240; • [WBCIssueManComplyObNoControlLink] (−)  – Banks  – Westpac  – Issue and Incident Management  – Issue Escalation  – Compliance Obligation in JUNO Not Linked to Control  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (Westpac)241 including remediation by: –– ex-post sampling hindsight review; –– development of sampling methodology including minimum sample size; and –– hindsight reviews expanded for accuracy of significance assessments242; • reporting/escalation of high-rated issues to RISKCO and BRC: –– in the negative (−) direction: • [WBCIssueManNoFormalReportPolsHighRatedIss] (−)  – Banks  – Westpac – Issue and Incident Management – Issue Reporting – Lack of Formal Requirements in Issue Frameworks/Policies to Report High-Rated Issues and Near Misses to RISKCO and BRC – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-­making, coverage/rating − 8/100.00 rprox (Westpac)243 including remediation by: –– comprehensive reporting practices for significant and material issues to RISKCO and BRC244; and –– formalising existing practices in issue policies and frameworks245; • [WBCIssueManNoReportNearMiss] (−) – Banks – Westpac – Issue and Incident Management – Issue Reporting – No Mechanism to Report Near-­ misses to RISKCO and BRC – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (Westpac)246 including remediation by:

 Ibid, section 7.1.11, pp 54–55.  Ibid, section 7.1.12, p 55. 242  Ibid, sections 7.1.13–7.1.14 and Recommendation G19, p 55. 243  Ibid, section 7.1.15, p 55. 244  Ibid, section 7.1.16, p 55. 245  Ibid, section7.1.17 and Recommendation G20, pp 55–56. 246  Ibid, section 7.1.18, p 55. 240 241

1220

45  The Risk Management Function

–– formalising policies for reporting significant near-misses to RISKCO and BRC247; and • [WBCIssueManJUNOSystManualStakeholder] (−)  – Banks  – Westpac  – Issue and Incident Management  – Issue Reporting  – JUNO System Requires Employee to Manually Add Stakeholder to be Notified – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (Westpac)248 including remediation by: –– version upgrades of JUNO249; • issue resolution and closure: –– in the negative (−) direction: • [WBCIssueManOpenIssuesLT] (−)  – Banks  – Westpac  – Issue and Incident Management – Issue Resolution and Closure – Open Issues which are Long-standing – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (Westpac)250; • [WBCIssueManOpenIssuesExtended] (−)  – Banks  – Westpac  – Issue and Incident Management – Issue Resolution and Closure – Open Issues which are Extended  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/ rating − 8/100.00 rprox (Westpac)251; • [WBCIssueManOpenIssuesExtend > 1] (−) – Banks – Westpac – Issue and Incident Management – Issue Resolution and Closure – Open Issues which are Extended more than Once – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-­ making, coverage/rating − 8/100.00 rprox (Westpac)252; • [WBCIssueManOpenIssesNotClosed] (−)  – Banks  – Westpac  – Issue and Incident Management – Issue Resolution and Closure – Open Issues Identified by Line 1 Not Effectively Closed  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-­making, coverage/rating  −  8/100.00 rprox (Westpac)253 remediated by:

 Ibid, Recommendation G20, pp 55–56.  Ibid, section 7.1.19, p 56. 249  Ibid, Recommendation G21, p 56. 250  Ibid, section 7.1.20, p 56. 251  Ibid. 252  Ibid. 253  Ibid, section 7.1.21, p 56. 247 248

45.10  APRA and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags… 1221

–– –– –– ––

review design of remedial actions; review initial response; deal with root causes and mitigate risks fully; and track issues closed which are subsequently re-opened254;

• [WBCIssueManOpenIssesFactors] (−) – Banks – Westpac – Issue and Incident Management – Issue Resolution and Closure – Factors Why Open Issues Identified by Line 1 Not Effectively Closed  – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (Westpac)255 including perception that no action taken if: –– –– –– ––

there is no regulator or media scrutiny; lack of transparency in relation to planned action; cost of fixing is perceived as too high; longer time needed than expected because of system complexity and dependencies; –– risk and compliance capability gaps: • in identifying root causes; • closure actions not appropriate to prevent reoccurrence; –– insufficient organisational emphasis on execution; –– inertia in analysis and rectification stage; and –– greater emphasis on issues identification than assessment, resolution and closure in policies and frameworks of JUNO;256 –– in the positive (+) direction: • [WBCIssueManOpenIssuesProg] (+)  – Banks  – Westpac  – Issue and Incident Management  – Issue Resolution and Closure  – Program Development  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/ rating + 8/100.00 rprox (Westpac) including257: –– training employees across 3 LOD to identify and analyse root causes and effective actions; and –– ensure accountability for timely and effective closure through remuneration and consequence management frameworks258;

 Ibid.  Ibid, section 7.1.22, pp 56–57. 256  Ibid. 257  Ibid, Recommendation G22, p 57. 258  Ibid. 254 255

1222

45  The Risk Management Function

45.11 APRA259 and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags’ from Customers APRA APRA sets out in its Final Report some weaknesses in addressing customer ‘issues’ as opposed to ‘satisfaction’: In the Panel’s view, some of the weaknesses in addressing issues raised by customers stem from the distinction between customer satisfaction and the treatment of customer complaints. In particular, the Panel has found: • there has been too much focus on short-term, aggregate customer satisfaction metrics and not enough focus on resolving the tail of extreme examples of poor customer experience; and • identification of systemic issues from customer complaints has been weak.260

The following failings identified by APRA, all of which again track the relational effect path of the [TransTimeMon] (+)261 variable in section 9.1.2.1 of Stage 1 but in the negative (−) direction, have a coverage/rating of  −  8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • “excessive focus on short-term, aggregate view of customer satisfaction”262: –– in the negative (−) direction for the board: • [BrdCustFailRedFlagMetrics] (−) – Banks – Board – Failure of Metrics and Analysis of Customer Complaints – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-­ making, coverage/rating − 8/100.00 rprox (APRA)263; • [BrdCustFailRedFlagSystRisk] (−) – Banks – Board – Failure to Review Systemic Risks from Customer Complaints  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-­making, coverage/rating − 8/100.00 rprox (APRA)264; • [BrdCustFailRedFlagIndiv] (−)  – Banks  – Board  – “Reporting to the Board on Aggregate Customer Satisfaction” – Failure to Review Individual Customer Complaints  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/ rating − 8/100.00 rprox (APRA)265; and

 APRA Final Report, above n 14, section 5, section 5, Issues Identification and Escalation, section 5.2.2 Issues escalated from customers, p 43. 260  Ibid. 261  See discussion in section 9.1.2.1 of Stage 1, above n 2. 262  APRA Final Report, above n 14, section 5, Issues Identification and Escalation, section 5.2.2 Issues escalated from customers, p 43. 263  Ibid. 264  Ibid. 265  Ibid. 259

45.11  APRA and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags… 1223

• [BrdCustFailRedFlagSevere] (−) – Banks – Board – Failure to Review ‘Severe’ Individual Customer Complaints  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-­making, coverage/rating − 8/100.00 rprox (APRA)266; • Westpac Review Team identifies an omission in customer complaint reporting to the Board in the negative (−) direction267: –– [WBCBrdCustFailRedFlagTail] (−)  – Banks  – Board  – Failure of Customer Complaints Dashboard to Board – Failure to Report Negative ‘Tail’ of Most Serious and Extreme Customer Complaints – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (Westpac); –– in the negative (−) direction for the Executive Committee: • [ECmCustFailRedFlagEscalate] (−) – Banks – Executive Committee – Failure of Process to Escalate “Risks Arising from Severe Individual Complaints to Executive Committee” – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-­ making, coverage/rating − 8/100.00 rprox (APRA)268; –– in the positive (+) direction for the board: • [BrdCustRedFlagTrends] (+) – Banks – Board – Analysis of Trends in Customer Complaints by Volume and Topic – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (APRA)269; • [BrdCustRedFlagAnalyse] (+) – Banks – Board – Metrics and Analysis of Customer Complaints  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decisionmaking, coverage/rating + 8/100.00 rprox (APRA)270; • [BrdCustRedFlagSystRegBr] (+)  – Banks  – Board  – Analysis of Systemic Issues in Customer Complaints Giving Rise to Regulatory Breach – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (APRA)271; • [BrdCustRedFlagSystReput] (+) – Banks – Board – Analysis of Systemic Issues in Customer Complaints Giving Rise to Reputational D ­ amage  –  Ibid.  Westpac Review Team 2018, above n 33, section 5.3.3 and Recommendation G5, p 35. 268  APRA Final Report, above n 14, section 5, Issues Identification and Escalation, section 5.2.2 Issues escalated from customers, p 43. 269  Ibid, p 44. 270  Ibid. 271  Ibid, p 45. 266 267

1224

45  The Risk Management Function

Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (APRA)272; • [BrdCustRedFlagIndivMat] (+) – Banks – Board – Analysis of Individual Material Customer Complaints Giving Rise to Regulatory Breach or Reputational Damage – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (APRA)273; • [BrdCustRedFlagRemedStatus] (+)  – Banks  – Board  – Reporting of Remediation Status of Individual Material Customer Complaints – Closure, Extension or Delay – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/ rating + 8/100.00 rprox (APRA)274; • Westpac Review Team identifies significant enhancements in customer complaint reporting to the Board in the positive (+) direction275: –– [WBCBrdCustRedFlagDashboard] (+) – Banks – Board – Reporting of Customer Complaints Dashboard to Board  – Enhancement in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (Westpac) including trend analysis and reporting of276: • • • • • • • • •

new complaints received; long-dated customer complaints; top five complaint themes; new complaints by division; open complaints; average days to resolution; narrative on insights and actions; detailed reporting by division; and selection of individual customer complaints277;

–– in the positive (+) direction for the Executive Committee: • [ECmCustRedFlagTrends] (+)  – Banks  – Executive Committee  – Analysis of Trends in Customer Complaints by Volume and Topic  – Enhancement in Information Flow  – Enhancement in Quality of Risk

 Ibid.  Ibid. 274  Ibid. 275  Westpac Review Team 2018, above n 33, section 5.3.2, p 35. 276  Ibid. 277  Ibid. 272 273

45.11  APRA and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags… 1225

•

•

•

•

•

Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (APRA)278; [ECmCustRedFlagAnalyse] (+)  – Banks  – Executive Committee  – Metrics and Analysis of Customer Complaints  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (APRA)279; [ECmCustRedFlagSystRegBr] (+)  – Banks  – Executive Committee  – Analysis of Systemic Issues in Customer Complaints Giving Rise to Regulatory Breach – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/ rating + 8/100.00 rprox (APRA)280; [ECmCustRedFlagSystReput] (+)  – Banks  – Executive Committee  – Analysis of Systemic Issues in Customer Complaints Giving Rise to Reputational Damage  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (APRA)281; [ECmCustRedFlagIndivMat] (+)  – Banks  – Executive Committee  – Analysis of Individual Material Customer Complaints Giving Rise to Regulatory Breach or Reputational Damage – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (APRA)282; [ECmCustRedFlagRemedStatus] (+) – Banks – Executive Committee – Reporting of Remediation Status of Individual Material Customer Complaints – Closure, Extension or Delay – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (APRA)283;

• “weak proactive identification and remediation of systemic customer issues”284: –– in the negative (−) direction for the board: • [BrdCustFailRedFlagSystRisk] (−) variable in this Sect. 45.11 above; • [BrdCustFailRedFlagSystRiskMulti] (−) – Banks – Board – Failure to Analyse Customer Complaints from Multiple Sources to Identify Systemic Issues  – Reduction in Information Flow  – Reduction in Quality of Risk

 APRA Final Report, above n 14, section 5, Issues Identification and Escalation, section 5.2.2 Issues escalated from customers, p 44. 279  Ibid. 280  Ibid, p 45. 281  Ibid. 282  Ibid. 283  Ibid. 284  Ibid. 278

1226

45  The Risk Management Function

•

•

•

•

•

Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)285; [BrdCustFailRedFlagSystRiskFTE] (−)  – Banks  – Board  – Failure to Dedicate Sufficient FTE Human Resources to Analyse Customer Complaints to Identify Systemic Issues – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decisionmaking, coverage/rating − 8/100.00 rprox (APRA)286; [BrdCustFailRedFlagSystRiskRoot] (−) – Banks – Board – Failure to Analyse Customer Complaints for Root Causes – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)287; [BrdCustFailRedFlagSystRiskGov] (−)  – Banks  – Board  – Failure to Provide Clear Governance for Resolving Root Causes of Customer Complaints  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)288; [BrdCustFailRedFlagSystRiskProc] (−)  – Banks  – Board  – Failure to Provide Manual Processes for Resolving Root Causes of Customer Complaints  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)289; [BrdCustFailRedFlagSystRiskIncent] (−) – Banks – Board – Failure to Provide Staff Incentives for Resolving Root Causes of Customer Complaints  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)290;

–– in the positive (+) direction for the board: • [BrdCustRedFlagSystRiskData] (+)  – Banks  – Board  – Investment in Data and Analytics to Analyse Customer Complaints Data – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (APRA)291; • [BrdCustRedFlagSystRiskRes] (+)  – Banks  – Board  – Provision of Resources for Identification and Analysis of Systemic Risk Issues from Customer Complaints – Enhancement in Information Flow – E ­ nhancement

 Ibid.  Ibid. 287  Ibid. 288  Ibid. 289  Ibid. 290  Ibid. 291  Ibid. 285 286

45.11  APRA and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags… 1227

in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (APRA)292; and • [BrdCustRedFlagSystRiskTech] (+)  – Banks  – Board  – Provision of Technology for Identification and Analysis of Systemic Risk Issues from Customer Complaints – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (APRA).293 Westpac Customer Complaints The following failings identified by the Westpac Review Team all of which again track the relational effect path of the [TransTimeMon] (+)294 variable in section 9.1.2.1 of Stage 1 but in the negative (−) direction, have a coverage/rating of  −  8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • in the positive (+) direction: –– [WBCCustRedFlagComplaintsManPol] (+) – Banks – WBCCustRedFlag – Westpac Group Complaints Management Policy for Process of Handling Customer Complaints – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/ rating + 8/100.00 rprox (Westpac)295; –– [WBCCustRedFlagCustSolnsTeam] (+)  – Banks  – WBCCustRedFlag  – Complex Complaints Referred to Customer Solutions Team – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (Westpac)296; –– [WBCCustRedFlagEscalCustAdvo] (+)  – Banks  – WBCCustRedFlag  – Escalation to Westpac Customer Advocate  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-­making, coverage/rating + 8/100.00 rprox (Westpac)297 including: • overturning decisions up to $1 million per matter298; –– [WBCCustRedFlagGrpComplaintsManStnd] (+)  – Banks  – WBCCustRedFlag – Westpac Group Complaints Management Standard for Handling Customer Complaints  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decisionmaking, coverage/rating + 8/100.00 rprox (Westpac)299 including:

 Ibid.  Ibid. 294  See discussion in section 9.1.2.1 of Stage 1, above n 2. 295  Westpac Review Team 2018, above n 33, section 7.3.1, p 58. 296  Ibid, section 7.3.2, p 58. 297  Ibid, section 7.3.3, p 58. 298  Ibid. 299  Ibid, section 7.3.5, p 58. 292 293

1228

45  The Risk Management Function

• group-wide minimum standard; • remediation of division-specific approaches; • enhanced reporting practices including Customer Complaints Dashboard ([WBCBrdCustRedFlagDashboard] (+) variable in this Sect. 45.11 above);300 and • “should we?” to be further embedded in decisions on handling customer complaints;301 Westpac Identification of Systemic Customer Complaints • in the positive (+) direction: –– [WBCCustRedFlagComplaintsEnhance] (+) – Banks – WBCCustRedFlag – Enhancements to Customer Complaint Reporting  – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (Westpac)302 including: • analysis of root cause by theme303; • in the negative (−) direction: –– [WBCCustRedFlagFailNoSystReport] (−) – Banks – WBCCustRedFlag – Systemic Customer Complaints Not Reported  – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-­ making, coverage/rating  −  8/100.00 rprox (Westpac)304 including factors/ reasons: • nine different complaints management systems requiring manual aggregation of data to identify similar complaints305 including remediation: –– single customer complaints system/platform306; –– [WBCCustRedFlagFailNo5DaysReport] (−) – Banks – WBCCustRedFlag – No Recording of Customer Complaints Resolved Within 5 Business Days – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (Westpac)307 including remediation: • new requirement in Group Complaints Management Policy;308 and • include indicators of systemic customer complaints by product, business unit and geography309;  Ibid.  Ibid, section 7.3.6, p 58. 302  Ibid, section 7.3.7, p 58. 303  Ibid. 304  Ibid, section 7.3.7, p 58. 305  Ibid, section 7.3.8, p 58. 306  Ibid, Recommendation G23, p 59. 307  Ibid, section 7.3.9, p 59. 308  Ibid. 309  Ibid, Recommendation G24, p 59. 300 301

45.11  APRA and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags… 1229

Westpac Customer Complaint Reporting –– in the positive (+) direction: • see [WBCBrdCustRedFlagDashboard] (+) variable in this Sect. 45.11 above310; • [WBCCustRedFlagLife&GenInsCCR] (+) – Banks – WBCCustRedFlag – Transitioning of Life and General Insurance Complaints from BT Financial Group to Customer & Corporate Relations Division  – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-­ making, coverage/rating  +  8/100.00 rprox (Westpac)311 including: –– specialist skills and knowledge not inconsistent with CCR responsibility312; –– high conduct and reputational risk arising from insurance matters requiring consistency to other customers313; –– consistency in data collection, structure and presentation across all divisions for easier Group-wide aggregation and systemic issue identification314; • in the negative (−) direction: –– see [WBCBrdCustFailRedFlagTail] (−) variable in this Sect. 45.11 above315; –– [WBCCustRedFlagFailCond&RepRisk] (−) – Banks – WBCCustRedFlag – No Recording in Customer Complaints Dashboard of Other Long-­ dated Complaints Matters Carrying Conduct and Reputation Risk – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (Westpac)316 including remediation: • extended classification and reporting of long-dated customer matters in Customer Complaints Dashboard ([WBCBrdCustRedFlagDashboard] (+) in this Sect. 45.11 above) including: –– general and life insurance claims; –– collections matters; and –– legal disputes;317 –– [WBCCustRedFlagFailExecScore] (−) – Banks – WBCCustRedFlag – No Recording of Customer Complaints or Issues Directly in Group Executive  Ibid, section 7.3.10, p 59.  Ibid, Recommendation G27, p 60. 312  Ibid, section 7.3.13, p 59. 313  Ibid, section 7.3.14, pp 59–60. 314  Ibid, section 7.3.15, p 60. 315  Ibid, section 7.3.11 and Recommendation G25, p 59. 316  Ibid, section 7.3.12, p 59. 317  Ibid, section 7.3.12 and Recommendation G26, p 59. 310 311

1230

45  The Risk Management Function

Scorecards – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (Westpac)318 including failure to record: • systemic issues; • negative customer ‘tail’; and • long-dated complaints.319 Westpac Escalation of Customer Complaints –– in the negative (−) direction: • [WBCCustRedFlagFailCompOpRiskAssess] (−)  – Banks  – WBCCustRedFlag – No Consultation with Compliance or Operational Risk when Assessing Customer Complaints  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (Westpac)320 including remediation: –– Compliance and Operational Risk functions to be engaged for complaints relating to compliance obligations or operational risk including materiality/severity levels321; Westpac Identification of Vulnerable Customers –– in the negative (−) direction: • [WBCCustRedFlagFailVulnCusts] (−)  – Banks  – WBCCustRedFlag –Failure to Identify Vulnerable Customers – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (Westpac)322 including factors/reasons: –– manual processes; and –– inadequate vulnerability indicia;323 –– in the positive (+) direction: • [WBCCustRedFlagIDVulnCusts] (+)  – Banks  – WBCCustRedFlag  – Initiatives to Enhance Identification of Vulnerable Customers – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (Westpac)324 including: –– analyse verbatim feedback;  Ibid, section 7.3.16 and Recommendation G28, p 60.  Ibid. 320  Ibid, section 7.3.17, p 60. 321  Ibid, Recommendation G29, p 60. 322  Ibid, section 7.3.18, p 60. 323  Ibid. 324  Ibid, section 7.3.19, p 60. 318 319

45.12  APRA and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags… 1231

–– Vulnerable Customer Index criteria; –– manually review long-outstanding customer complaints; and –– Vulnerable Customer Action Plan;325

45.12 APRA326 and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags’ from Regulators and Whistleblowers APRA The following failings identified by APRA, all of which again track the relational effect path of the [TransTimeMon] (+)327 variable in section 9.1.2.1 of Stage 1 but in the negative (−) direction, have a coverage/rating of  −  8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • “issues escalated from regulators”328: –– in the negative (−) direction: • [FailRegRedFlagLegalRisk] (−)  – Banks  – Responding to Regulatory Issues Raised by Regulators  – Legal Interpretation put before Risk  – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (APRA)329; • [FailRegRedFlagLegalCust] (−)  – Banks  – Responding to Regulatory Issues Raised by Regulators  – Legal Interpretation put before Customer Outcomes – Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)330; • [FailRegRedFlagSlow] (−) – Banks – Responding to Regulatory Issues Raised by Regulators – Slowness or Disinterest in Responding – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-­ making, coverage/rating  −  8/100.00 rprox (APRA)331; • [FailRegRedFlagPriority] (−)  – Banks  – Responding to Regulatory Issues Raised by Regulators – Failure to Prioritise Concerns – Reduction  Ibid.  APRA Final Report, above n 14, section 5, Issues Identification and Escalation, section 5.2.3 Issues escalated from regulators, p 45. 327  See discussion in section 9.1.2.1 of Stage 1, above n 2. 328  APRA Final Report, above n 14, section 5.2.3 Issues escalated from regulators, p 45. 329  Ibid, p 46. 330  Ibid. 331  Ibid. 325 326

1232

45  The Risk Management Function

in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-­ making, coverage/rating  −  8/100.00 rprox (APRA)332; and • [FailRegRedFlagDelay] (−) – Banks – Responding to Regulatory Issues Raised by Regulators – Delay in Complying with Regulatory Requests -– Reduction in Information Flow – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (APRA).333 Westpac Issues Escalated from Regulators The following issues identified by the Westpac Review Team, all of which again track the relational effect path of the [TransTimeMon] (+)334 variable in section 9.1.2.1 of Stage 1 but in the negative (−) direction, have a coverage/rating of  −  8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • issues escalated from regulators: –– in the negative (−) direction: • [WBCRegRedFlagRegIssueExtend] (−)  – Banks  – Board  – WBCRegRedFlag – Issues Identified by Regulators and External Parties – Issues Identified by Regulator Extended More than Employee-identified Issues  – Reduction in Information Flow  – Reduction in Quality of Risk Management, Monitoring and Decision-­ making, coverage/rating − 8/100.00 rprox (Westpac)335 including factors/reasons: –– regulator issues are more substantive and systemic; –– more intense pre-closure scrutiny by management, Group Audit and regulator; and –– urgency can reduce the time spent in comprehensive consideration of action before targeted dates336; –– in the positive (+) direction: • [WBCRegRedFlagRegResponseHigh] (+)  – Banks  – Board  – WBCRegRedFlag – Issues Identified by Regulators and External Parties – Issues Identified by Regulator Given Highest Priority – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (Westpac)337 including:

 Ibid.  Ibid. 334  See discussion in section 9.1.2.1 of Stage 1, above n 2. 335  Westpac Review Team 2018, above n 33, section 7.2.3, p 57. 336  Ibid, section 7.2.4, p 57. 337  Ibid, section 7.2.1, p 57. 332 333

45.12  APRA and Westpac Review Team 2018 Identify Failures to Escalate ‘Red Flags… 1233

–– establish governance structures to oversee and manage response;338 and –– prompt and comprehensive reports to RISKCO and BRC;339 Westpac Issues Identified by Whistleblowers The following issues identified by Westpac, all of which again track the relational effect path of the [TransTimeMon] (+)340 variable in section 9.1.2.1 of Stage 1 but in the negative (−) direction, have a coverage/rating of −8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • issues identified by whistleblowers: –– in the positive (+) direction: • [WBCWhistleRedFlagEnhanceFrames] (+)  – Banks  – Board  – WBCWhistleRedFlag – Issues Identified by Whistleblowers – Enhancement of Frameworks and Practices to Manage Issues Raised by Whistleblowers – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (Westpac)341; • [WBCWhistleRedFlagABAPrin] (+)  – Banks  – Board  – WBCWhistleRedFlag  – Issues Identified by Whistleblowers  – ABA Guiding Principles “Improving Protections for Whistleblowers”  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (Westpac)342; • [WBCWhistleRedFlagBench&UpliftFrame] (+)  – Banks  – Board  – WBCWhistleRedFlag  – Issues Identified by Whistleblowers  – Benchmarking and Uplift of Whistleblower Frameworks and Practices – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (Westpac)343; • [WBCWhistleRedFlagReportPractsDetail] (+)  – Banks  – Board  – WBCWhistleRedFlag – Issues Identified by Whistleblowers – Enhanced Reporting for More Detail for Board and Executive Team – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (Westpac)344;

 Ibid.  Ibid, section 7.2.2, p 57. 340  See discussion in section 9.1.2.1 of Stage 1, above n 2. 341  Westpac Review Team 2018, above n 33, section 7.4.1, p 61. 342  Ibid. 343  Ibid, section 7.4.2, p 61. 344  Ibid, section 7.4.3, p 61. 338 339

1234

45  The Risk Management Function

• [WBCWhistleRedFlagAutoRecord] (+)  – Banks  – Board  – WBCWhistleRedFlag – Issues Identified by Whistleblowers – Automation of System to Record Whistleblower Concerns  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-­ making, coverage/rating  +  8/100.00 rprox (Westpac)345; • [WBCWhistleRedFlagGrpWideApproach] (+)  – Banks  – Board  – WBCWhistleRedFlag  – Issues Identified by Whistleblowers  – Single Group-Wide Approach for Consistency in Whistleblower Investigations – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (Westpac)346; • WBCWhistleRedFlagAwareCampaign] (+)  – Banks  – Board  – WBCWhistleRedFlag  – Issues Identified by Whistleblowers  – Regular Awareness Campaign for “Speak Up” Culture  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  +  8/100.00 rprox (Westpac)347; and • WBCWhistleRedFlagOversight&PractGrp] (+)  – Banks  – Board  – WBCWhistleRedFlag – Issues Identified by Whistleblowers – Oversight Group and Practice Group for Whistleblower Governance and Integrated Initiatives – Enhancement in Information Flow – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 8/100.00 rprox (Westpac).348

45.13 APRA349 Identifies Failures in Financial Objectives and Prioritisation APRA identifies the competing interests of a bank balancing three limbs – firstly shareholder value against, secondly, risk management, conduct and reputation and, thirdly, customer outcomes: In a large organisation such as [the bank], trade-off decisions are made every day at all levels. When making such decisions, a balance is required between, on the one hand, financial discipline and shareholder value considerations (the ‘voice of finance’) and, on the other, considerations of risk management, including aspects of a conduct and reputational nature (the ‘voice of risk’), and of good customer outcomes (the ‘customer voice’). Importantly, these latter considerations include the ‘should we?’ reflection in decisions [the bank] makes, especially with regard to customers.350  Ibid.  Ibid, section 7.4.4 and Recommendation G30, p 61. 347  Ibid, section 7.4.5, p 61. 348  Ibid, section 7.4.6, p 61. 349  APRA Final Report, above n 14, section 6, Financial Objectives and Prioritisation, p 47. 350  Ibid. 345 346

45.13  APRA Identifies Failures in Financial Objectives and Prioritisation

1235

APRA concluded there was an imbalance in two areas: The Panel observed imbalance between the ‘voice of finance’ on the one hand, and the ‘voice of risk’ and the ‘customer voice’ on the other, in two areas: • [the bank’s] investment prioritisation process (IPP) in design and practice has generally only addressed risk, compliance and resilience issues on a reactive basis once these become ‘high rated’ issues; and • trade-off decisions in which financial objectives were implicitly prioritised over the ‘customer voice’.351

The following failings identified by APRA, all of which again track the relational effect path of the [BrdSkills] (+)352 variable in section 7.3.1.2.1 of Stage 1353 but in the negative (−) direction, have a coverage/rating of − 7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • “adequate investment in response to ‘high rated’ issues”354: –– in the positive (+) direction: • [ECmInvestHighRatedMand] (+)  – Banks  – Executive Committee  – Investment in ‘Mandatory’/Compliance Obligation Projects – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 7/87.50 rprox (APRA)355; • [ECmInvestHighRatedRiskMit] (+) – Banks – Executive Committee – Investment in Risk Mitigation Projects – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating + 7/87.50 rprox (APRA)356; • “limited scope for proactive investment in risk and compliance before ‘high rated’ issues arise”357: –– in the negative (−) direction: • [ECmFailInvestMedRated] (−)  – Banks  – Executive Committee  – Failure of Investment in Medium Rated Projects before High Status  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 7/87.50 rprox (APRA)358; • [ECmFailInvestMandCriteria] (−)  – Banks  – Executive Committee  – Failure of Investment in Medium Rated Projects before High Status  –  Ibid.  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp 198–201. 353  Ibid. 354  APRA Final Report, above n 14, section 6, Financial Objectives and Prioritisation, section 6.2.1, Investment prioritisation, p 49. 355  Ibid. 356  Ibid. 357  Ibid, p 50. 358  Ibid. 351 352

1236

45  The Risk Management Function

•

•

•

•

•

•

•

Proposal Criteria for Mandatory Projects – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 7/87.50 rprox (APRA)359; [ECmFailInvestRiskMitCriteria] (−) – Banks – Executive Committee – Failure of Investment in Medium Rated Projects before High Status  – Proposal Criteria for Risk Mitigation Projects – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 7/87.50 rprox (APRA)360; [ECmFailInvestInfraResilCriteria] (−)  – Banks  – Executive Committee – Failure of Investment in Medium Rated Projects before High Status – Proposal Criteria for Infrastructure Resilience Projects – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 7/87.50 rprox (APRA)361; [ECmFailInvestRiskAssess] (−)  – Banks  – Executive Committee  – Failure to have “Comprehensive Written Risk Assessment” for Submission to Executive Committee  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  7/87.50 rprox (APRA)362; [ECmFailInvestRiskReject] (−)  – Banks  – Executive Committee  – Failure to have Risk Assessment of Rejected Projects on Risk Profile  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 7/87.50 rprox (APRA)363; [ECmFailInvestRiskDefer] (−) – Banks – Executive Committee – Failure to have Risk Assessment of Deferred Projects on Risk Profile – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 7/87.50 rprox (APRA)364; [ECmFailInvestRiskCumul] (−)  – Banks  – Executive Committee  – Failure to have Assessment of Cumulative Risk of Rejected and Deferred Projects Over Time on Risk Profile  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 7/87.50 rprox (APRA)365; and [ECmFailInvestRiskProgramTime] (−)  – Banks  – Executive Committee  – Failure of Timely Business Case or Timely Execution of Endorsed Program for Mandatory/Compliance, Risk Mitigation and Infrastructure Resilience Projects  – Reduction in Quality of Risk

 Ibid.  Ibid. 361  Ibid. 362  Ibid, p 51. 363  Ibid. 364  Ibid. 365  Ibid. 359 360

45.13  APRA Identifies Failures in Financial Objectives and Prioritisation

1237

Management, Monitoring and Decision-making, coverage/rating − 7/87.50 rprox (APRA)366; • “the ‘CRO Backlog”367: –– in the negative (−) direction: • [ECmFailInvestRiskCROBacklog] (−) – Banks – Executive Committee – Failure to Fund or Progress Mandatory/Compliance, Risk Mitigation and Infrastructure Resilience Projects  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 7/87.50 rprox (APRA)368; • “further examples illustrating [the Bank’s] approach to investment trade-off decisions”369: –– in the negative (−) direction: • [ECmFailInvestRiskTopTen] (−)  – Banks  – Executive Committee  – Failure to Fund or Progress “Top Ten” Risk or Control Issues – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating − 7/87.50 rprox (APRA),370 the content/features of this variable including the following issues: –– –– –– –– –– ––

data management; supplier risk; conduct risk; manual controls; end-to-end controls; and AML-CTF371;

• [ECmFailInvestRiskSTTradeOff] (−) – Banks – Executive Committee – Deferring or Restricting Expenditure on Mandatory/Compliance, Risk Mitigation and Infrastructure Resilience Projects to Achieve Short-Term Financial Objectives  – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  7/87.50 rprox (APRA)372; • [ECmFailInvestRiskPrioritise] (−)  – Banks  – Executive Committee  – Failure to Prioritise Investment in Mandatory/Compliance, Risk Mitigation and Infrastructure Resilience Projects Prior to ‘High Rated’ Status  –

 Ibid.  Ibid. 368  Ibid. 369  Ibid. 370  Ibid, p 52. 371  Ibid. 372  Ibid. 366 367

1238

45  The Risk Management Function

Interim Remediation Period – Reduction in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  −  7/87.50 rprox (APRA)373; • [ECmFailInvestRiskScaleBack (−)  – Banks  – Executive Committee  – Failure to ‘Scale Back’ Investment in ‘Growth’ Proposals to Prioritise Mandatory/Compliance, Risk Mitigation and Infrastructure Resilience Projects Prior to ‘High Rated’ Status  – Interim Remediation Period  – Reduction in Quality of Risk Management, Monitoring and Decision-­ making, coverage/rating − 7/87.50 rprox (APRA)374; and • [ECmFailInvestRiskManTime] (−)  – Banks  – Executive Committee  – Failure to Redirect Management Attention to Prioritise Investment in Mandatory/Compliance, Risk Mitigation and Infrastructure Resilience Projects Prior to ‘High Rated’ Status  – Interim Remediation Period  – Reduction in Quality of Risk Management, Monitoring and Decisionmaking, coverage/rating − 7/87.50 rprox (APRA)375; –– in the positive (+) direction: • [ECmInvestRiskCustPriority] (+)  – Banks  – Executive Committee –– Emphasise “the ‘Should We?’ Question in All Interactions with Customers and Key Decisions Relating to Customers”  – To Prioritise Mandatory/ Compliance, Risk Mitigation and Infrastructure Resilience Projects Prior to ‘High Rated’ Status – Enhancement in Quality of Risk Management, Monitoring and Decision-making, coverage/rating  +  7/87.50 rprox (APRA).376

45.14 Compliance as Part of the Second Line of Defence The compliance function is of course related to the Compliance Factor No 2: Corporate Governance and Legal Compliance377 and constitutes the BCBS’ Principle 9 which extends to all applicable laws, regulations, internal policies,378 procedures and other “compliance manuals, internal codes of conduct and practice guidelines”.379 For the BCBS, the compliance function must be independent of management and directly report to the board: • The compliance function is independent from management to avoid undue influence or obstacles as that function performs its duties. The compliance function should directly

 Ibid, Recommendation 20, p 53.  Ibid, p 53. 375  Ibid, Recommendation 20, p 53. 376  Ibid, Recommendation 21, p 55. 377  Compliance Factor No 2 is discussed in section 2.6.2 of Stage 1, above n 2, pp 41–43. 378  BCBS Guidelines 2015, above n 9, Para 132, p 31. 379  Ibid, Para 135, p 31. 373 374

45.14  Compliance as Part of the Second Line of Defence

1239

report to the board, as appropriate, on the bank’s efforts in the above areas and on how the bank is managing its compliance risk380; [and] • To be effective, the compliance function must have sufficient authority, stature, independence, resources and access to the board. Management should respect the independent duties of the compliance function and not interfere with their fulfillment. As previously noted, there should be no “dual hatting” by the head of the compliance function.381

The Stage 2 relational approach Key Code and Advanced Handbook here introduces new governance variables to represent the compliance function component of the Second Line of defence as required by the BCBS. These variables are hypothesized to be ‘strong’ versions of the [BrdSkills] (+)382 variable. The behaviours of these ‘second line of defence’ variables are hypothesized to be identical to the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the same positive (+) direction to reflect an enhancement in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5). Alternatively, there is an enhancement in the quality of decision-­ making (Decision-making Factor No 7) and/or an enhancement in the Reporting Factor No 1 (Transparency, Timing and Integrity of Financial and other Reports). Thus, the following governance variables track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • [SecLineComplyLaws] (+) – Banks – 2nd Line Risk Management Function – Compliance of Bank Activities with Applicable Laws  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox (BCBS); • [SecLineComplyRegs] (+) – Banks – 2nd Line Risk Management Function – Compliance of Bank Activities with Applicable Regulations – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (BCBS); • [SecLineComplyPolicy] (+) – Banks – 2nd Line Risk Management Function – Compliance of Bank Activities with Internal Policies  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox (BCBS); • [SecLineComplyProced] (+) – Banks – 2nd Line Risk Management Function – Compliance of Bank Activities with Internal Procedures – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox (BCBS); • [SecLineComplyManual] (+) – Banks – 2nd Line Risk Management Function – Compliance of Bank Activities with Compliance Manuals  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (BCBS);

 Ibid, Para 136, p 31.  Ibid, Para 137, p 31. 382  Board  – Director Skills ‘Mix’  – see discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp 198–201. 380 381

1240

45  The Risk Management Function

• [SecLineComplyCodes*] (+) – Banks – 2nd Line Risk Management Function – Compliance of Bank Activities with Internal Codes of Conduct – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (BCBS) – interim (*) variable – see Sect. 29.2 above including: –– ‘Bank Codes of Conduct and Ethics for NEDs’ interim (*) governance variables in Sect. 29.2 above; and • [SecLineComplyPractGuides] (+)  – Banks  – 2nd Line Risk Management Function  – Compliance of Bank Activities with Practice Guidelines  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (BCBS). Effectiveness of Compliance Function The following are governance variables for the effectiveness of the compliance function suggested by the BCBS observations and tracking the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • [SecLineComplyIndMan] (+) – Banks – 2nd Line Risk Management Function – Compliance of Bank Activities – Independence from Management – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (BCBS); • [SecLineComplyAuth] (+) – Banks – 2nd Line Risk Management Function – Compliance of Bank Activities  – Authority of Compliance Function  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (BCBS); • [SecLineComplyStature] (+) – Banks – 2nd Line Risk Management Function – Compliance of Bank Activities  – Stature/Status of Compliance Function  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (BCBS); • [SecLineComplyResources] (+)  – Banks  – 2nd Line Risk Management Function – Compliance of Bank Activities – Resources of Compliance Function – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (BCBS); • [SecLineComplyAccess] (+) – Banks – 2nd Line Risk Management Function – Compliance of Bank Activities – Access of Compliance Function to the Board – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (BCBS); and • [SecLineComplySingleHat] (+)  – Banks  – 2nd Line Risk Management Function  – Compliance of Bank Activities  – No ‘Dual-Hatting’ of Head of Compliance Function with Other Functions – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox (BCBS).

45.15  APRA Identifies Failings in Accountability and Responsibility

1241

As noted above, these variables track the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1383 with a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). The requirement that the compliance function should report directly to the board – a reporting variable – tracks the relational effect path of the [TransTimeMon] (+)384 variable in section 9.1.2.1 of Stage 1 and in the same positive (+) direction and has a coverage/rating of +8/100.00  in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • [SecLineComplyReportBrd] (+) – Banks – Board of Directors – Reporting of Compliance Function – Directly To Board – Enhancement in Information Flow to the Board  – Enhancement in Risk Management and Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating  +  8/100.00 rprox (BCBS).

45.15 APRA Identifies Failings in Accountability and Responsibility Approach to Governance Variables for Failings in Accountability and Responsibility In Sect. 38.14 above, the Stage 2 relational approach introduced a governance variable which included failure by the board to continuously review the internal structure of the bank for clear lines of accountability/responsibility, risk culture and flow of information about risks: • [FailReviewStructCultInfoRisk] (−)  – Banks  – Board Oversight of Risk Management – Failure by Board to Review Internal Structure (Continuous), Risk Culture and Information Flow about Risks  – Failure of Clear Lines of Accountability/Responsibility  – Failure to Monitor Risk Culture  – Failure to Monitor Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (OECD Kirkpatrick Report 2009), (OECD Key Findings 2009); and • Failure of clear lines of accountability/responsibility – relational effect path also begins with Responsibility Factor No 8. Recalling that examination, the Stage 2 relational approach to the failures in identification, disclosure and escalation and the reduction in information flow variables in Sect. 38.3 was to hypothesise that they are identical in behaviour and relational effect path to the [TransTimeMon] (+)385 variable in section 9.1.2.1 of Stage 1 but in the negative (−) direction, giving rise to a coverage/rating of − 8/100.00 rprox.

 Ibid.  See discussion in section 9.1.2.1 of Stage 1, above n 2. 385  Transparency and Timing of Reporting – Monitoring Effect. See discussion in section 9.1.2.1 of Stage 1, above n 2, pp 262–263. 383 384

1242

45  The Risk Management Function

The [TransTimeMon] (+) variable links, most directly, the transparency and timing of reporting with both enhancement of the risk management and monitoring function (Risk Management, Monitoring & Audit Factor No 5386) and the quality of decision-making (Decision-making Factor No 7387). Given its focus on risk management, monitoring and decision-making, the [TransTimeMon] (+) variable’s relational effect path is positive (+) and the zone of effect of that relational effect path is hypothesised to be similar to that of the [BrdSkills] (+)388 and [BrdIndMon] (+)389 variables but with an additional overriding requirement of Compliance Factor No 2 (Corporate Governance and Legal Compliance390). As can be seen for the [FailReviewStructCultInfoRisk] (−) variable, the examination in the above Sect. 38.3 also identified where the relational effect path began with an additional Responsibility Factor No 8 – delineation and disclosure of powers, duties and lines of responsibility.391 Thus, for a failure of clear lines of accountability/responsibility, the relational effect path also begins with Responsibility Factor No 8. This gives rise to a coverage/rating of −8/100.00 rprox for the [FailReviewStructCultInfoRisk] (−) variable in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) of this Stage 2 Key Code and Advanced Handbook. Thus, the following governance variables suggested by APRA in its Final Report will be crafted according to the [FailReviewStructCultInfoRisk] (−) variable. Governance Variables for Failings in Accountability and Responsibility APRA devotes an entire section of its Final Report – section 7 – to Accountability392 and concludes that there was poor accountability “across business lines” leading to an inadequate ownership of risk for activities spanning the Group.393 For the construction of the governance variables, APRA distinguishes between ‘responsibility’ and ‘accountability’; In an organisational context, it is important to distinguish between the concepts of ‘responsibility’ and ‘accountability’. Whereas individuals can be held responsible for the actions that they personally undertake, in institutions individuals are held accountable for the actions, decisions and outcomes that take place within their area of control and influence, irrespective of whether they themselves were personally involved in taking those actions or decisions. Understanding this distinction, and following through on it in practice, is fundamental to effective corporate governance.394

 See discussion in section 2.6.5 of Stage 1, above n 2, pp 47–51.  See discussion in section 2.6.7 of Stage 1, above n 2, pp 51–58. 388  Board – Director Skills ‘Mix’ – see Figure 7.2 and discussion in section 7.3.1.2.1 of Stage 1, above n 2, pp 198–201. 389  Board Independent Director: Executive Director Proportion – Monitoring Effect – see discussion in sections 7.3.2.1.1–7.3.2.1.2 of Stage 1, above 2, pp 208–212. 390  See discussion in section 2.6.2 of Stage 1, above n 2, pp 41–43. 391  See discussion in section 2.6.8 of Stage 1, above n 2, pp 54–59. 392  APRA Final Report, above n 14, section 7, Accountability, pp 58–64. 393  Ibid, p 57. 394  Ibid, p 58. 386 387

45.15  APRA Identifies Failings in Accountability and Responsibility

1243

The APRA Panel concluded that there were ‘a number of drivers’ of the bank’s accountability problems: • a cultural ‘mentality of trust’ and ‘over-consulting’, manifested in a lack of constructive challenge throughout the senior management levels and at the Board, and in bureaucracy diluting accountability…; • a federated organisational structure that required but did not have clear roles and responsibilities for issues that spanned business units and a lack of collective and end- to-end accountability…; • limited appetite for consequence management…; and • limited reporting on issue closure...395

Using APRA’s headings, the governance variables are as follows all with a coverage/rating of −8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above): • “trust and over-consulting”396: –– [AccFailOverConsult] (−) – Banks – Board Oversight of Accountability – Failure by ‘Over-Consulting’ due to Unclear Ownership for Decision-Making Rights  – Failure of Clear Lines of Accountability/Responsibility for Outcome  – Failure of Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)397; • “consequences of the federated organisational structure”398: –– [AccFailAcrossBUs] (−)  – Banks  – Board Oversight of Accountability  – Failure “About Accountability for Risks and Issues Across Business Units” – Failure of Clear Lines of Accountability/Responsibility for Outcome – Failure of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (APRA)399; –– [AccFailECmNatureScope] (−)  – Banks  – Board Oversight of Accountability – Failure of “Consensus and Clear Vision of Accountability at the Executive Committee Level”…“Regarding the Nature and Scope of Group Executive Accountability” – Failure of Clear Lines of Accountability/ Responsibility for Outcome  – Failure of Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)400; –– [AccFailFirstLineOwnEmergeRisk] (−)  – Banks  – Board Oversight of Accountability – Attribution to Second Line of First Line Emerging Risk – Failure of First Line to Own Risk Emerging from Business Unit – Failure of Clear Lines of Accountability/Responsibility for Outcome  – Failure of Information Flow – Reduction in Quality of Risk Management and Internal  Ibid, p 59.  Ibid, section 7.2.1, Trust and over-consulting, p 59. 397  Ibid. 398  Ibid, section 7.2.2, Consequences of the federated organisational structure, p 59. 399  Ibid. 400  Ibid, p 60. 395 396

1244

45  The Risk Management Function

Monitoring and Decision-making, coverage/rating  −  8/100.00 rprox (APRA)401; • “accountability failings in AML-CTF compliance”402: –– [AccFailEndToEndOwn] (−)  – Banks  – Board Oversight of Accountability  – “Unclear End-To-End Ownership and Governance”  – Failure of Clear Lines of Accountability/Responsibility for Outcome  – Failure of Information Flow - Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/ rating − 8/100.00 rprox (APRA)403; –– [AccFailEndToEndAssure] (−)  – Banks  – Board Oversight of Accountability – Failure of “End-To-End Assurance” – Failure of Clear Lines of Accountability/Responsibility for Outcome  – Failure of Information Flow -Reduction in Quality of Risk Management and Internal Monitoring and Decision-­making, coverage/rating − 8/100.00 rprox (APRA)404; –– [AccFailL1&L2Roles&Resps] (−)  – Banks  – Board Oversight of Accountability – Failure of “Awareness of the Roles and Responsibilities of Line 1 and Line 2” – Failure of Clear Lines of Accountability/Responsibility for Outcome – Failure of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/ rating − 8/100.00 rprox (APRA)405; • “limited appetite to apply consequence management”406: –– “complexity ‘excuse’ used to diffuse accountability”407: • [AccFailComplexExc] (−)  – Banks  – Board Oversight of Accountability –– Complexity Excuse  – Failure of Accountability for “Risks Spanning Multiple Business Units”  – Failure of Clear Lines of Accountability/Responsibility for Outcome  – Failure of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-­making, coverage/rating − 8/100.00 rprox (APRA)408; and • see also the [AccFailAcrossBUs] (−) variable in this Sect. 45.15 above; –– “unclear roles and responsibilities used to diffuse accountability409: • [AccFailSeniorRoles&Resps] (−)  – Banks  – Board Oversight of Accountability  – Failure of Senior Executive Accountability where “Unclear Roles and Responsibilities at Lower Levels” or where “Specific Individuals Responsible for Specific Tasks”  – Failure of Clear Lines of  Ibid.  Ibid, p 60. 403  Ibid. 404  Ibid. 405  Ibid. 406  Ibid, section 7.2.3, Limited appetite to apply consequence management, p 61. 407  Ibid. 408  Ibid. 409  Ibid. 401 402

45.15  APRA Identifies Failings in Accountability and Responsibility

1245

Accountability/Responsibility for Outcome  – Failure of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-­making, coverage/rating − 8/100.00 rprox (APRA)410; –– “first line accountability not consistently applied”411: • [AccFailLine1RiskComplyOutcome] (−) – Banks – Board Oversight of Accountability  – Failure of Adverse Risk or Compliance Outcome with Line 1  – Failure of Clear Lines of Accountability/Responsibility for Outcome  – Failure of Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)412; • [AccFailLine2RiskComplyOutcome] (−) – Banks – Board Oversight of Accountability – Failure of Oversight and Challenge of Line 1 by Line 2 – Failure of Clear Lines of Accountability/Responsibility for Outcome  – Failure of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)413; and • see also the [AccFailL1&L2Roles&Resps] (−) variable in this Sect. 45.15 above; • “lack of accountability for risk systems”414: • [AccFailRiskSystOwnOSight] (−)  – Banks  – Board Oversight of Accountability  – Failure of Clear Ownership of Risk System  – Failure of Management Oversight of Integrity of Risk System – Failure of Clear Lines of Accountability/Responsibility for Outcome  – Failure of Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA)415; and • [AccFailRiskSystOwnInvest] (−)  – Banks  – Board Oversight of Accountability  – Failure of Clear Ownership of Risk System  – Failure of Investment/Upgrade in Risk System – Failure of Clear Lines of Accountability/ Responsibility for Outcome  – Failure of Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making, coverage/rating − 8/100.00 rprox (APRA).416 APRA’s Recommendations for Accountability Among APRA’s Recommendations is to adopt the Accountability Principles in Figure 5 of section 7 of its Final Report.417

 Ibid.  Ibid. 412  Ibid, p 62. 413  Ibid. 414  Ibid. 415  Ibid. 416  Ibid. 417  Ibid, Figure 5: Accountability Principles, p 64. 410 411

Chapter 46

The Internal Audit Function

Abstract  The internal audit function is identified in this Chap. 46 as a subject for a proposed future Key Field. Keywords  Internal audit function · Introduction to internal audit

The internal audit function could fill an entire Key Field itself and so is beyond this Stage 2 Key Code and Advanced Handbook of Key Field No. 5. Only some general comments of the BCBS are included here. The internal audit function constitutes the BCBS’ independent Third Line of defence1 of “internal control, risk management and governance systems and processes”.2 The internal audit function must be separate to the bank’s activities and heads of other functions.3 The internal audit function is extensive, the BCBS requiring: • full and unconditional access to information and records; • independent assessments of internal controls, risk management and governance systems and processes; • adherence to national and international professional standards; • knowledge, skills and experience suitable for the bank’s activities; and • prompt correction of audit issues by senior management.4 The internal auditors must periodically examine the bank’s “overall risk governance framework” including: • the effectiveness of the risk management and compliance functions;

  The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http://www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’), Para 38, p 11. 2  Ibid, Para 138, p 32. 3  Ibid, Paras 139–140, p 32. 4  Ibid, Para 141, p 32. 1

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_46

1247

1248

46  The Internal Audit Function

• the quality of risk reporting to the board and senior management; and • the effectiveness of the bank’s system of internal controls.5 Internal audit reports must be provided to the Audit Committee and board “without management filtering”.6 The head of internal audit reports directly to the board or Audit Committee.7 The ASX Principles and Recommendations Fourth Edition require an entity to disclose if it has an internal audit function, how it is structured and what role it performs.8

 Ibid.  Ibid, Para 142, p 32. 7  Ibid, p 33. 8  Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition, February 2019, accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-principles-and-recommendationsfourth-­edn.pdf (‘2019ASX’), Rec 7.3, p 27. 5 6

Chapter 47

Governance Variables for Remediation Activities

Abstract  Chapter 47 of the Stage 2 relational approach Key Code and Advanced Handbook examines governance variables for remediation activities. It contains commentary from APRA on remediation attributes including success factors for remediation and additional successful remediation recommendations. Keywords  Remediation · Remediation activities · APRA remediation attributes · Success factors · Additional remediation recommendations

47.1 APRA Commentary on Remediation Attributes APRA identifies the shortcomings across three main areas – governance, accountability and culture.1 In this respect, APRA identifies a number of ‘core attributes’ for successful remediation programs, here represented or modelled on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Like the [BrdSkills] (+) variable, there is an hypothesised enhancement in risk management and therefore internal monitoring. Thus, the effect of these governance variables is predicted to be significant on the spine of the relational effect path – starting with Risk Management, Monitoring & Audit Factor No 5 and reflexively moving to Reporting Factor No 1, Decision-making Factor No 7 and Responsibility Factor No 8. Alternatively, these variables can be seen as an enhancement in the quality of decision-making reflected in an enhancing effect on Decision-making Factor No. 7 and therefore the other spine governance factors.

 Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (‘APRA Final Report’), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-Prudential-Inquiry_Final-Report_30042018.pdf, Section D: Remediation Initiatives and Panel Recommendations, p 96. 1

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_47

1249

1250

47  Governance Variables for Remediation Activities

Thus, like the [BrdSkills] (+) variable from section 7.3.1.2.1 of Stage 1,2 these governance variables affect all governance factors except the overriding effect of Compliance Factor No 2 (as described in section 2.6.2 of Stage 1). Similarly to the [BrdSkills] (+) variable, compliance with corporate governance and legal requirements on the bank – an obligation which remains constant by force of law – is not affected by the risk remediation activities of the board, CEO, senior management or lower-level managers. Compliance Factor No 2 thus remains constant for this variable. This equates to a coverage/rating of +7/87.50 rprox for the following risk remediation variables in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Success Factors for Remediation Thus, the success factors for risk remediation for APRA are as follows and should be used to assess any remediation program: • [RemedBrdECm] (+) – Banks – Remediation of Risk – Successful Remediation Attributes – Oversight of Risk Remediation Program at Both Board and Executive Committee Level3 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox including: –– [RemedEngageAll] (+)  – Banks  – Remediation of Risk  – Successful Remediation Attributes – Engagement of All Relevant Parties4 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [RemedBUTalent] (+) – Banks – Remediation of Risk – Successful Remediation Attributes  – Secondment of Talent from Business Units into Remediation Program5 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [RemedClearObject] (+)  – Banks  – Remediation of Risk  – Successful Remediation Attributes – Clear Objectives6 – Enhancement in Risk Management

 Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in section 7.3.1.2.1 of Stage 1, pp. 198–201. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 3  APRA Final Report, above n 1, Section 10 Remediation Initiatives, p 96. 4  Ibid. 5  Ibid. 6  Ibid. 2

47.1  APRA Commentary on Remediation Attributes

•

•

•

•

•

•

•

•

and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; [RemedProgPlan] (+) – Banks – Remediation of Risk – Successful Remediation Attributes – Detailed Program Planning7 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; [RemedResourcePlans] (+)  – Banks  – Remediation of Risk  – Successful Remediation Attributes  – Comprehensive Resource Plans8  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox; [RemedClearAcc] (+) – Banks – Remediation of Risk – Successful Remediation Attributes  – Clear Accountability9 (Generally)  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Lines of Responsibility  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; [RemedMultiYrBudget] (+)  – Banks  – Remediation of Risk  – Successful Remediation Attributes  – Committed Multi-Year Budget10  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; [RemedOutsideFunding] (+)  – Banks  – Remediation of Risk  – Successful Remediation Attributes  – Funding Outside Regular Annual Cycles11  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; [RemedIntAudit] (+) – Banks – Remediation of Risk – Successful Remediation Attributes – Internal Audit to Conduct Assurance of Program12 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; [RemedOutsideFn] (+) – Banks – Remediation of Risk – Successful Remediation Attributes – Outside Function to Conduct Assurance of Program13 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; [RemedSeqSourceSME] (+)  – Banks  – Remediation of Risk  – Successful Remediation Attributes  – Sequencing Initiatives and Sourcing Quantum of Skillsets for Adequate Attention of Subject Matter Experts14 – Enhancement in

 Ibid.  Ibid. 9  Ibid. 10  Ibid, p 97. 11  Ibid. 12  Ibid. 13  Ibid. 14  Ibid. 7 8

1251

1252

47  Governance Variables for Remediation Activities

Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-­making, coverage/rating + 7/87.50 rprox; and • [RemedCultChangeSnrExec] (+) – Banks – Remediation of Risk – Successful Remediation Attributes  – Culture Change in Senior Executive Actions and Decisions15  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox. Additional Successful Remediation Recommendations APRA specified a number of recommendations in relation to remediation again here represented or modelled on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 with a coverage/rating of +7/87.50 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above) including the following variables: • [RemedSkinInGame] (+)  – Banks  – Remediation of Risk  – Successful Remediation Attributes  – ‘Skin in the Game’ for Bank Senior Leadership16  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [RemedTimeCommit] (+)  – Banks  – Remediation of Risk  – Successful Remediation Attributes – Time Commitment for Senior Leadership for Program Director or Oversight Roles17 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [RemedClearAccProgDelivery] (+) – Banks – Remediation of Risk – Successful Remediation Attributes  – Clear Accountability for Program Delivery18  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [RemedRemunConseq] (+)  – Banks  – Remediation of Risk  – Successful Remediation Attributes  – Remuneration Consequences for Unsuccessful Outcomes19  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [RemedIDDeferProgs] (+)  – Banks  – Remediation of Risk  – Successful Remediation Attributes  – Identification of Programs to Defer to Deliver Remediation Program20  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox;

 Ibid.  Ibid, Rec 31, p 101. 17  Ibid. 18  Ibid, Rec 32, p 101. 19  Ibid. 20  Ibid, Rec 33, p 101. 15 16

47.1  APRA Commentary on Remediation Attributes

1253

• [RemedProjDiscip] (+) – Banks – Remediation of Risk – Successful Remediation Attributes  – Rigourous Project Disciplines for Remediation Programs21  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; • [RemedIndReviewProg] (+)  – Banks  – Remediation of Risk  – Successful Remediation Attributes  – Independent Review of Remediation Programs22  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Lines of Responsibility – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox; and • [RemedDayToDayOps] (+)  – Banks  – Remediation of Risk  – Successful Remediation Attributes  – Program Frameworks Embedded in Day-To-Day ­Operations23  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating + 7/87.50 rprox.

 Ibid, Rec 34, p 101.  Ibid. 23  Ibid, Rec 32, p 101. 21 22

Chapter 48

Governance Variables for APRA on Risk Management and Compliance

Abstract  Chapter 48 of Part 6 of the Stage 2 relational approach Key Code and Advanced Handbook examines governance variables for APRA on risk management and compliance. This examines APRA’s risk management framework (RMF), material risks, APRA’s review of the risk management function and APRA’s risk management declaration and notification requirements. Keywords  APRA · Risk Management Function · Risk Management Framework (RMF) · Review of risk management · Risk management declaration · Notification requirements

The Stage 2 relational approach will construct disclosure variables identical to the [TransTimeMon] (+)1 variable (and in the same positive (+) direction) to reflect an increase in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the enhancement in information flow as a result of APRA’s implementation of risk management and compliance variables. This gives rise to governance variables with a coverage/rating of +8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Alternatively, there is an increase in the quality of decision-making – Decision-­ making Factor No 7  – and/or an enhancement of clear lines of accountability/ 1  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in section 9.1.2.1 of Stage 1, pp 198–199. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27.

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_48

1255

1256

48  Governance Variables for APRA on Risk Management and Compliance

responsibility affecting positively Responsibility Factor No 8 for each of the enhancements identified by APRA. In the case of failings in risk management and compliance, negative variables based on the [TransTimeMon] (+)2 variable but in the negative (−) direction, coverage/rating −8/100.00 rprox will be identified.

48.1 APRA Risk Management Framework APRAS’s Risk Management Framework (RMF) APRA’s Prudential Standard CPS 220 Risk Management3 sets out APRA’s requirements in relation to the Risk Management Framework (RMF): • [220RMFInstitution-Wide] (+)  – Banks  – CPS 220 RMF  – Maintain Risk Management Framework  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (APRA CPS 220), the content of this variable including: –– “develop and implement strategies, policies, procedures and controls to manage different types of material risks”4; and –– “provides the Board with a comprehensive institution-wide view of material risks”.5 • [220RMFElements&MatRisk] (+)  – Banks  – CPS 220 RMF  – Elements of Risk Management Framework and Material Risk – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (APRA CPS 220), the content of this variable including:

 Ibid.  Australian Prudential Regulation Authority, Prudential Standard CPS 220 Risk Management, July 2019, accessed 22 September 2019, available at https://www.apra.gov.au/sites/default/files/ cps_220_risk_management_effective_from_1_july_2019.pdf (‘CPS 220’), sections 19–25, pp 6–7. In addition to finalisation of APRA’s Draft Prudential Standard 511 Remuneration, APRA has announced that it intends to consult on revised versions of Prudential Standard CPS 510 Governance, Prudential Standard CPS 220 Risk Management and Prudential Standard 520 Fit and Proper in the second half of 2020 with expected effective dates of 2022. See Australian Prudential Regulation Authority, Information Paper, APRA’s Policy Priorities, section 2.1.1 Governance and risk management, section 2.1.3 Accountability and Attachment B: Timelines. 4  CPS 220, ibid, section 19, p 6. 5  Ibid. 2 3

48.1  APRA Risk Management Framework

1257

–– “the totality of systems, structures, policies, processes and people within an institution that identify, measure, evaluate, monitor, report and control or mitigate all internal and external sources of material risk”6; and –– “material risks are those that could have a material impact, both financial and non-financial, on the institution or on the interests of depositors and/or policyholders”7; • [220RMFConsistentBusPlanSec31] (+)  – Banks  – CPS 220 RMF  – Risk Management Framework to be Consistent with Business Plan Under Section 318 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (APRA CPS 220); • [220RMFID&ManRiskSizeMixComplex] (+) – Banks – CPS 220 RMF – Risk Management Framework to Provide Structure to Identify and Manage Each Material Risk Having Regard to Size, Business Mix and Complexity of Operations9 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (APRA CPS 220); • [220RMFMinimumRequirements] (+) – Banks – CPS 220 RMF – Minimum Requirements of Risk Management Framework10 – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (APRA CPS 220) including11: –– –– –– ––

a risk appetite statement (RAS); a Risk Management Strategy (RMS); a business plan; “policies and procedures supporting clearly defined and documented roles, responsibilities and formal reporting structures for the management of material risks throughout the institution”; –– “a designated risk management function that meets the requirements of paragraph 37”; –– “an Internal Capital Adequacy Assessment Process (ICAAP)”; –– “a management information system(s) (MIS) that is adequate, both under normal circumstances and in periods of stress, for measuring, assessing and reporting on all material risks across the institution”; and

 Ibid, section 20, p 6.  Ibid. 8  Ibid, section 21, p 6. 9  Ibid, section 22, p 6. 10  Ibid, section 23, pp 6–7. 11  Ibid, section 23(a) – (g), pp 6–7. 6 7

1258

48  Governance Variables for APRA on Risk Management and Compliance

–– “a review process to ensure that the risk management framework is effective in identifying, measuring, evaluating, monitoring, reporting, and controlling or mitigating material risks”12; • [220RMFScenario&StressTests] (+)  – Banks  – CPS 220 RMF  – Risk Management Framework to “Include Forward-Looking Scenario Analysis and Stress Testing Programs” Having Regard to “Size, Business Mix and Complexity…Based on Severe But Plausible Assumptions13 – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/ Responsibility, coverage/rating + 8/100.00 rprox (APRA CPS 220); • [220RMFMISRequireBrdCmsSnrMan] (+) – Banks – CPS 220 RMF – Risk Management Framework  – Requirements of Management Information System14  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (APRA CPS 220), including15: –– “regular, accurate and timely information concerning the institution’s risk profile”; –– “robust data framework that enables: • the aggregation of exposures and risk measures across business lines; • prompt reporting of limit breaches: and • forward-looking scenario analysis and stress testing”16; and –– “data quality must be adequate for timely and accurate measurement, assessment and reporting on all material risks across the institution and must provide a sound basis for making decisions”.17 Material Risks In the case of the Material Risks of APRA’s RMF: • [220RMFMinimumMaterialRisks] (+)  – Banks  – CPS 220 RMF  – Risk Management Framework  – Minimum Requirements of Material Risks18  – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (APRA CPS 220), including:

 Ibid.  Ibid, section 24, p 7. 14  Ibid, section 25, p 7. 15  Ibid. 16  Ibid. 17  Ibid. 18  Ibid, section 26, p 7. 12 13

48.1  APRA Risk Management Framework

–– –– –– –– –– –– ––

1259

credit risk; market and investment risk; liquidity risk; insurance risk; operational risk; “risks arising from the strategic objectives and business plans”19; and “other risks that, singly or in combination with different risks, may have a material impact on the institution”.20

APRA’s Review of the Risk Management Function In the case of APRA’s review of the RMF: • [220RMFAnnualReview] (+)  – Banks  – CPS 220 RMF  – Risk Management Framework  – Annual Review of RMF by Internal and/or External Audit21  – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (APRA CPS 220), including: –– “results of this review must be reported to the institution’s Board Audit Committee, the senior officer outside of Australia or Compliance Committee, as relevant”22; • [220RMFComprehenExtReview3Years] (+) – Banks – CPS 220 RMF – Risk Management Framework  – Comprehensive Review of RMF by Independent, Competent Persons (including External Consultants) At Least Every 3 Years23 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (APRA CPS 220), including: –– “results of this review must be reported to the institution’s Board Risk Committee, the senior officer outside Australia or Compliance Committee, as relevant”24; –– scope to have regard to25: • size, business mix and complexity; • any change in operations or risk appetite; and • change in external environment; and

 Ibid.  Ibid. 21  Ibid, section 44, p 11. 22  Ibid. 23  Ibid, section 45, p 11. 24  Ibid. 25  Ibid, section 46, p 11 19 20

1260

48  Governance Variables for APRA on Risk Management and Compliance

–– must assess whether26: • • • • •

“the framework is implemented and effective”; “remains appropriate, taking into account the current business plan”; “remains consistent with the Board’s risk appetite”; “is supported by adequate resources”; and “the RMS accurately documents the key elements of the risk management framework that give effect to the strategy for managing risk”; and

–– if any material change to size, business mix and complexity is identified outside the 3 year review – whether any amendment or review is necessary to the RMF.27 APRA’s Risk Management Declaration and Notification Requirements In the case of the risk management declaration: • [220RMFAnnualDeclarationAPRA] (+)  – Banks  – CPS 220 RMF  – Risk Management Framework – Annual Declaration to APRA on Risk Management in Attachment A28 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (APRA CPS 220), including: –– signed by Chairperson of Board and Chairperson of BRC29; –– qualifying declaration for significant breach/deviation from the RMF or Attachment A including cause, circumstances and steps to remedy30; and –– to be submitted within 4 months of annual balance date.31 In the case of notification requirements to APRA: • [220RMFNotifyAPRARevisionsBreach] (+) – Banks – CPS 220 RMF – Risk Management Framework  – Notification to APRA of Revisions and Breaches/ Deviations32 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (APRA CPS 220), as soon as practicable within 10 business days of: –– revisions to RAS, Business Plan or RMS approved by the Board33;

 Ibid, section 47, pp 11–12.  Ibid, section 48, p 12. 28  Ibid, sections 49–51, p 12. 29  Ibid, section 49, p 12. 30  Ibid, section 50, p 12. 31  Ibid, section 51, p 12. 32  Ibid, section 52, pp 12–13. 33  Ibid. 26 27

48.1  APRA Risk Management Framework

1261

–– significant breach/deviation from RMF34; –– RMF did not adequately address a material risk35; –– material or prospective material changes to size, business mix and complexity of the Bank36; and –– right to conduct business outside Australia is materially affected by a law of that jurisdiction or has ceased.37

 Ibid, section 53, p 13.  Ibid. 36  Ibid, section 54, p 13. 37  Ibid, section 55, p 13. 34 35

Chapter 49

NAB’S Risk Management Framework (RMF) and ASX Enviromental and Social Risks

Abstract  The penultimate Chap. 49 of the Stage 2 Key Code and Advanced Handbook examines NAB’s risk management framework (RMF) and the ASX’s environmental and social risks. In the case of NAB’s RMF we begin with NAB first line risk and control ownership. There follows a number of NAB second line risk management variables: • • • •

second line risk reporting; second line compliance function; second line conduct risk; and second line operational risk. The Chapter concludes with the ASX Environmental and Social Risks.

Keywords  NAB · Risk Management Framework (RMF) · First Line Risk and control ownership · Second Line risk management · Second Line risk reporting · Second line compliance function · Second Line conduct risk · Second Line operational risk

The Stage 2 relational approach will construct disclosure variables identical to the [TransTimeMon] (+)1 variable (and in the same positive (+) direction) to reflect an increase in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the enhancement in 1  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in section 9.1.2.1 of Stage 1, pp 198–199. For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27.

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_49

1263

1264

49  NAB’S Risk Management Framework (RMF) and ASX Enviromental and Social…

information flow as a result of NAB’s implementation of risk management and compliance variables. This gives rise to governance variables with a coverage/rating of +8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Alternatively, there is an increase in the quality of decision-making – Decision-­ making Factor No 7  – and/or an enhancement of clear lines of accountability/ responsibility affecting positively Responsibility Factor No 8 for each of the enhancements identified by NAB. In the case of failings in risk management and compliance, negative variables based on the [TransTimeMon] (+)2 variable but in the negative (−) direction, coverage/rating −8/100.00 rprox will be identified. In the case of Key Elements of the NAB Risk Management Framework: • [NABRiskManElementsRMF] (+) – Banks – NABRiskMan – Risk Management and Compliance – Elements of Risk Management Framework3 – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/ Responsibility, coverage/rating + 8/100.00 rprox (NAB), the content of this variable including4: –– –– –– –– –– ––

Three Lines of Defence (3LoD) model; Risk Governance; Risk Appetite; Risk Measurement & Modelling (including Event Management) Risk Reporting; and Monitoring.

• [NABRiskManMaterialRisks] (+) – Banks – NABRiskMan – Risk Management and Compliance – Material Risks5 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB), the content of this variable including6: –– –– –– –– –– ––

Credit; Market; Balance Sheet & Liquidity; Operational; Compliance; Conduct;

 Ibid.  National Australia Bank, NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/content/dam/ nabrwd/documents/reports/corporate/nab-self-assessment-2018.pdf (‘NAB Self-Assessment 2018’), p 24. 4  Ibid. 5  Ibid. 6  Ibid. 2 3

49  NAB’S Risk Management Framework (RMF) and ASX Enviromental and Social…

1265

–– Regulatory; and –– Strategic; • [NABRiskManRiskAppetite] (+) – Banks – NABRiskMan – Risk Management and Compliance – Risk Appetite7 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB), the content of this variable including8: –– Risk Appetite Limits for each material risk defined in Risk Appetite Statement (RAS); –– Quantitative Risk Limits for all financial risks; –– Quantitative Risk Limits for Operational Risk and Compliance; and –– in the negative (−) direction: • absence of Quantitative Limits for Conduct Risk. • [NABRiskManImproveRMF] (+) – Banks – NABRiskMan – Risk Management and Compliance  – Improvements in Risk Management Framework (RMF)9  – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (NAB), the content of this variable including10: –– implementation of the Risk Management Accountabilities (RMA) model which clearly defines the risk management accountabilities of First, Second and Third Line functions; –– implementation of risksmart, a single system of record for non-financial risks, including operational risks, compliance obligations and associated controls; –– introduction of formal risk management performance assessments (performed by Risk) for the CEO, ELT and EGMs; –– implementation of formal mechanisms to measure, assess and report on the risk management performance of all business units at NAB; –– redesign of NAB’s risk governance model including the creation of VCRMCs aligned to customer experience (e.g. Personal, Business); –– improvements to NAB’s risk appetite framework, providing clearer boundaries on risk limits; –– redesign of risk reports by the First and Second Lines; –– increased application of data analytics to support monitoring and oversight; –– strengthening of the credit, market and balance sheet risk management practices implemented through a range of initiatives, including: • • • •

the simplification of the Delegation of Commitment Authorities; investments in enhanced credit-decisioning tools; simplification of the model risk management practices; and implementation of new market risk reporting systems; and

–– improvements to the Group CRO’s risk performance assessment provided to the BRC and RemCo [Compensation/Remuneration Committee].11

 Ibid.  Ibid. 9  Ibid. 10  Ibid. 11  Ibid (formatting and punctuation change and some bullet-points added). 7 8

1266

49  NAB’S Risk Management Framework (RMF) and ASX Enviromental and Social…

• [NABRiskManCPS220ReviewRMF] (+)  – Banks  – NABRiskMan  – Risk Management and Compliance – Improvements from CPS 220 Review of Risk Management Framework (RMF)12  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-­ making  – Increase in Quality of Accountability/Responsibility, coverage/ rating + 8/100.00 rprox (NAB), the content of this variable including: –– For the First Line: • reorient risk information to fully enable VCRMCs, including more customer metrics; • improve the consistency of application and clarity of accountabilities for Enterprise Controls; and –– And for the Second Line: • complete the implementation of the Second Line operating model and build targeted resourcing; • enhance non-financial risk management (including risk appetite metrics) and simplify risk policies; • further develop the risk culture framework, and links between risk and remuneration; and • improve the usability of risk IT systems.13

• [NABRiskManCustOutcomesRMF] (+)  – Banks  – NABRiskMan  – Risk Management and Compliance  – Improvements to Give Focus on Customer Impact14  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (NAB), the content of this variable including risks for: –– –– –– ––

system interruption; data security; privacy breaches; and conduct and compliance.15

49.1 NAB First Line Risk and Control Ownership In the positive (+) direction in the case of First Line Risk and Control Ownership16: • [NABRiskManFirstLineRoles&Resps] (+)  – Banks  – NABRiskMan  – Risk Management and Compliance  – First Line Risk and Control Ownership and Management  – Roles and Responsibilities17  – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and

 Ibid, p 25.  Ibid (formatting and punctuation change and some bullet-points added). 14  Ibid. 15  Ibid. See also Action #8 of NAB Self-Assessment 2018, above n 53, p 25. 16  Ibid, p 25. 17  Ibid. 12 13

49.1  NAB First Line Risk and Control Ownership

1267

Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox, (NAB), the content of this variable including roles and responsibilities for18: –– –– –– –– –– ––

control design and testing; risk profiling; managing compliance; managing events and compliance breaches; building and maintaining a sound risk culture supportive of risk appetite; events and conduct issues adequately investigated, remediated and closed (with oversight by Second Line or Third Line (Internal Audit); and –– maintaining the accuracy of information recorded in risksmart relating to risks, compliance obligations, controls, events, issues and actions19; In the negative (−) direction: • [NABRiskManFirstLineFail] (−) – Banks – NABRiskMan – Risk Management and Compliance – First Line Risk and Control Ownership and Management – Failings in First Line20 – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (NAB), the content of this variable including: –– failings in consistency and competencies across elements of First Line including: • risk identification; • risk profile monitoring; and • designing high quality controls. • [NABRiskManFirstLineSecLineBlur] (−)  – Banks  – NABRiskMan  – Risk Management and Compliance  – First Line Risk and Control Ownership and Management – Failings in First Line – Blurring of Responsibilities of First Line and Second Line21 – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (NAB). Risk and Control Responsibilities under the Bank Executive Accountability Regime (BEAR) are examined in Chap. 20. Value Chain Risk Management Committees (VCRMCs) are examined in Sect. 30.7 of Chap. 30. In the case of Reliance on Enterprise Controls22 in the positive (+) direction:

 Ibid.  Ibid. 20  Ibid. 21  Ibid. 22  Ibid, p 26. 18 19

1268

49  NAB’S Risk Management Framework (RMF) and ASX Enviromental and Social…

• [NABRiskManFirstLineEntCont] (+)  – Banks  – NABRiskMan  – Risk Management and Compliance  – First Line Risk and Control Ownership and Management – Reliance on Enterprise Controls Function within Technology & Operations for Testing Operational Effectiveness of Controls23 – Enhancement in Information Flow  – Increase in Quality of Risk Management and Internal Monitoring and Decision-making  – Increase in Quality of Accountability/ Responsibility, coverage/rating + 8/100.00 rprox (NAB), the content of this variable including: –– divisionally aligned teams within Enterprise Controls to support Risk Management Framework including First Line: • • • •

risk reporting and governance; risk profiling; event management; and controls design24;

• [NABRiskManFirstLineEntContImprove] (+)  – Banks  – NABRiskMan  – Risk Management and Compliance – First Line Risk and Control Ownership and Management – Reliance on Enterprise Controls Function within Technology & Operations for Testing Operational Effectiveness of Controls – Improvements in Enterprise Controls25 – Enhancement in Information Flow – Increase in Quality of Risk Management and Internal Monitoring and Decision-making – Increase in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (NAB), the content of this variable including: –– leadership of enterprise control function elevated to EGM level; –– centralising reporting lines to drive more consistent outcomes; and –– increasing the quality of the Enterprise Controls team.26 In the negative (−) direction: • [NABRiskManFirstLineEntContFail] (−)  – Banks  – NABRiskMan  – Risk Management and Compliance  – First Line Risk and Control Ownership and Management – Reliance on Enterprise Controls Function within Technology & Operations for Testing Operational Effectiveness of Controls  – Failings in Enterprise Controls27 – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (NAB), the content of this variable including: –– –– –– ––  Ibid.  Ibid. 25  Ibid. 26  Ibid 27  Ibid. 23 24

inconsistent application; changes of leadership; under-resourcing; and ambiguities over accountabilities.

49.2  NAB Second Line Risk Management

1269

49.2 NAB Second Line Risk Management NAB Second Line Risk Reporting In the case of Risk Reporting, NAB identifies a number of shortcomings modelled on the [TransTimeMon] (+)28 variable but in the negative (−) direction, coverage/ rating −8/100.00 rprox: • [NABRiskManSecLineRiskRepFail] (−)  – Banks  – NABRiskMan  – Risk Management and Compliance – Second Line Risk Management Function – Risk Reporting  – Failings in Risk Reporting29  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-­ making  – Reduction in Quality of Accountability/, coverage/rating −8/100.00 rprox (NAB), the content of this variable including: –– ensure risk reporting brings appropriate focus to the impact of risks on customer outcomes and the bank’s reputation; –– develop more forward-looking risk indicators, particularly for emerging or changing non-financial risks; –– establish additional metrics on key compliance and regulatory obligations including, for example, breach reporting, customer remediation and complaints (in progress); –– develop and report additional qualitative and quantitative metrics for conduct risk (see below); –– improve risk reporting alignment across the bank and VCRMCs; –– more holistic reporting of matters affecting the bank’s reputation; –– improve tracking and reporting of timeliness of issue resolution…; –– ensure risk reports adequately communicate learnings from events and breaches as well as providing examples of better-practice risk or compliance approaches; and –– sharpen the application of the Risk View so it clearly and consistently identifies the concerns, issues or action required.30

NAB Second Line Compliance Function In the case of Compliance, NAB again identifies a number of shortcomings modelled on the [TransTimeMon] (+)31 variable but in the negative (−) direction, coverage/rating −8/100.00 rprox: • [NABRiskManSecLineComplyFail] (−)  – Banks  – NABRiskMan  – Risk Management and Compliance  – Second Line Risk Management Function  – Compliance Function/Framework  – Failings in Compliance Function/ Framework32 – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (NAB), the content of this variable including33: –– intertwining of compliance function with operational risk; –– Second Line ceding authority and veto rights to First Line;  See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 198–199.  NAB Self-Assessment 2018, above n 3, p 27. 30  Ibid (punctuation altered). 31  See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 198–199. 32  NAB Self-Assessment 2018, above n 3, p 27. 33  Ibid. 28 29

1270

49  NAB’S Risk Management Framework (RMF) and ASX Enviromental and Social…

–– First Line risk-based approach to managing compliance, incorrectly risk-­ accepting some compliance risks or issues without appropriate escalation; –– absence of veto authority in cases of inadequate compliance arrangements; –– failings in accountabilities and authorities of Compliance Function in: • • • • • •

product approval and review process; surveillance; license management; breach management; regulatory change; and consequence management for breach events.

–– failings to establishing controls that can positively demonstrate evidence of compliance; –– failings in processes of: • • • • •

breach identification; investigation; escalation, reporting; and customer remediation;

–– failings in level of resourcing below peer banks.34 NAB Second Line Conduct Risk In the case of Conduct Risk, NAB again identifies a number of shortcomings modelled on the [TransTimeMon] (+)35 variable but in the negative (−) direction, coverage/rating −8/100.00 rprox: • [NABRiskManSecLineConductRiskFail] (−) – Banks – NABRiskMan – Risk Management and Compliance  – Second Line Risk Management Function  – Conduct Risk  – Failings in Conduct Risk Management36  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/ Responsibility, coverage/rating −8/100.00 rprox (NAB), the content of this variable including37: –– unfair outcomes for customers; –– insufficient urgency in embedding a bank-wide approach; –– high variance in the maturity of customer-outcome related risk assessments and assessment of conduct risk exposures; –– “[l]ack of integrated oversight mechanisms such as monitoring, surveillance and assurance to detect conduct failings and emerging risks”; –– gaps in control coverage; –– weaknesses in control effectiveness;

 Ibid.  See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 198–199. 36  NAB Self-Assessment 2018, above n 3, p 27. 37  Ibid, pp 27–28. 34 35

49.2  NAB Second Line Risk Management

1271

–– slowing of progress of “reporting beyond basic qualitative commentary with no quantitative measures or bank-wide assessment against appetite…limit[ing] the ability to pre-empt or identify emerging risks”; –– “[c]ustomer complaints are being under-utilised as indicator (lead or lag) of conduct issues and poor customer outcomes”; and –– “[i]nconsistent level of the rigour and investigation into complaints needed to mitigate the risk and identify potential systemic issues”.38 NAB Second Line Operational Risk In the case of ‘Operational Risk’, NAB again identifies a number of shortcomings modelled on the [TransTimeMon] (+)39 variable but in the negative (−) direction, coverage/rating −8/100.00 rprox: • [NABRiskManSecLineOpRiskFail] (−)  – Banks  – NABRiskMan  – Risk Management and Compliance  – Second Line Risk Management Function  – ­Operational Risk – Failings in Operational Risk Management40 – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/ Responsibility, coverage/rating −8/100.00 rprox (NAB), the content of this variable including41: –– weaknesses and gaps in control design and effectiveness (including improving competencies within the First Line and Enterprise Controls); –– gaps in issues management, reporting and oversight processes; –– failings in risk appetite, risk profiling and control activities including: • • • •

technology risk; cyber; data; and privacy.

In the case of ‘Operational Risk Profiling’, NAB identifies a number of shortcomings modelled on the [TransTimeMon] (+)42 variable but in the negative (−) direction, coverage/rating −8/100.00 rprox: • [NABRiskManSecLineOpRiskProfFail] (−) – Banks – NABRiskMan – Risk Management and Compliance  – Second Line Risk Management Function  – Operational Risk  – Failings in Operational Risk Profiling43  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/

 Ibid.  See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 198–199. 40  NAB Self-Assessment 2018, above n 3, p 28. 41  Ibid. 42  See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 198–199. 43  NAB Self-Assessment 2018, above n 3, p 28. 38 39

1272

49  NAB’S Risk Management Framework (RMF) and ASX Enviromental and Social…

Responsibility, coverage/rating −8/100.00 rprox (NAB), the content of this variable including44: –– –– –– ––

reporting frequency; improving risk profiles and risk accountabilities; excessive rated risks or ineffective controls; and identifying the relevant BEAR accountable executives.

In the case of ‘Risk in Change’, NAB identifies a number of shortcomings modelled on the [TransTimeMon] (+)45 variable but in the negative (−) direction, coverage/rating −8/100.00 rprox: • [NABRiskManSecLineOpRiskInChangeFail] (−) – Banks – NABRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Operational Risk – Failings in Risk in Change – ‘Failings in the Bank’s Approach to Managing Risk (both Delivered Risk and Execution Risk) in Change ­Activities’46  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (NAB), the content of this variable including47: –– –– –– ––

agenda time; First and Second Line involvement too late in planning process; failure of board oversight or independent project health assessments; and the same First Line executives responsible for both delivery and governance of the relevant change.

ASX Environmental and Social Risks In the case of environmental and social risks, ASX identifies a number of disclosures modelled on the [TransTimeMon] (+)48 variable and in the same positive (+) direction, coverage/rating + 8/100.00 rprox: • [2019ASXDiscloseEnvironmentRisks] (+) – 2019ASX Risk Management and Compliance – Second Line Risk Management Function – Disclosure of Material Exposure to Environmental Risks49  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-­making  – Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (2019ASX); • [2019ASXDiscloseSocialRisks] (+)  – 2019ASX Risk Management and Compliance – Second Line Risk Management Function – Disclosure of Material

 Ibid.  See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 198–199. 46  NAB Self-Assessment 2018, above n 3, p 28. 47  Ibid. 48  See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 198–199. 49  Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition, February 2019, accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-principles-and-recommendationsfourth-­edn.pdf (‘2019ASX’), Rec 7.4, p 27. 44 45

49.2  NAB Second Line Risk Management

1273

Exposure to Social Risks50 – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (2019ASX); and • [2019ASXDiscloseClimateChangeRisks] (+)  – 2019ASX Risk Management and Compliance  – Second Line Risk Management Function  – Disclosure of Material Exposure to Climate Change51 – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-­making  – Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (2019ASX).

50 51

 Ibid.  Ibid, Commentary to Rec 7.4, p 28.

Chapter 50

Governance Variables for the Westpac Review Team 2018 and the Westpac Reassessment on Risk Management and Compliance Abstract  The concluding Chapter of Part 6, Chap. 50, examines governance variables for the Westpac Review Team 2018 and the Westpac Reassessment on risk management and compliance. This begins with an examination of Westpac Review Team 2018 on non-financial risk appetite, conduct risk management and reputation risk management. There follows the Westpac Review Team 2018 on divisional approaches to manage risk and compliance and embedding group-wide policies. Part 6 concludes with the Westpac Reassessment “CORE” Remediation Program including: • Pillar 1 – Direction and Tone set by Board and Group Executive; • Pillar 2 – Clear Risk Boundaries for Decision-making; and • Pillar 3 – Accountable and Empowered People. Keywords  Westpac · Non-financial risk appetite · Conduct risk management · Reputation risk management · Divisional approaches to manage risk and compliance · Embedding group-wide policies · CORE remediation program · Pillar 1 · Pillar 2 · Pillar 3

50.1 Westpac Non-financial Risk Appetite The Stage 2 relational approach will construct disclosure variables identical to the [TransTimeMon] (+)1 variable (and in the same positive (+) direction) to reflect an increase in the quality of risk management and internal monitoring (Risk Management, Monitoring & Audit Factor No 5) on account of the enhancement in 1  Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). See discussion in section 9.1.2.1 of Stage 1, pp 198–199.

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2_50

1275

1276

50  Governance Variables for the Westpac Review Team 2018 and the Westpac…

information flow as a result of Westpac’s implementation of risk management and compliance variables. This gives rise to governance variables with a coverage/rating of +8/100.00 rprox in the Bank Combined Coverage and Relational Proximity Table (Table 10.2 above). Alternatively, there is an increase in the quality of decision-making – Decision-­ making Factor No 7  – and/or an enhancement of clear lines of accountability/ responsibility affecting positively Responsibility Factor No 8 for each of the enhancements identified by Westpac. In the case of failings in risk management and compliance, negative variables based on the [TransTimeMon] (+)2 variable but in the negative (−) direction, coverage/rating −8/100.00 rprox will be identified. Westpac Review Team 2018 Non-financial Risk Appetite In the case of ‘Non-financial Risk’ Appetite, the Westpac Review Team identifies a number of shortcomings modelled on the [TransTimeMon] (+)3 variable but in the negative (−) direction, coverage/rating −8/100.00 rprox: • [WBCRiskManSecLineSpecificComplyCondRiskApp] (−)  – Banks  – WBCRiskMan  – Risk Management and Compliance  – Second Line Risk Management Function  – Compliance and Conduct Risk  – Failings to Specify Appetite for Each Compliance and Conduct Risk  – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-­making – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (Westpac)4; • [WBCRiskManSecLineSpecificOpRiskApp] (−) – Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Operational Risk  – Failings to Sufficiently Specify Appetite of Specific Operational Risks – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (Westpac)5; • [WBCRiskManSecLineSpecificMeas&Metrics] (−)  – Banks  – WBCRiskMan  – Risk Management and Compliance  – Second Line Risk Management Function – Compliance and Conduct Risks – Failings to Specify

For Stage 1, see also, Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144 and Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. 2  Ibid. 3  See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 198–199. 4  Westpac Banking Corporation, Review Team, Governance, Accountability and Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-Assessment_Report_.pdf (‘Westpac Review Team 2018’), section 6.4.2, p 48. 5  Ibid.

50.2  Westpac Management of Conduct and Reputation Risks

1277

Measures and Metrics of Each Specific Compliance and Conduct Risk  – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (Westpac)6 including: –– aggregation of risks which dilutes increases in individual risks; and –– use of ‘red’, ‘amber’ and ‘green’ status without detailed explanation/ description7; • [WBCRiskManSecLineLaggingMeas] (−)  – Banks  – WBCRiskMan  – Risk Management and Compliance  – Second Line Risk Management Function  – Compliance and Conduct Risks – Use of Lagging/Retrospective Measures for Changes in Risk – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (Westpac)8 including: –– failure to signal change in likelihood of risk occurring.9

50.2 Westpac Management of Conduct and Reputation Risks In the case of the management of conduct and reputation risks, the Westpac Review Team explains that “most, if not all, conduct risks lead to reputation risks, but not all reputation risks are conduct risks.”10 Westpac Review Team 2018 Conduct Risk Management The Westpac Review Team identifies a shortcoming in relation to conduct risk management, here modelled on the [TransTimeMon] (+)11 variable but in the negative (−) direction, coverage/rating −8/100.00 rprox: • [WBCRiskManSecLineCondRiskFrame] (−)  – Banks  – WBCRiskMan  – Risk Management and Compliance – Second Line Risk Management Function – Conduct Risk Management  – Conduct Framework for Managing Risk of Misconduct Not Yet Ingrained in Practice  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-­

 Ibid, section 6.4.3, p 48.  Ibid. 8  Ibid, section 6.4.4, p 48. 9  Ibid. 10  Ibid, section 6.5.2, pp 48–49. 11  See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 198–199. 6 7

1278

50  Governance Variables for the Westpac Review Team 2018 and the Westpac…

making  – Reduction in Quality of Accountability/Responsibility, coverage/ rating − 8/100.00 rprox (Westpac).12 Thus, the Westpac Review Team’s Recommendation G1513 contains detailed steps to enhance conduct risk management, here modelled on the [TransTimeMon] (+)14 variable and in the positive (+) direction, coverage/rating + 8/100.00 rprox: • [WBCRiskManSecLineCondRiskTrain] (+) – Banks – WBCRiskMan – Risk Management and Compliance  – Second Line Risk Management Function  – Conduct Risk Management  – Conduct Risk Education and Training Across 3 LOD  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (Westpac)15; • [WBCRiskManSecLineCondRiskWorkshops] (+) – Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Conduct Risk Management  – Conduct Risk Workshops to Identify Specific Conduct Risks with Line 1 Facilitated by Line 2 – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (Westpac)16; • [WBCRiskManSecLineCondRiskProg] (+) – Banks – WBCRiskMan – Risk Management and Compliance  – Second Line Risk Management Function  – Conduct Risk Management – Design and Implement Conduct Risk Program – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making  – Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (Westpac)17; • [WBCRiskManSecLineCondRiskAgenda] (+)  – Banks  – WBCRiskMan  – Risk Management and Compliance – Second Line Risk Management Function – Conduct Risk Management – Conduct Risk Standing Agenda Item for Divisional Risk Committees – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making  – Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (Westpac)18; and • [WBCRiskManSecLineCondRiskHR] (+)  – Banks  – WBCRiskMan  – Risk Management and Compliance  – Second Line Risk Management Function  – Conduct Risk Management – Conduct Risk Incorporated into HR Frameworks –

 Westpac Review Team 2018, above n 4, sections 6.5.3–6.5.4, p 49.  Ibid, Recommendation G15, p 49. 14  See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 198–199. 15  Westpac Review Team 2018, above n 4, Recommendation G15, p 49. 16  Ibid. 17  Ibid. 18  Ibid. 12 13

50.2  Westpac Management of Conduct and Reputation Risks

1279

Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making  – Enhancement in Quality of Accountability/Responsibility, coverage/rating  +  8/100.00 rprox (Westpac)19 including: –– recruitment and hiring; –– training and education; and –– remuneration and accountability.20 Westpac Review Team 2018 Reputation Risk Management The Westpac Review Team’s discussion and Recommendation G1621 identify variables to enhance reputation risk management, here modelled on the [TransTimeMon] (+)22 variable and in the positive (+) direction, coverage/rating + 8/100.00 rprox: • [WBCRiskManSecLineReputRiskFrame] (+)  – Banks  – WBCRiskMan  – Risk Management and Compliance – Second Line Risk Management Function – Reputation Risk Management  – Reputation Risk Management Framework to Identify, Assess and Escalate Reputation Risks – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-making – Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (Westpac)23; and • [WBCRiskManSecLineReputRiskRoles&RespsNFRs] (+)  – Banks  – WBCRiskMan  – Risk Management and Compliance  – Second Line Risk Management Function  – Reputation Risk Management  – Reputation Risk Management Framework to Be Rolled Out Across 3 LOD to Clarify Roles and Responsibilities to Identify, Assess, Manage and Escalate Reputation Risks from Underlying Non-financial Risks  – Enhancement in Information Flow  – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-­making  – Enhancement in Quality of Accountability/Responsibility, coverage/rating + 8/100.00 rprox (Westpac).24

 Ibid.  Ibid. 21  Ibid, Recommendation G16, p 50. 22  See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 198–199. 23  Westpac Review Team 2018, above n 4, section 6.5.6, p 49. 24  Ibid, Recommendation G16, p 50. 19 20

1280

50  Governance Variables for the Westpac Review Team 2018 and the Westpac…

50.3 Westpac Divisional Approaches to Manage Risk and Compliance and Embedding Group-Wide Policies Westpac Review Team 2018 Divisional Approaches to Manage Risk and Compliance25 The Westpac Review Team identifies shortcomings in relation to divisional approaches to manage risk and compliance, here modelled on the [TransTimeMon] (+)26 variable but in the negative (−) direction, coverage/rating −8/100.00 rprox: • [WBCRiskManSecLineDivGrp-WidePolicy] (−) – Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Group-wide Risk Policies Overlapping Division Policies and Processes  – Reduction in Ability to Aggregate Risks Group-wide – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and ­Decision-­making – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (Westpac)27 including remediation: –– consolidation of division policies to group-wide policies28; • [WBCRiskManSecLineDivDisparateITSyst] (−) – Banks – WBCRiskMan – Risk Management and Compliance – Second Line Risk Management Function – Division-specific Processes and Controls on Disparate Set of IT Systems – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/ Responsibility, coverage/rating −8/100.00 rprox (Westpac)29; and • [WBCRiskManSecLineDivMulti-Syst] (−) – Banks – WBCRiskMan – Risk Management and Compliance  – Second Line Risk Management Function  – Complexity from Multiple System Use and Multiple Overlapping Systems/ Processes  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (Westpac)30 including remediation: –– review policies/processes for necessary differences and rationalise.31

 Ibid, section 6.6, p 50.  See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 198–199. 27  Westpac Review Team 2018, above n 4, section 6.6.1, p 50. 28  Ibid, section 6.6.2, p 50. 29  Ibid, section 6.6.3, p 50. 30  Ibid, section 6.6.4, p 50. 31  Ibid, Recommendation G17, p 50. 25 26

50.4  Westpac Reassessment “CORE” Remediation Program

1281

Westpac Review Team 2018 Embedding Group-Wide Policies32 The Westpac Review Team identifies shortcomings in relation to embedding group-­ wide policies, here modelled on the [TransTimeMon] (+)33 variable but in the negative (−) direction, coverage/rating −8/100.00 rprox: • [WBCRiskManSecLineChangeManageGrp-WidePols] (−)  – Banks  – WBCRiskMan  – Risk Management and Compliance  – Second Line Risk Management Function  – Insufficient Emphasis by 2nd Line on Training and Consultation in Developing Group-Wide Policies  – Reduction in Information Flow – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making – Reduction in Quality of Accountability/Responsibility, coverage/rating −8/100.00 rprox (Westpac)34; and • [WBCRiskManSecLineFailSyst&UserApproach] (−)  – Banks  – WBCRiskMan  – Risk Management and Compliance  – Second Line Risk Management Function – Failure to Follow Systematic and User-Centric Approach in Design, Implementation and Communication of Policies  – Reduction in Information Flow  – Reduction in Quality of Risk Management and Internal Monitoring and Decision-making  – Reduction in Quality of Accountability/ Responsibility, coverage/rating −8/100.00 rprox (Westpac).35

50.4 Westpac Reassessment “CORE” Remediation Program The Westpac Reassessment36 describes the “CORE” – Customer Outcomes & Risk Excellence  – Program introduced in response to the shortcomings in non-­ financial risk.37 The Stage 2 Key Code and Advanced Handbook approach will be to construct governance variables based on the seven (7) ‘Key’ or ‘Core’ governance variables from the original thirty-nine (39) variables of Stage 1. These Stage 1 governance variables are set out in Table 10.2 above and re-stated here: • [AudCom] (+) – Audit Committee – Presence, Operation and Frequency (relational effect path section 8.4.2 of Stage 1) (+6/75.00 rprox) (Table 10.2, No 23);

 Ibid, section 6.7, p 50.  See discussion in section 9.1.2.1 of Stage 1, above n 1, pp 198–199. 34  Westpac Review Team 2018, above n 4, section 6.6.1, p 50. 35  Ibid. 36  Westpac Banking Corporation, Reassessment of the Culture, Governance and Accountability Remediation Plan, June 2020, accessed 20 November 2020, available at https://www.westpac. com.au/content/dam/public/wbc/documents/pdf/aw/media/WBC_CGA_Reassessment.pdf (‘Westpac Reassessment’). 37  Ibid, Chap. 6, The CORE Program – 2020 and beyond, p 22. 32 33

1282

50  Governance Variables for the Westpac Review Team 2018 and the Westpac…

• [BrdIndInfo] (−) – Board Independent Director: Executive Director Proportion – Information Flow and Decision Quality ‘Trade-off’ (relational effect path section 7.3.2.1.3 of Stage 1) (−4/50.00 rprox) (Table 10.2, No 201); • [BrdIndMon] (+) – Board Independent Director: Executive Director Proportion – Monitoring Effect (relational effect path sections 7.3.2.1.1–7.3.2.1.2 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 203); • [BrdSkills] (+) – Board – Director Skills ‘Mix’ (relational effect path section 7.3.1.2.1 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 209); • [EqOptEntrch] (−)  – Equity/Option Plans and Holdings of Directors/ Executives  – ‘Entrenchment’ Effect (excludes short-term options) (relational effect path section 10.2.4 of Stage 1) (−7/87.50 rprox) (Table 10.2, No 434); • [EqOptIncent] (+)  – Equity/Option Plans and Holdings of Directors/ Executives  – Incentive/‘Alignment’ Effect (excludes short-term options) (relational effect path section 10.2.4 of Stage 1) (+7/87.50 rprox) (Table 10.2, No 435); and • [TransTimeMon] (+)  – Transparency and Timing of Reporting  – Monitoring Effect (relational effect path section 9.1.2.1 of Stage 1) (+8/100.00 rprox) (Table 10.2, No 1203). As noted in Chap. 1, of utility for modelling purposes, these Stage 1 governance variables have high explanatory power for identifying, constructing and articulating the new Stage 2 bank-specific governance variables for Australian major banks. A number of further aspects comprise the CORE Program. The CORE Program comprises three “Pillars” and 14 “Workstreams” which will be used to construct Stage 2 remediation variables38:

50.4.1 “Pillar 1 – Direction and Tone set by Board and Group Executive”39 Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the positive (+) direction with a coverage/rating of +7/87.50 rprox: • [2020WBCPillar1BrdGovNFRRiskApp&Cult] (+)  – Banks  – 2020WBCPillar1  – Board and Executive Team  – Board Governance of NonFinancial Risk for Risk Appetite, Risk Culture and Risk Management40  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-­making, coverage/rating of +7/87.50 rprox (2020Westpac) including:

 Ibid.  Ibid, Para 6.1.1, Pillar 1, p 23. 40  Ibid, p 23. 38 39

50.4  Westpac Reassessment “CORE” Remediation Program

1283

–– “Board-endorsed consequences for overdue issues and/or risks out of appetite for extended periods”41; • [2020WBCPillar1ExecLeadRiskCult&RiskManage] (+)  – Banks  – 2020WBCPillar1 – Board and Executive Team – Executive Leadership Culture for Role-Modelling Risk Culture and Risk Management Behaviours42  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (2020Westpac); • [2020WBCPillar1RiskCultBehave&Measure] (+)  – Banks  – 2020WBCPillar1 – Board and Executive Team – Risk Culture Behaviours and Measurement43  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (2020Westpac) including: –– “risk culture data and assessment processes”44; • [2020WBCPillar1EnterprisePriority] (+) – Banks – 2020WBCPillar1 – Board and Executive Team  – Enterprise Prioritisation45  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating of +7/87.50 rprox (2020Westpac) including: –– risk-based enterprise investment decisions with consideration of risk trade-offs46; Based on the [EqOptIncent] (+) variable in section 10.2.4 of Stage 1 in the positive (+) direction giving rise to a coverage/rating of +7/87.50 rprox: • [2020WBCPillar1Rem&ConseqManagement] (+)  – 2020WBCPillar1  – Board and Executive Team  – Consequence Management and Remuneration Adjustment Frameworks – Enhancement of Level of Risk-Taking in Alignment with Shareholders, coverage/rating + 7/87.50 rprox (2020Westpac) including: –– “remuneration and performance management policies and practices”47;

 Ibid.  Ibid. 43  Ibid. 44  Ibid. 45  Ibid. 46  Ibid. 47  Ibid. 41 42

1284

50  Governance Variables for the Westpac Review Team 2018 and the Westpac…

50.4.2 “Pillar 2 – Clear Risk Boundaries for Decision-making”48 Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the positive (+) direction with a coverage/rating of +7/87.50 rprox: • [2020WBCPillar2RiskFrameDocs] (+)  – Banks  – 2020WBCPillar2  – Board and Executive Team  – Risk Framework Documents49  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating of +7/87.50 rprox (2020Westpac) including: –– “clear and consistent boundaries for risk appetite and risk tolerance”50; • [2020WBCPillar2Line2RiskRoles&Capability] (+)  – Banks  – 2020WBCPillar2  – Board and Executive Team  – Line 2 Risk Roles and Capability51  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (2020Westpac) including: –– “roles and responsibilities for the Second Line are clear”; –– “second Line Risk specialists have the required experience and skill”; and –– “risk capability is maintained through a comprehensive risk training and education curriculum”; Based on the [TransTimeMon] (+) variable in section 9.1.2.1 of Stage 1 and in the positive (+) direction giving rise to a coverage/rating of +8/100.00 rprox: • [2020WBCPillar2ConductRiskIDBehave&Report] (+)  – Banks  – 2020WBCPillar2  – Board and Executive Team  – Conduct Risk Identification, Reporting and Responding to Material Conduct Risks  – Enhancement in Information Flow – Enhancement in Quality of Risk Management and Internal Monitoring and Decision-­making – Enhancement in Quality of Accountability/ Responsibility, coverage/rating + 8/100.00 rprox (2020Westpac) including: –– “suitable, fair and clear outcomes for …customers”; and –– “uniform and standard way of measuring and assessing conduct risk”52.

 Ibid, Para 6.1.2, Pillar 2, p 24.  Ibid. 50  Ibid 51  Ibid. 52  Ibid. 48 49

50.4  Westpac Reassessment “CORE” Remediation Program

1285

50.4.3 “Pillar 3 – Accountable and Empowered People”53 Based on the [BrdSkills] (+) variable in section 7.3.1.2.1 of Stage 1 and in the positive (+) direction with a coverage/rating of +7/87.50 rprox: • [2020WBCPillar3Line1ManageRisk] (+) – Banks – 2020WBCPillar3 – Board and Executive Team  – Managing Risk in Line 154  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating of +7/87.50 rprox (2020Westpac) including: –– “required risk capabilities are in place in the First Line, in conjunction with the Lines of Business program”; and –– “appropriately skilled and accountable people are working in aligned operating models and teams in all First Line Divisions across the Group”55; • [2020WBCPillar3IssuesManRootCause] (+)  – Banks  – 2020WBCPillar3  – Board and Executive Team – Issues Management Through “Systematic Approach to Root Cause Analysis and Effective Issue Resolution”56 – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-­making, coverage/rating of +7/87.50 rprox (2020Westpac) including: –– “evidence of behavioural uplift in root cause analysis and improved quality of issue definition and closure assessed through sampling”57; • [2020WBCPillar3ControlEnvironment] (+)  – Banks  – 2020WBCPillar3  – Board and Executive Team – Risk Control Environment Controls, Responsibilities, Support, Documentation and Testing,58 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (2020Westpac) including: –– “fit for purpose systems, tools, processes and guidance”; and –– weaknesses identified, escalated and addressed59; • [2020WBCPillar3CustComplaintsCulture] (+) – Banks – 2020WBCPillar3 – Board and Executive Team  – Customer Complaints Culture for Feedback and Complaints60  – Enhancement in Risk Management and Internal Monitoring Effect  – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (2020Westpac) including: –– criteria for resolution61;  Ibid, Para 6.1.3, p 25.  Ibid. 55  Ibid. 56  Ibid. 57  Ibid. 58  Ibid. 59  Ibid. 60  Ibid. 61  Ibid. 53 54

1286

50  Governance Variables for the Westpac Review Team 2018 and the Westpac…

• [2020WBCPillar3ChangeMan&Delivery] (+)  – Banks  – 2020WBCPillar3  – Board and Executive Team – Change Management and Delivery62 – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (2020Westpac) including: –– program and project accountable/responsible persons; –– risk management practices with ongoing reporting; and –– issues identified, escalated and addressed63; • [2020WBCPillar3Account&DecisionMakingPractice] (+)  – Banks  – 2020WBCPillar3 – Board and Executive Team – Accountability and Decision-­ Making in Practice64  – Enhancement in Risk Management and Internal Monitoring Effect – Enhancement in Quality of Decision-making, coverage/rating of +7/87.50 rprox (2020Westpac) including: –– accountability, authority and skills to fulfil role.65

 Ibid.  Ibid. 64  Ibid. 65  Ibid. 62 63

Bibliography

Governance of Banks in the GFC and Beyond Key Field No 5 Renee Adams, “Governance and the Financial Crisis” (Eur. Corp. Governance Inst., Finance Working Paper No. 284/2009, 2009), available at http://ssrn.com/abstract=1398583. Renee B Adams, ‘The Dual Role of Corporate Boards as Advisors and Monitors of Management: Theory and Evidence’, previously titled ‘The Dual Role of Corporate Boards as Advisors and Monitors of Management’, accessed 3 March 2015 at SSRN: http://ssrn.com/abstract=241581. Renee B Adams and Daniel Ferreira, ‘A Theory of Friendly Boards’ (2007) 62(1) Journal of Finance 217–50, available at SSRN: http://ssrn.com/abstract=866625. Renee Adams, B Hermalin and M Weisbach, “The Role of Boards of Directors in Corporate Governance: A Conceptual Framework and Survey”, forthcoming, Journal of Economic Literature, 2009. R C Anderson, S A Mansi and D M Reeb, “Board characteristics, accounting integrity, and the cost of debt” (2004) 37 J Account Econ 315–342. John Armour and Jeffrey N Gordon, “Systemic Harms and Shareholder Value” (2014) 6(1) The Journal of Legal Analysis 35; ECGI - Law Working Paper No. 222; Columbia Law and Economics Working Paper No. 452, (11 July 2014), accessed 11 May 2017 at SSRN: http:// ssrn.com/abstract=2307959. Australian Government, The Treasury, Proposal Paper, Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 Financial Accountability Regime, 22 January 2020, accessed 17 February 2020, available at https://treasury.gov.au/sites/default/files/2020­01/c2020-­24974.pdf. Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia, Final Report, 30 April 2018, (‘APRA Final Report’), accessed 1 June 2018 at www.apra.gov.au/AboutAPRA/.../CBA-­Prudential-­Inquiry_Final-­Report_30042018.pdf. Australian Prudential Regulation Authority (APRA), Information Paper, Self-Assessments of Governance, Accountability and Culture, 22 May 2019, accessed 5 June 2019, available at https://www.apra.gov.au/sites/default/files/information_paper_self-­assessment_of_governance_accountability_and_culture.pdf, (APRA Information Paper 2019’). Australian Prudential Regulation Authority, Prudential Standard CPS 220 Risk Management, July 2019, accessed 22 September 2019, available at https://www.apra.gov.au/sites/default/files/ cps_220_risk_management_effective_from_1_july_2019.pdf (‘CPS 220’).

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2

1287

1288

Bibliography

Australian Prudential Regulation Authority, Prudential Standard CPS 510 Governance, July 2019, accessed 22 September 2019, available at: https://www.legislation.gov.au/Details/ F2019L00662/Download (‘CPS 510’). Australian Prudential Regulation Authority, Revised Draft Prudential Standard CPS 511 Remuneration, November 2020, accessed 19 November 2020, available at: https://www.apra. gov.au/sites/default/files/%5Bdate%3Acustom%3AY%5D-­%5Bdate%3Acustom%3Am%5D/ Revised Draft Prudential Standard CPS 511 Remuneration  -­Clean  -­November 2020.pdf (“CPS 511”). Australian Prudential Regulation Authority, Consultation on Remuneration Requirements for all APRA-regulated entities, accessed 22 September 2019, available at https://www.apra.gov.au/ consultation-­remuneration-­requirements-­all-­apra-­regulated-­entities. Australian Prudential Regulation Authority, Discussion paper: Strengthening prudential requirements for remuneration July 2019, accessed 22 September 2019, available at https://www.apra. gov.au/sites/default/files/discussion_paper_strengthening_prudential_requirements_for_remuneration_july_2019_v1.pdf. Australian Prudential Regulation Authority, Prudential Standard CPS 520 Fit and Proper, July 2019, accessed 1 October 2019, available at: https://www.legislation.gov.au/Details/F2018L01390/ Download (‘CPS 520’). Australian Prudential Regulation Authority, Information Paper, APRA’s Policy Priorities, January 2020, accessed 17 February 2020, available at https://www.apra.gov.au/apras-­policy-­priorities Australian Prudential Regulation Authority, Information Paper, APRA’s Supervision Priorities, January 2020, accessed 17 February 2020, available at https://www.apra.gov.au/ apras-­supervision-­priorities. Australian Securities and Investments Commission, ASIC Corporate Governance Taskforce, Director and Officer Oversight of Non-financial Risk Report, October 2019, accessed 15 April 2020, available at https://download.asic.gov.au/media/5290879/rep631-­published-­2-­10-­2019. pdf (‘2019ASIC’). Australian Securities Exchange, ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, Fourth Edition, February 2019, accessed 10 April 2020, available at https://www.asx.com.au/documents/regulation/cgc-­principles-­and-­recommendations-­ fourth-­edn.pdf (‘2019ASX’). The Bank for International Settlements, The Basel Committee on Banking Supervision, Guidelines, Corporate Governance Principles for Banks, July 2015, accessed 21 March 2017 at http:// www.bis.org/bcbs/publ/d328.htm, (‘BCBS Guidelines 2015’). Bank for International Settlements, Basel Committee on Banking Supervision, The Internal Audit Function in Banks, July 2012, accessed 21 March 2017 at http://www.bis.org/publ/bcbs223.pdf. Banking Act 1959 (Cth), ss 37  – 37KC, PART IIAA  - THE BANKING EXECUTIVE ACCOUNTABILITY REGIME, accessed 28 February 2019, available at http://classic.austlii. edu.au/au/legis/cth/consol_act/ba195972/index.html#s37g, (the ‘BEAR’). Lucian A Bebchuk, “A Plan for Addressing the Financial Crisis” (2008) 5(5) The Economists’ Voice, Article 6, 2008; Harvard Law and Economics Discussion Paper No. 620, (September 2008), accessed 12 April 2017 at SSRN: http://ssrn.com/abstract=1273241. Lucian A Bebchuk, “How to Make TARP II Work”, Harvard Law and Economics Discussion Paper No. 626, (29 June 2009), accessed 12 April 2017 at SSRN: http://ssrn.com/abstract=1341939. Lucian A Bebchuk, “Buying Troubled Assets” (2009) 26 Yale Journal on Regulation, 2009; Harvard Law and Economics Discussion Paper No. 636, (15 September 2009), accessed 12 April 2017 at SSRN: http://ssrn.com/abstract=1392808. Lucian A Bebchuk, Alma Cohen and Holger Spamann, “The Wages of Failure: Executive Compensation at Bear Stearns and Lehman 2000–2008”, (2010) 27 Yale Journal on Regulation 257–282; Harvard Law and Economics Discussion Paper No. 657; ECGI - Finance Working Paper No. 287, (24 November 2009), accessed 11 May 2017 at SSRN: http://ssrn.com/ abstract=1513522.

Bibliography

1289

Lucian A Bebchuk and Holger Spamann, “Regulating Bankers’ Pay” (2010) 98(2) Georgetown Law Journal 247–287, 2010; Harvard Law and Economics Discussion Paper No. 641, (1 October 1 2009), accessed 11 April 2017 at SSRN: https://ssrn.com/abstract=1410072. Andrea Beltratti & Rene M.  Stulz, “Why Did Some Banks Perform Better during the Credit Crisis? A Cross-Country Study of the Impact of Governance and Regulation” 3 (Eur. Corp. Governance Inst. Working Paper Series in Fin., Working Paper No. 254, 2009), available at http://ssrn.com/abstract=1433502. Allen N Berger, Björn Imbierowicz and Christian Rauch, The Roles of Corporate Governance in Bank Failures During the Recent Financial Crisis (October 12, 2014), accessed 11 May 2017 at SSRN: http://ssrn.com/abstract=2021799. Adrian Blundell-Wignall, Paul Atkinson and Se Hoon Lee, “The Current Financial Crisis: Causes and Policy Issues”, 2008, accessed 6 April 2017 at http://www.oecd.org/finance/financial-­ markets/41942872.pdf. Brian J Bolton, “The U.S. Financial Crisis: A Summary of Causes & Consequences”, (21 October 2009), accessed 12 May 2017 at SSRN: http://ssrn.com/abstract=2133576. Richard A Booth, “Things Happen” (2009) Villanova Law Review, forthcoming, (September 2, 2009), accessed 11 May 2017 at SSRN: http://ssrn.com/abstract=1466941. V Bruno and Stijn Claessens, “Corporate Governance and Regulation: Can There Be Too Much of a Good Thing?” (March 1, 2007), World Bank Policy Research Working Paper No 4140, accessed 14 April 2017 at SSRN: http://ssrn.com/abstract=964802. Christopher M Bruner, “Corporate Governance Reform in a Time of Crisis” (2011) 36(2) Journal of Corporation Law 309; Washington & Lee Legal Studies Paper No. 2010-9, (30 May 2010), accessed 6 April 201at SSRN: http://ssrn.com/abstract=1617890. Gerard J Charreaux, “Corporate Governance Theories: From Micro Theories to National Systems Theories” (January 2004), Universite de Bourgogne Fargo Working Paper No. 1040101, accessed 14 April 2017 at SSRN: http://ssrn.com/abstract=486522. Brian R Cheffins, “Did Corporate Governance ‘Fail’ During the 2008 Stock Market Meltdown? The Case of the S&P 500” ECGI - Law Working Paper No. 124/2009, (1 May 2009), accessed 13 April 2017 at SSRN: http://ssrn.com/abstract=1396126. Commonwealth of Australia, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Interim Report, 28 September 2018, accessed 11 December 2018, available at https://financialservices.royalcommission.gov.au/Documents/interim-­report/ interim-­report-­volume-­1.pdf, Volume 1, Introduction, p 2, (‘FSRC Interim Report’). Commonwealth of Australia, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 4 February 2019, accessed 5 February 2019, available at https://static.treasury.gov.au/uploads/sites/1/2019/02/fsrc-­volume1.pdf, Volume 1, (‘FSRC Final Report’). Martijn Cremers, Lucian Arye Bebchuk, and Urs C Peyer, ‘CEO Centrality’, Harvard Law and Economics Discussion Paper No 601 (December 2007, Revised May 2008), accessed 5 March 2015 at SSRN: http://ssrn.com/abstract=1030107. Lawrence A Cunningham, “Behavioral Finance and Investor Governance” (2002) 59 Washington & Lee Law Review 767, accessed 14 April 2017 at SSRN: http://ssrn.com/abstract=255778. S. Davis, “Does “say on pay” work? Lessons on Making CEO Compensation Accountable”, The Millstein Center for Corporate Governance and Performance Policy Briefing Paper, 2007. Frank Jan De Graaf and Cynthia A Williams, The intellectual foundations of the global financial crisis (2009) 32(2) UNSWLJ 390–415, accessed 8 April 2017 at http://www.unswlawjournal. unsw.edu.au/sites/default/files/27_jan_de_graaf_2009.pdf . R DeYoung, E Peng and M Yan, “Executive compensation and business policy choices at U.S. commercial banks” (2012) J Financ Quant Anal, forthcoming. Francesco de Zwart, Enhancing Firm Sustainability Through Governance, The Relational Corporate Governance Approach, Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing, Corporations, Globalisation and the Law Series, July 2015, (‘Stage 1’). Francesco de Zwart, “Enhancing firm sustainability through governance – Part 1: The challenge of corporate governance” (2018) 33(2) Aust Jnl of Corp Law 144.

1290

Bibliography

Francesco de Zwart, “Enhancing firm sustainability through governance – Part 2: The framework of the relational corporate governance approach” (2019) 34(1) Aust Jnl of Corp Law 27. Ran Duchin, John G Matsusaka and Oguzhan Ozbas, ‘When Are Outside Directors Effective?’, USC CLEO Research Paper No C07-13 (February 2008), accessed 3 March 2015 at SSRN: http://ssrn.com/abstract=1026488. Frank H Easterbrook and Daniel R Fischel, “The Corporate Contract” (1989) 89 Colum L Rev 1416. David H Erkens, Mingyi Hung, and Pedro P Matos, “Governance in the 2007–2008 Financial Crisis: Evidence from Financial Institutions Worldwide” (2012) 18 Journal of Corporate Finance, (January 15, 2012), accessed 5 April 2017 at SSRN: http://ssrn.com/abstract=1397685. European Commission, The High-Level Group on Financial Supervision in the EU Chaired by Jacques de Larosière, Report of the de Larosière Group, Brussels, 25 February 2009, accessed 15 June 2017 at https://ec.europa.eu/internal_market/finances/docs/de_larosiere_report_en.pdf (‘de Larosière Report’). European Commission, Green Paper, Corporate Governance in Financial Institutions and Remuneration Policies, COM(2010) 284 final, Brussels, 2 June 2010, accessed 23 March 2017 at http://www.ecgi.org/commission/documents/green_paper_com2010_284_en.pdf (‘EC Green Paper 2010’). European Commission, Green Paper, The EU Corporate Governance Framework, COM (2011) 164 final, Brussels, 5 April 2011, accessed 1 May 2017 at ec.europa.eu/internal_market/company/docs/modern/com2011-164_en.pdf, (‘EC Second Green Paper 2011’). Rüdiger Fahlenbrach and René M Stulz, “Bank CEO Incentives and the Credit Crisis”, Journal of Financial Economics (JFE), Forthcoming; Charles A Dice Center Working Paper No. 2009-13; Fisher College of Business Working Paper No. 2009-03-13; Swiss Finance Institute Research Paper No. 09-27; ECGI - Finance Working Paper No. 256/2009, (12 August 2010), accessed 5 April 2017 at SSRN: http://ssrn.com/abstract=1439859, 25. Eugene F Fama, ‘Agency Problems and the Theory of the Firm’ (1980) 88 Journal of Political Economics 288. Eugene F Fama, ‘The Disciplining of Corporate Managers’ (Selected Paper No 56, Graduate School of Business University of Chicago, 1980). Eugene F Fama and Michael C Jensen, ‘Separation of Ownership and Control’ (1983) 26 Journal of Law and Economics 301–49. Eugene F Fama, Michael C Jensen, Lawrence Fisher and Richard Roll, “The Adjustment of Stock Prices to New Information” (1969) 10 International Economic Review 1–22, accessed 14 April 2017 at SSRN: http://ssrn.com/abstract=321524. Daniel Ferreira, David Kershaw, Tom Kirchmaier, and Edmund-Phillip Schuster, “Shareholder Empowerment and Bank Bailouts” now called “Measuring Management Insulation from Shareholder Pressure”, ECGI  - Finance Working Paper No. 345/2013; Asian Finance Association (AsFA) 2013 Conference, (5 February 2016), accessed 14 June 2017 at SSRN: http://ssrn.com/abstract=2170392. Financial Stability Board, FSB Principles for Sound Compensation Practices, 2 April 2009 accessed 28 February 2019, available at http://www.fsb.org/wp-­content/uploads/r_0904b.pdf (‘FSBP’). Financial Stability Board, FSB Principles for Sound Compensation Practices Implementation Standards, 25 September 2009, accessed 28 February 2019, available at http://www.fsb.org/ wp-­content/uploads/r_090925c.pdf (‘FSBIS’). Financial Stability Board, Principles for An Effective Risk Appetite Framework of 18 November 2013 accessed 28 February 2019, available at http://www.fsb.org/wp-­content/uploads/r_131118. pdf (‘FSBRAF’). Financial Stability Board, Guidance on Supervisory Interaction with Financial Institutions on Risk Culture, A Framework for Assessing Risk Culture of 7 April 2014, accessed 28 February 2019, available at http://www.fsb.org/wp-­content/uploads/140407.pdf (‘FSBCult’). Financial Stability Board, Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, The use of compensation tools to address misconduct risk, 9

Bibliography

1291

March 2018, accessed 28 February 2019, available at http://www.fsb.org/wp-­content/uploads/ P090318-­1.pdf (‘FSBSupp’). O Fuerst and S Kang, ‘Corporate Governance, Expected Operating Performance, and Pricing’, accessed 5 March 2015 at SSRN: http://ssrn.com/abstract=141357. G20/OECD Principles of Corporate Governance of 30 November 2015, accessed 29 July 2015 at http://www.oecd-­ilibrary.org/governance/g20-­oecd-­principles-­of-­corporate-­ governance-­2015_9789264236882-­en (‘G20/OECD 2015 Principles’). Reint Gropp and Matthias Köhler, “Bank Owners or Bank Managers: Who is Keen on Risk? Evidence from the Financial Crisis”, European Business School Research Paper No. 10-02, (23 February 2010), accessed 12 May 2017 at SSRN: http://ssrn.com/abstract=1555663. Robert E Grosse, “The Global Financial Crisis – A Behavioral View”, (16 January 2010), accessed 5 April 2017 at SSRN: http://ssrn.com/abstract=1537744. Jennifer G Hill, “Why Did Australia Fare So Well in the Global Financial Crisis?” in The Regulatory Aftermath of The Global Financial Crisis, E Ferran, N Moloney, J G Hill, and J C Coffee, Jr, eds, Cambridge University Press, 2012, pp 203–300; Sydney Law School Research Paper No. 12/35, (20 May 2012), accessed 12 April 2017 at SSRN: http://ssrn.com/abstract=2063267. Jennifer G Hill, ‘Regulatory Responses to Global Corporate Scandals’ (2005) 23 Wisconsin International Law Journal 367, accessed 3 March 2015 at SSRN: http://ssrn.com/ abstract=886104, 389. Jennifer J Hill and Charles M Yablon, ‘Corporate Governance and Executive Remuneration: Rediscovering Managerial Positional Conflict’, Vanderbilt Law and Economics Research Paper No 03-02 (2002) 25 University of New South Wales Law Journal 294, accessed 5 February 2015 at SSRN: http://ssrn.com/abstract=375240. Klaus J Hopt, “Corporate Governance of Banks after the Financial Crisis”, in E Wymeersch, K J Hopt, G Ferrarini, eds., Financial Regulation and Supervision, A post-crisis analysis, Oxford University Press 2012, pp. 337–367; ECGI - Law Working Paper No. 181/2011, (29 August 2011), accessed 13 April 2017 at SSRN: http://ssrn.com/abstract=1918851. Klaus J Hopt, “Corporate Governance of Banks and Other Financial Institutions After the Financial Crisis”, (2013) 13(2) Journal of Corporate Law Studies 219–253 (Part B); “Corporate Governance of Banks after the Financial Crisis”, in E Wymeersch, K J Hopt and G Ferrarini, eds., Financial Regulation and Supervision, A post-crisis analysis, Oxford University Press 2012, pp 337–367 (Part A); ECGI - Law Working Paper No. 207. (1 April 2013), accessed 13 April 2017 at SSRN: http://ssrn.com/abstract=2212198. Nicholas Calcina Howson, “When ‘Good’ Corporate Governance Makes ‘Bad’ (Financial) Firms: The Global Crisis and the Limits of Private Law” (2009) 108 Michigan Law Review, First Impressions 44; University of Michigan Law & Economics, Olin Working Paper No. 09-024, (17 November 2009), accessed 14 April 2017 at SSRN: http://ssrn.com/abstract=1511904. Institute of International Finance, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, Financial Services Industry Response to the Market Turmoil of 2007–2008, Washington, DC, July 2008, accessed 24 March 2017 at http://www.apec.org.au/docs/11_CON_GFC/IIF_Final_Report_of_the_Committee_ on_Market_Best_Practices.pdf (‘IIF Final Report 2008’). Michael C Jensen and William H Meckling, ‘Theory of the Firm: Managerial Behavior, Agency Costs and Ownership Structure’ (1976) 3(4) Journal of Financial Economics 305. Grant Kirkpatrick, The Corporate Governance Lessons from the Financial Crisis, Report of the OECD Steering Group on Corporate Governance, 11 February 2009, Financial Market Trends, Vol 2009/1, ISSN 1995-2864, accessed 27 March 2017 at http://search.oecd.org/finance/ financial-­markets/42229620.pdf, (‘OECD Kirkpatrick Report 2009’). A Klein, “Audit committee, board of director characteristics, and earnings management” (2002) 33 J Account Econ 375–400. Jack Knott, “Governance and the Financial Meltdown: The Implications of Madisonian Checks and Balances for Regulatory Reform”, APSA 2010 Annual Meeting Paper, (11 August 2010), accessed 10 April 2017 at SSRN: https://ssrn.com/abstract=1642079.

1292

Bibliography

Luc Laeven and Ross Levine, “Bank Governance, Regulation and Risk Taking” (2009) 93 J. Fin. Econ. 259, (June 2008), accessed 11 April 2017 at SSRN: https://ssrn.com/abstract=1142967. Lyons, “Achieving a Healthy Balance Between Offense and Defense in 21st Century Capitalism” (April 26, 2012); Harvard Business Review (HBR) / McKinsey M-Prize for Management Innovation: Long-Term Capitalism Challenge (26 April 2012), accessed 3 April 2017 at SSRN: http://ssrn.com/abstract=2157182. William W Lang and Julapa Jagtiani, “The Mortgage and Financial Crises: The Role of Credit Risk Management and Corporate Governance”, Federal Reserve Bank of Philadelphia, accessed 10 April 2017 at http://fic.wharton.upenn.edu/fic/papers/10/10-­12.pdf. Donald C Langevoort, “Theories, Assumptions and Securities Regulation: Market Efficiency Revisited” (1992) 140 U Pa L Rev 85. R La Porta, R Lopez-de-Silanes, A Shleifer and R W Vishny, (1998) 106 Law and Finance J Polit Econ 1113–1155. Amir N Licht, “The Maximands of Corporate Governance: A Theory of Values and Cognitive Style” (November 2003), ECGI - Law Working Paper No. 16/2003, accessed 14 April 201 at SSRN: http://ssrn.com/abstract=469801 and (2004) 29(3) Delaware Journal of Corporate Law 649–746, accessed 14 April 2017 at SSRN: http://ssrn.com/abstract=764025. Peter O Mülbert, “Corporate Governance of Banks after the Financial Crisis - Theory, Evidence, Reforms”, ECGI - Law Working Paper No. 130/2009, (April 2010), accessed 8 April 2017 at SSRN: https://ssrn.com/abstract=1448118. S C Myers, “Determinants of corporate borrowing” (1977) 5 J Financ Econ 147–175. National Australia Bank, NAB Self-Assessment on Governance, Accountability and Culture, November 2018, accessed 15 March 2019, available at https://www.nab.com.au/content/ dam/nabrwd/documents/reports/corporate/nab-­self-­assessment-­2018.pdf (‘NAB Self-­ Assessment 2018’). Donald Nordberg, “Waste Makes Haste: Sarbanes-Oxley, Competitiveness and the Subprime Crisis”, (10 May 10, 2008), accessed 3 April 2017 at SSRN: http://ssrn.com/abstract=1131674. Organisation for Economic Co-Operation and Development (OECD), OECD Principles of Corporate Governance 2004, 2004, OECD Publications Service, Paris ‘(OECD Principles 2004’). See http://www.oecd.org/document/49/0,3343,en_2649_34813_31530865_1_1_1_37439,00.html (accessed 6 March 2015). OECD Directorate for Financial and Enterprise Affairs, OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis, Conclusions and emerging good practices to enhance implementation of the Principles, 24 February 2010, accessed 11 May 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/44679170.pdf, (‘OECD 2010 Conclusions and Practices’). OECD Steering Group on Corporate Governance, Corporate Governance and the Financial Crisis: Key Findings and Main Messages, June 2009, approved for publication 29 May 2009, accessed 12 April 2017 at www.oecd.org/corporate/ca/corporategovernanceprinciples/43056196.pdf, (‘OECD Key Findings 2009’). R Pindyck and D Rubinfeld, Microeconomics, 6th Ed, Prentice Hall, Upper Sadler River, NJ, 2005. Michael Pirson and Shann Turnbull, “Corporate Governance, Risk Management, and the Financial Crisis - An Information Processing View”, Fordham University Schools of Business Research Paper No. 2011-003, (11 December 2010), accessed 5 April 2017 at SSRN: http://ssrn.com/ abstract=1723782. Christian Plath, Corporate Governance in the Credit Crisis: Key Considerations for Investors, Moody’s Global Corporate Governance, November 2008, (20 November 2008), accessed 10 April 2017 at SSRN: https://ssrn.com/abstract=1309707, (‘Moody’s Challenges 2008’). Paul Rose, “Regulating Risk by ‘Strengthening Corporate Governance’” (2010) 17 Connecticut Insurance Law Journal; Ohio State Public Law Working Paper No. 130, (25 June 2010), accessed 8 April 2017 at SSRN: https://ssrn.com/abstract=1630122. William Sahlman, “Management and the Financial Crisis (We Have Met the Enemy and He is Us …)” (October 28, 2009). Harvard Business School Entrepreneurial Management Working

Bibliography

1293

Paper No. 10-033. (28 October 2009), accessed 4 April 2017 at SSRN: http://ssrn.com/ abstract=1496526. Stephen Sedgwick AO, Retail Banking Remuneration Review Report, 19 April 2017, accessed 28 February 2019, available at https://www.betterbanking.net.au/wp-­content/uploads/2018/01/ FINAL_Rem-­Review-­Report.pdf (‘Sedgwick Review’). Bernard S Sharfman, Steven J Toll and Alan Szydlowski, “Wall Street’s Corporate Governance Crisis” (2009) 17(1) Corporate Governance Advisor 5–8, Jan/Feb 2009, (2 March 2009) accessed 10 April 2017 at SSRN: https://ssrn.com/abstract=1299879. Hussein Tarraf, “Literature Review on Corporate Governance and the Recent Financial Crisis” (27 December 2010), accessed 12 April 2017 at SSRN: http://ssrn.com/abstract=1731044. Frederick Tung, Pay for Banker Performance: Structuring Executive Compensation for Risk Regulation 6–8 (Emory Public Law Research Paper No. 10-93, Emory Law and Economics Research Paper No. 10-60, 2010), available at SSRN: http://ssrn.com/abstract=1546229. Frederick Tung and Xue Wang, “Bank CEOs, Inside Debt Compensation, and the Global Financial Crisis”, Boston Univ. School of Law Working Paper No. 11-49, (11 December 2012), accessed 3 April 2017 at SSRN: http://ssrn.com/abstract=1570161. Shann Turnbull and Michael Pirson, “The Future of Corporate Governance: Network Governance – A Lesson from the Financial Crisis”, Fordham University Schools of Business Research Paper No. 2010-010, (15 March 2010), accessed 5 April 2017 at SSRN: http://ssrn.com/ abstract=1570924. Emilia Vähämaa and Sami Vähämaa, “Did Good Corporate Governance Improve Bank Performance During the Financial Crisis?” (2012) 41 (1–2) Journal of Financial Services Research 19–35, (March 31, 2011) accessed 4 April 2017 at SSRN: http://ssrn.com/abstract=1740547. Lutgart A A Van Den Berghe, “To What Extent is the Financial Crisis a Governance Crisis? From Diagnosis to Possible Remedies”, (May 27, 2009), accessed 4 April 2017 at SSRN: http://ssrn. com/abstract=1410455. Tara Vishwanath and Daniel Kaufmann, ‘Towards Transparency in Finance and Governance’ (September 1999),accessed 4 March 2015 at SSRN: http://ssrn.com/abstract=258978. David Walker, A review of corporate governance in UK Banks and other financial industry entities, Final recommendations, 26 November 2009, The Walker Review secretariat, accessed 14 March 2017 at http://www.http://webarchive.nationalarchives.gov.uk/+/http:/www.hm-­ treasury.gov.uk/d/walker_review_261109.pdf (‘Walker Review 2009’). C Weir, D Laing and P J McKnight, ‘An Empirical Analysis of the Impact of Corporate Governance Mechanisms on the Performance of UK Firms”, accessed 4 March 2015 at SSRN: http://ssrn. com/abstract=286440. M S Weisbach and B E Hermalin, ‘Boards of Directors as an Endogenously Determined Institution: A Survey of the Economic Literature’ (15 June 2000), accessed 3 March 2015 at SSRN: http:// ssrn.com/abstract=233111. Westpac Banking Corporation, Review Team, Governance, Accountability and Culture Self-­ Assessment, 28 November 2018, accessed 5 August 2019, available at https://www.westpac.com. au/content/dam/public/wbc/documents/pdf/aw/media/Westpac_Self-­Assessment_Report_.pdf (‘Westpac Review Team 2018’). Westpac Banking Corporation, Reassessment of the Culture, Governance and Accountability Remediation Plan, June 2020, accessed 20 November 2020, available at https://www.westpac. com.au/content/dam/public/wbc/documents/pdf/aw/media/WBC_CGA_Reassessment.pdf (‘Westpac Reassessment’). Peter Yeoh, “Causes of the global financial crisis: Learning from the competing insights” (2010) 7(1) International Journal of Disclosure & Governance 42–69, (13 August 2009), accessed 8 April 2017 at http://web.b.ebscohost.com.proxy.library.adelaide.edu.au.

Index

Numerals 220BrdRisk APRA Board Oversight of Risk Management, 20, 125 APRA Prudential Standard CPS 220 Risk Management, 1093 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 220BusPlan APRA Business Plan, 20, 125, 1093 APRA Prudential Standard CPS 220 Risk Management, 1093 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 220HeadRisk APRA Head of Group Oversight of Risk Management, 20, 125 APRA Prudential Standard CPS 220 Risk Management, 1093 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications

220Pol&Proc APRA Policies and Procedures, 20, 125 APRA Prudential Standard CPS 220 Risk Management, 1093 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 220RAS APRA Prudential Standard CPS 220 Risk Management, 1081 APRA Risk Appetite Statement, 20, 125 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 220RMF APRA Prudential Standard CPS 220 Risk Management, 1256 APRA Risk Management Framework, 20, 110, 125, 1256 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2022 F. de Zwart, The Key Code and Advanced Handbook for the Governance and Supervision of Banks in Australia, https://doi.org/10.1007/978-981-16-1710-2

1295

1296 220SecLine APRA 2nd Line Risk Management Function, 20, 125 APRA Prudential Standard CPS 220 Risk Management, 1095 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 510AudCom APRA Audit Committee, 20, 125 APRA’s Prudential Standard CPS 510 Governance, 972 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 510BRC APRA Board Risk Committee, 21, 125 APRA’s Prudential Standard CPS 510 Governance, 972 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 510Brd APRA Board of an APRA-regulated Institution, 21, 125 APRA’s Prudential Standard CPS 510 Governance, 972 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 510BrdReview APRA Review of the Board, 21, 125 APRA’s Prudential Standard CPS 510 Governance, 972 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications

Index 510Compose APRA Board Composition Requirements, 21, 125 APRA’s Prudential Standard CPS 510 Governance, 972 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 510Head APRA Head of a Group, 21, 125 APRA’s Prudential Standard CPS 510 Governance, 972 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 510Indep APRA Independent Director, 21, 125 APRA’s Prudential Standard CPS 510 Governance, 972 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 510NED APRA Non-Executive Director, 21, 125 APRA’s Prudential Standard CPS 510 Governance, 452, 772 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 510RemPol APRA Remuneration Policy, 21, 125 APRA’s Prudential Standard CPS 510 Governance, 453–455, 726–729 See also Australian Prudential Regulation Authority (APRA); Incentives; Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications

Index 511BrdRole APRA Role of the Board in the Remuneration Framework, 21, 125 APRA’s Revised Draft Prudential Standard 511 Remuneration of November 2020, 455, 456, 716 See also Australian Prudential Regulation Authority (APRA); Incentives; Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 511CC APRA Compensation/Remuneration Committee, 21, 125 APRA’s Revised Draft Prudential Standard 511 Remuneration of November 2020, 456, 457, 546, 547 See also Australian Prudential Regulation Authority (APRA); Incentives; Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 511Defer&Claw APRA Deferral and Clawback of Variable Remuneration, 21, 125 APRA’s Revised Draft Prudential Standard 511 Remuneration of November 2020, 457, 458, 724, 725 See also Australian Prudential Regulation Authority (APRA); Incentives; Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 511OtherReq APRA other requirements, 21, 125 APRA’s Revised Draft Prudential Standard 511 Remuneration of November 2020, 458, 459, 730 See also Australian Prudential Regulation Authority (APRA); Incentives; Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 511RemDesign APRA design of variable remuneration, 21, 125 APRA’s Revised Draft Prudential Standard 511 Remuneration of November 2020, 459, 460, 719, 720

1297 See also Australian Prudential Regulation Authority (APRA); Incentives; Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 511RemFrame APRA remuneration framework of APRA-regulated entity, 21, 125 APRA’s Revised Draft Prudential Standard 511 Remuneration of November 2020, 460–462, 715, 717, 718 See also Australian Prudential Regulation Authority (APRA); Incentives; Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 511RemOuts APRA’s Revised Draft Prudential Standard 511 Remuneration of November 2020, 462, 463, 721 APRA variable remuneration outcomes, 21, 125 See also Australian Prudential Regulation Authority (APRA); Incentives; Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 511SpecRole APRA specified roles, 21 APRA’s Revised Draft Prudential Standard 511 Remuneration of November 2020, 463, 464, 722, 723 See also Australian Prudential Regulation Authority (APRA); Incentives; Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 520FitProp APRA fit and proper persons, 21, 126 APRA’s Prudential Standard CPS 520 Fit and Proper, 464–469, 783–792 See also Australian Prudential Regulation Authority (APRA) 520FitPropInfo APRA fit and proper information to be provided to APRA, 21, 126 APRA’s Prudential Standard CPS 520 Fit and Proper, 470, 471, 789, 792

1298 520FitPropInfo (cont.) See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 520FitPropWhistle APRA fit and proper persons whistleblowing, 21, 126 APRA’s Prudential Standard CPS 520 Fit and Proper, 471, 472, 789, 791 See also Australian Prudential Regulation Authority (APRA); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 2019ASICBRC ASIC Board Risk Committee, 21, 126 ASIC’s Corporate Governance Taskforce, Director and Officer Oversight of Non-financial Risk Report, 472, 473, 1141–1145 See also Australian Securities and Investments Commission (ASIC); Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 2019ASICInfo ASIC information flows, 21, 126 ASIC’s Corporate Governance Taskforce, Director and Officer Oversight of Non-financial Risk Report, 474, 475, 1057–1062 See also Australian Securities and Investments Commission (ASIC); Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 2019ASICRAS ASIC risk appetite statement, 21, 126 ASIC’s Corporate Governance Taskforce, Director and Officer Oversight of Non-financial Risk Report, 475–478, 1087 See also Australian Securities and Investments Commission (ASIC); Table of Stage 2 Government, Supervisory/Regulatory, Major

Index Bank and Industry Body Reports, Codes, Rules and Publications 2019ASXAudCom ASX Audit Committee, 21, 126, 479, 480, 971 ASX Corporate Governance Council’s Fourth Edition of the Corporate Governance Principles and Recommendations, 479, 480, 971 See also Australian Securities Exchange (ASX); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 2019ASXBRC ASX Board Risk Committee, 21, 126 ASX Corporate Governance Council’s Fourth Edition of the Corporate Governance Principles and Recommendations, 480, 481, 1126 See also Australian Securities Exchange (ASX); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 2019ASXBrd ASX Board of Directors, 21, 126 ASX Corporate Governance Council’s Fourth Edition of the Corporate Governance Principles and Recommendations, 481–484, 738–741, 772, 774, 775, 823, 824, 960 See also Australian Securities Exchange (ASX); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 2019ASXCC ASX Compensation/Remuneration Committee, 21, 126 ASX Corporate Governance Council’s Fourth Edition of the Corporate Governance Principles and Recommendations, 484–488, 540–546 See also Australian Securities Exchange (ASX); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and

Index Industry Body Reports, Codes, Rules and Publications 2019ASXCD ASX continuous disclosure, 21, 126 ASX Corporate Governance Council’s Fourth Edition of the Corporate Governance Principles and Recommendations, 488, 489 See also Australian Securities Exchange (ASX); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 2019ASXDiversity ASX Corporate Governance Council’s Fourth Edition of the Corporate Governance Principles and Recommendations, 492, 493, 769, 770 ASX diversity policy, 21, 126 See also Australian Securities Exchange (ASX); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 2019ASXNED ASX Corporate Governance Council’s Fourth Edition of the Corporate Governance Principles and Recommendations, 493, 774 ASX Non-executive Directors, 21, 126 See also Australian Securities Exchange (ASX); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 2019ASXNomGov ASX Corporate Governance Council’s Fourth Edition of the Corporate Governance Principles and Recommendations, 494, 985, 986 ASX Nomination and Governance Committee, 21, 126 See also Australian Securities Exchange (ASX); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications

1299 2019ASXRights See also Australian Securities Exchange (ASX); Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications 2020WBC Westpac Reassessment of the Culture, Governance and Accountability Remediation Plan, 21, 126 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications; Westpac Reassessment in Westpac 2020WBCCultNFR Westpac Reassessment Culture for Non-Financial Risk, 21, 126 Westpac Reassessment of the Culture, Governance and Accountability Remediation Plan, 497–499, 925, 926 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications; Westpac Reassessment in Westpac 2020WBCLine1 Westpac Reassessment Business Units-­ Operation of Line 1, 21, 126 Westpac Reassessment of the Culture, Governance and Accountability Remediation Plan, 499–501, 1113 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications; Westpac Reassessment in Westpac 2020WBCNFR Westpac Reassessment of the Culture, Governance and Accountability Remediation Plan, 501–503, 884–886 Westpac Reassessment Oversight of Non-Financial Risk, 22, 126 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications; Westpac Reassessment in Westpac

1300 2020WBCPillar1 Westpac Reassessment CORE Program Pillar 1, 22, 126 Westpac Reassessment of the Culture, Governance and Accountability Remediation Plan, 503, 1282, 1283 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications; Westpac Reassessment in Westpac 2020WBCPillar2 Westpac Reassessment CORE Program Pillar 2, 22, 126 Westpac Reassessment of the Culture, Governance and Accountability Remediation Plan, 504, 1284 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications; Westpac Reassessment in Westpac 2020WBCPillar3 Westpac Reassessment CORE Program Pillar 3, 22, 126 Westpac Reassessment of the Culture, Governance and Accountability Remediation Plan, 504, 505, 1283, 1285 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications; Westpac Reassessment in Westpac 2020WBCSecLine Westpac Reassessment 2nd Line Risk Management Function, 22, 126 Westpac Reassessment of the Culture, Governance and Accountability Remediation Plan, 505–507, 1181–1183 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications; Westpac Reassessment in Westpac A AccFail failure of board oversight of accountability/ responsibility, 17, 122 Accountability AccFail, 17, 122

Index accountable person (see BEAR) accountability map (see BEAR) accountability obligations (see BEAR) accountability statement (see BEAR) APRA’s Improvements for Non-financial risk accountabilities (see Non-­ financial risk) authorised deposit-taking institution (ADI) (see BEAR) Bank Executive Accountability Regime (BEAR), and (see BEAR) board, and (see BEAR) culture, and (see Culture) failures (see Failures and failings) FSB Framework for Assessing Risk Culture (FSBCult) accountability, 236–238, 840, 841 FSBCultAcc, 839 FSRC Final Report recommendations and commentary on governance, 18, 123, 847–849 elements of a sound risk culture, 832 See also Culture FSRC Final Report [FSRCAccPersonEndtoEndResp] (+), 862 BEAR, 862 FSRC Final Report recommendations and commentary on accountability, 18, 123, 861–862 See also FSRC Final Report map (see BEAR) mapping, 16 NAB Self-Assessment 2018 accountability, 108, 737, 863–891 clarity of accountability, 889–891 effectiveness of accountability, 890 NABAcc, 886–891 NABAccClarify, 889 NAB accountabilities for resolving ‘complex’ issues, 890 NAB accountabilities in performance and remuneration, 891 See also NAB Self-Assessment 2018 obligations, 17, 99, 122, 146–149, 688, 692–695, 697–699, 703, 706 oversight, 17, 56, 122, 128–130, 146–157, 690–698, 701, 706, 708, 1243–1245 responsibility, 8, 16, 31, 58, 60, 66, 1008 risk management APRA failings in accountability and responsibility, 110, 1028 See also Risks standards, 13

Index statement (see BEAR) three relational axes of good governance Behaviours Axis No. 2, 31 Westpac Reassessment (see Westpac Reassessment) Westpac Review Team 2018 (see Westpac Review Team 2018) Activity Business Units/First Line, 1107–1114, 1172 level, 7, 407, 631 Agency costs theory, 96, 97 efficient market hypothesis, 96, 642, 1007 firm survival and sustainability, 62 Jensen, M.C. and Meckling, W.H., 97 long-term efficiency, and, v, 9, 27, 29, 515 reducing agency costs, v, 38, 1028 shareholder primacy theory, and, 29, 97 shareholder wealth-maximisation principle, and, 97, 98 Agency theory, see Agency costs theory Aims assessing risk culture, for, 832 corporate governance, of, 55 governance factors, of (see Governance factors) underpinning themes, and (see Governance factors) Alignment corporate strategy risk appetite, with, 1088 risk management structure, with, 35, 1024, 1031, 1042–1043, 1120 [EqOptIncent] (+)-Equity/Option Plans and Holdings of Directors/ Executives–Incentive/’Alignment’ Effect, 8, 57, 61, 65, 117, 517, 588, 1282 [EqOptRiskAlignHighEnd] (+), 61, 105, 149, 183, 184, 186–196, 199, 202, 231–235, 246–252, 254–256, 259, 277–287, 386–388, 403–405, 407, 408, 428–430, 453–464, 484–488, 538–540, 547, 548, 550, 551, 554, 555, 558, 560–562, 565, 567–569, 577, 578, 589–592, 597, 600, 605, 608, 614, 628, 647, 655, 657–659, 662, 668, 670, 677, 678, 680, 681, 684, 697, 715–718, 721, 722, 724, 726, 729, 1162 Equity and Options for Executives and High End Employees–Level of Risk-Taking in Alignment with

1301 Shareholder Interests, 61, 105, 222, 538, 550, 567, 568, 589, 655, 657 Equity/option plans and holdings, 8, 43, 57, 61, 65, 117, 220, 221, 517, 518, 533–535, 588, 1282 Factor No. 3 (see Governance factors) FSB Implementation Standards (FSBIS), 246–249, 608–611 FSBIS 4–14 pay structure and risk alignment, 609–611 FSB Principles for Sound Compensation Practices (FSBP) adjusted for all types of risk, 600 FSBP 4-7 effective alignment of compensation with prudent risk-taking, 600–605 mix of cash, equity, etc to be consistent with risk alignment, 605 outcomes symmetric with risk outcomes, 602 payout schedules sensitive to time horizon of risk, 603 See also FSBComp FSB Supplementary Guidance to the FSB Principles and Standards on Sound Compensation, the use of compensation tools to address misconduct risk FSBSupp 5–7 effective alignment of compensation with misconduct risk, 670 See also FSBSupp governance variables align interests of board, CEO and management with outside shareholders, vi, 28, 33, 34, 54, 55, 64, 535 functions, viii, 7, 8, 104 ‘Incentive/Alignment’ effect (see Incentives) key/core governance variables [EqOptIncent] (+)-Equity/Option Plans and Holdings of Directors/ Executives–Incentive/’Alignment’ Effect, 57, 61, 65, 117 risk management align corporate strategy, risk appetite and the internal risk management structure, 35, 225, 1024, 1031, 1042–1043, 1118 failings, 109, 1029 See also Failures and failings; Risks shareholders and managers, between, 97

1302 Alignment (cont.) shareholder value maximisation in banks, 644, 646, 647, 651, 658–660 compensation, 659–660 equity ownership not aligned where holding positions are short-­ term, 656–658 ‘inside debt’ compensation reduces risk-taking, 659–660 long-term stock holding and capping the ratio of variable to fixed, 656 problems with long-term stock holding, 658 traditional governance variables maximise the share price, 513, 642–647 APRACult APRA Information Paper 2019 on risk culture, 17, 109, 122, 927–930 See also APRA; Culture; Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications AudCom Audit Committee, 7, 17–21, 32, 41, 57, 109, 116, 122–126, 132–138, 198, 257, 265, 270, 275, 356, 358, 395–397, 447, 448, 479, 480, 517, 588, 714, 742, 775, 821, 864, 867, 938–940, 968–983, 991, 1050, 1051, 1062, 1131, 1132, 1151, 1154, 1159, 1160, 1165, 1214, 1215, 1248, 1259, 1281 See also Committees [AudCom] (+) key/core variable [AudCom] (+)-Audit Committee-­ Presence, Operation and Frequency, 7, 57, 65, 116, 968, 1281 Audit committee (see Committees) internal, 34, 47, 48, 89, 110, 135, 152, 187, 239, 250, 259, 275, 276, 322, 360, 446, 447, 581, 582, 669, 689, 692, 728, 742, 833, 842, 867–868, 971, 973, 976, 978, 981, 1008, 1027, 1028, 1050, 1051, 1078, 1096, 1098, 1100, 1101, 1106, 1115, 1127, 1174, 1215, 1247–1248, 1251, 1267 Third Line of Defence (see Three Lines of Defence Model)

Index Australian Banking Royal Commission Banking, Superannuation and Financial Services Industry FSRCAcc (FSRC Final Report recommendations and commentary on accountability), 18, 123, 251 FSRCCult (FSRC Final Report recommendations and commentary on culture), 18, 123, 846, 847 FSRCGov (FSRC Final Report recommendations and commentary on governance), 18, 123, 255, 848, 849 FSRCPriority (FSRC Final Report recommendations and commentary on priorities), 18, 123, 849, 850 See also FSRC; FSRC Final Report; Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publication Australian Prudential Regulation Authority (APRA) accountability and responsibility accountability failings in AML-CTF compliance, 1244 Accountability Principles in APRA Final Report, 1245 APRA failings in accountability and responsibility, 1241–1245 APRA failings in operational and compliance risk policies, frameworks and management, 1183 complexity excuse used to diffuse accountability, 1244 consequences of the federated organisational structure, 1243 first line accountability not consistently applied, 1245 governance variables for failings in accountability and responsibility, 1241, 1242 lack of accountability for risk systems, 1245 limited appetite to apply consequence management, 1246 recommendations for accountability, 1247 trust and over-consulting, 1245 unclear roles and responsibilities used to diffuse accountability, 1244 APRA Information Paper 2019 on risk culture

Index APRACult, 17, 122 APRA Final Report board failings, 761–762 board effectiveness, 761–762 decision-making, 761–762 internal monitoring, 761–762 reporting to the board, 762–763 risk management, 761–762 See also Failures and failings APRA-regulated entities ‘non-SFI’, 546, 547, 714 ‘significant financial institution’, 546, 547, 714 BEAR (see BEAR) board (see Board) committees (see Committees) culture (see Culture) failures identified by APRA (see Failures and failings) incentives (see Incentives) NFRAccFail APRA’s Improvements for Non-­ financial Risk Accountabilities Not Being Clear, Cascaded and Enforced, 19, 124, 709–712 NFRCm APRA’s Non-financial Risk Committee, 19, 124 NFRMan APRA’s Non-Financial Risk Management–Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks, 19, 124 NFRWeak APRA’s Non-Financial Risk Management–Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks, 19, 124 non-executive directors (see Non-executive directors) non-financial risks (see Non-­ financial risks) Prudential Inquiry, vii, 5, 6, 119, 512, 526, 679, 751, 758, 862, 978, 1026, 1066, 1106, 1146, 1157, 1176, 1249 Prudential Standard CPS220 Risk Management 220BrdRisk, 440, 441, 1035, 1036 220BusPlan, 442, 1093 220HeadRisk, 442, 1036 220Pol&Proc, 442, 443, 1094

1303 220RAS, 443, 1081, 1082 220RMF, 443–446, 1256–1260 220RMS, 446, 1082 220SecLine, 446, 447, 1173, 1174 Prudential Standard CPS510 Governance 510AudCom, 447, 448, 973–975 510BRC, 449, 450, 1129, 1130, 1170 510Brd, 450, 451, 748, 960 510BrdReview, 450, 451, 960 510Compose, 451, 818, 819 510Head, 451, 452, 742 510Indep, 452, 773 510NED, 452, 773 510RemPol, 453–455, 726–729 Prudential Standard CPS 520 Fit and Proper 520FitProp, 464–469, 784–791 520FitPropInfo, 470, 471, 791, 792 520FitPropWhistle, 471, 472, 790, 791 additional requirements for head of a group, 785 criteria for fit and proper person, 787 fit and proper person variables, 783–792 fit and proper policy, 465–468, 471, 472, 784, 785, 788–792 information to be provided to APRA, 472, 790, 791 process for assessing fit and proper person, 788 responsible person not fit and proper not to hold position, 791 responsible persons, 464–472, 727, 785–792 senior managers, 466, 787 regulators, 229, 1231–1234 risk culture (see Culture) risks (see Risks) remediation Remed, 19, 124 See also Risks Revised Draft Prudential Standard CPS 511 Remuneration 510RemPol, 453–455, 726–729 511BrdRole, 455, 456, 716 511CC, 456, 457, 547, 548 511Defer&Claw, 457, 458, 724, 725 511OtherReq, 458, 459, 730 511RemDesign, 459, 460, 718–720 511RemFrame, 460–462, 715, 717, 718 511RemOuts, 462, 463, 721

1304 Australian Prudential Regulation Authority (APRA) (cont.) 511SpecRole, 463, 464, 722, 723 APRA clawback, 725 APRA deferral, 724 APRA-regulated entities, 546, 713 commencement, 546 ‘non-SFI’, 546, 547, 714 other requirements of CPS 511, 458, 459, 729–731 remuneration framework, 458, 459, 730 remuneration policy, 460–462, 715, 717, 718 review of the remuneration framework, 717–718 role of the board in the remuneration framework, 716–717 ‘significant financial institution’, 546, 547, 714 variable remuneration deferral and clawback, 724–725 variable remuneration design, 718–720 variable remuneration of specified roles, 722–723 variable remuneration outcomes See also Incentives supervisory, ix Three Lines of Defence Model (see Three Lines of Defence Model) See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications Australian Securities and Investments Commission (ASIC) 2019ASICBRC ASIC Board Risk Committee, 21 2019ASICInfo ASIC Information Flows, 21, 126 2019ASICRAS ASIC Risk Appetite Statement, 21, 126, 475–478, 1088–1092 Board Risk Committee (BRC) (see Committees) information flow (see Issues) issue (see Issues) Risk Appetite Statement (RAS) (see Risks) See also ASIC’s Corporate Governance Taskforce, Director and Officer Oversight of Non-financial Risk Report of October 2019; Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and

Index Industry Body Reports, Codes, Rules and Publications Australian Securities Exchange (ASX) 2019ASXAudCom ASX Audit Committee, 21, 126, 479, 480, 971–972 2019ASXBRC ASX Board Risk Committee, 21, 126 2019ASXBrd ASX Board of Directors, 21, 126 2019ASXCC ASX Compensation/Remuneration Committee, 21, 126 2019ASXCD ASX Continuous Disclosure, 21, 126, 488, 489, 1012–1013 2019ASXDiversity ASX Diversity Policy, 21, 126, 769–770 2019ASXNED ASX Non-executive Directors, 21, 126 2019ASXNomGov ASX Nomination and Governance Committee, 21, 126, 985–986 2019ASXRights ASX Rights for Security Holders, 21, 126, 495, 496, 1013, 1014 board 2019ASX, 489–491, 493, 494, 496, 497, 541, 823–825, 961 2019ASXBrd, 21, 126, 481–484, 739–741, 772, 774, 823, 824, 961 2019ASXBrdChart, 739, 740 [2019ASXBrdSkillsMatrix] (+), 772 2019ASXDiversity, 492, 493, 769, 770 ASX Appointment of Directors, 740 ASX board and executive review, 960–961 ASX Charter for Listed Entities, 738–740 ASX diversity policy, 769–770 ASX listed entities, 772 ASX listed entities disclosure and factors of independence, 773–775 ASX variables, 972, 1126 culture and codes of conduct/ethics and conflicts, 822–831 diversity, 108, 436, 752, 767–770 evaluation of the board, 758, 760, 957 independence test, 772–773 interim variables for board diversity, 767–770 Skills ‘Mix’, 7, 42, 45–48, 50, 57, 60, 65, 110, 117, 174, 535, 572, 607,

Index 664, 690, 709, 782, 1026, 1033, 1081, 1084, 1088, 1093, 1108, 1110–1113, 1117, 1128, 1131, 1133, 1135, 1137–1142, 1145, 1157, 1166–1169, 1173, 1179, 1181, 1187, 1200, 1203, 1235, 1239, 1242, 1282 See also Board committees 2019ASXCC, 21, 126, 484–488, 540–545 ASX listed entities, 772 ASX Principles and recommendations, 539–555 ASX safeguard the integrity of corporate reports, 970–972 Audit Committee, 21, 126 Board Risk Committee (BRC), 21, 126 Compensation/Remuneration Committee, 21, 126 Nomination and Governance Committee, 21, 126, 983 See also Committees continuous disclosure ASX continuous disclosure obligations, 1012–1013 ASX information and facilities for security holders, 1013–1014 culture and codes of conduct/ethics and conflicts ASX variables, 822 2019ASX, 823–825 risks, 490, 491, 1275, 1276 environmental and social risks, 1272–1274 See also Risks See also ASX Corporate Governance Council’s Fourth Edition of the Corporate Governance Principles and Recommendation; Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications Authorised Deposit-Taking Institution (ADI), see BEAR Authority FSB Principles for Sound Compensation Practices (FSBP) board to monitor and review compensation system to operate as intended, 597 board to oversee compensation system design and operation, 669

1305 financial and risk control staff to be independent, have authority, etc, 599 FSBComp, 17, 122 FSBP 1–3 effective governance of compensation, 596–600 See also Incentives risk management function, of (see Management function in risks) stature, 1240 status, 1155 B Bank Banks generally, 17, 122 Bank Combined Coverage and Relational Proximity Table 10.2 Chapter 10, 117, 126–507 Coverage, 22, 126–507 hypothesised Combined Coverage and Relational Proximity Table 3.1, 41 target/hypothesised coverage/rating, 8, 33, 67, 127 Key Groupings, 22, 127 relational proximity rating, 126–507 rprox, 126, 128–507 section reference for governance variables relational effect path in bold, 128–507 Table 10.2, 22, 126–507 Bank Executive Accountability Regime (BEAR) accountability map notification obligations Section 37F, 700–703 Section 37FB, 700–702 accountability obligations, 17, 99, 122, 146–149, 688, 692–695, 697–699, 703, 706 accountability statement notification obligations Section 37F, 156, 700–703 Section 37FA, 156, 700–702 accountable person, 17, 99, 122, 688–700, 702, 703, 705–708 Authorised Deposit-Taking Institution (ADI) Section 37, 688 Banking Executive Accountability Regime (BEAR) for authorised deposit-­ taking institutions or ADIs Section 37, 688 BEARAcc

1306 Bank Executive Accountability Regime (BEAR) (cont.) BEAR accountability obligations of the ADI and accountable person, 17, 122 Governance variables for accountability obligations, 693–694 Section 37B(1), 688 Section 37C, 703 Section 37CA, 146, 693, 694, 697, 699, 703, 706 BEARAccReas BEAR ‘reasonable steps’ provisions, 17, 122 Section 37CB, 147, 148, 693–695 BEARDeferVarRem BEAR deferred remuneration obligations of the ADI, 17, 122 Governance variables for deferred remuneration, 696–700 Section 37E, 697 BEARIDAccPerson BEAR identification of accountable persons, 17, 122 BEARKeyPers BEAR key personnel obligations of the ADI, 17, 122 Governance variables for key personnel obligations, 695–696 Section 37D, 154, 155, 695, 696 BEARNotify BEAR notification obligations of the ADI, 17, 122 governance variables, 687–712 Section 37F, 155–157, 700–703, 705 Section 37FC-types of events for which APRA must be identified, 703 Deferred remuneration obligations of an ADI and governance variables Section 37E, 697 Disqualification of accountable persons Section 37JA-APRA may vary or revoke disqualification, 707 Section 37JC-allowing a person disqualified by APRA to act as an accountable person, 707–708 Section 37J-disqualification by APRA, 706–707 Indemnification of ADIs and accountable persons Section 37KA-indemnifying ADIs and accountable persons not permitted except liability for legal costs, 708

Index key personnel obligations Section 37D, 154, 155, 695, 696 notification obligations Section 37F, 58, 155–157, 700–703 pecuniary penalty for non-compliance of the BEAR, 703–704 Section 37G, 703–704 prudential matters Section 5, 704 ‘reasonable steps’ provisions Section 37CB, 147, 148, 693–695 registration of accountable persons [BEARRegAccPerson 37HA] (+), 157, 706 Section 37HA-registration as an accountable person, 705–706 Section 37H-register of accountable persons, 705 resolution Section 5, 704 See also Table of Statutes Bank-specific challenge, debate and testing (see Board) bank-specific competencies, skills and professional qualities, 337, 781, 822, 934 complexity bank-specific variables exhibiting deficiency in banking industry knowledge and competence, 777, 932, 1122 governance variables for complexity of financial products, 1121–1123 Inadequate oversight, risk management and complexity of financial products, 110, 1118–1120 See also Complexity Culture (see Culture) Deficiencies in bank-specific knowledge or expertise (see Board) expertise banking industry specific knowledge, skills/competencies and professional qualities, 781, 934 deficiencies in bank-specific knowledge or expertise, 108 resulting in inadequate risk management and internal controls, 109, 737, 933–935, 1105, 1122 See also Board Governance reports and pronouncements sections 1.1 and 10.1, 117–126

Index Governance variables (see Board; Complexity; Culture; Incentives; Non-executive directors (NED); Risks) Independence Bank-specific knowledge and competence, and, 60, 108, 776–779 deficiency, 736 Governance variables recommended by OECD, 782, 792–793 [NEDBankSecurznInfo] (-)-Banks-­ Non-­Executive Directors-­ Deficiency in Knowledge of Securitization Process of Bank Financial Products-Reduction in Decision-making Quality, 337, 777 [NEDBankSkillsMon] (+) variable-­ banks-­non-executive directors-­ policies and standards on bank-specific competencies, skills and professional qualities-­ enhancement of monitoring and skills effect, 781 [NEDBankWorksInfo] (-)-Banks-­ Non-­Executive Directors-­ Deficiency in Knowledge of Internal Workings of Banks-­ Reduction in Decision-making Quality, 337, 777, 1122 [NEDFit&ProperTest] (+) variable-­ banks-­non-executive directors-­ supervisory authority policies and standards on ‘fit and proper person’ test-enhancement of monitoring and skills effects, 783 OECD findings on independence and competence, 744, 779–783 See also Board Basel Committee for Banking Supervision (BCBS), see Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications Behaviours culture values and behaviours, 240, 300, 301, 843, 896–897 NABCultValues&Behav NAB values and behaviours, 18, 123, 896–897 norms, 13, 832, 845, 864, 909 theoretical parts

1307 Behaviours Axis No. 2, 31 three Relational Axes of Good Governance, 28, 30–32 Behaviours Axis No. 2 accountability, 31 control, 31 entrepreneurism, 31 Innovation, 31 responsibility, 31 risk management, 31 risk-taking, 31 Three Relational Axes of Good Governance Behaviours Axis No. 2, 31 Board accountability, 18, 123 approach to boards, 735–737, 826, 829 APRA-Regulated Institutions APRA Prudential Standard CPS510 Governance, 676, 972 APRA-Regulated Institutions (see Australian Prudential Regulation Authority’s (APRA)) ASX Appointment of Directors 2019ASXBrd, 740 ASX Charter for Listed Entities 2019ASXBrdChart, 740 [BrdSkills] (+) Skills ‘Mix’ Key/Core variable, 47 chairperson annual election of chairperson, 335, 760, 953 qualifications, 760 role, 780, 782, 946–947, 950 time, 760 See also Chairperson challenge, debate and testing Bank-specific competencies, skills and professional qualities, 337, 781, 822, 934 challenge and testing variables, 822 competence and banking/financial industry expertise affected the ability and confidence of NEDs to challenge ‘strong’ CEOs, 751, 821 existing governance variables based on the independence ingredient, 775, 814 functioning of the board and the monitoring and evaluation of performance of directors and the board as a whole, 751, 820

1308 Board (cont.) gaps in reporting and metrics, 139, 751, 758, 761, 820 governance variables examining the time, qualifications, role and election of the chairperson, 751, 760, 821 Increased time commitment from NEDs, 751, 755, 821 NED oversight, monitoring and evaluation, 736, 759, 760 over-reliance on key individuals, 751, 820 rigour and urgency by the board, 751, 758, 820 size, composition and qualification of the Board, 751, 820 characteristics 510Brd, 21, 125, 450, 748 APRA Prudential Standard CPS510 Governance, 747 board and senior management requirements, 450, 748–749 See also Australian Prudential Regulation Authority’s (APRA) composition 510Compose, 21, 125, 451, 818, 819 APRA Prudential Standard CPS 510 Governance, 818, 957, 1128, 1170 composition, independence proportion and representation, 818 See also Australian Prudential Regulation Authority’s (APRA) culture and codes of conduct/ethics and conflicts 2019ASX, 822–825 ASX variables, 972, 1126, 1130 changing board culture and tone at the top, 825, 832 CodesNED (–), 829–831 [CodesNEDConflicts*] (+), 831 codes of conduct and ethics, 822–831 conflicts of interest policy, 830, 831 CultNED, 832 culture and ‘tone at the top’ variables, 826 entrenchment of the CEO, 956 ethics, compliance and reputation committee, 828, 829, 831 See also Codes; Committees; Culture; Non-executive directors (NED); Culture and codes of conduct/ethics and conflicts

Index diversity 2019ASXDiversity, 21, 126, 492, 493, 769, 770 ASX Diversity Policy, 21, 126, 769, 770 EC Green Paper 2010, 338, 765–767 EC Second Green Paper 2011, 337, 338, 766, 767 Interim variables for board diversity, 767–770 NEDDiv, 19, 124 [NEDDivGender*] (+), 768 NED/Non-executive director variables for diversity, 767 NED/Non-executive director variables for gender diversity, 767 See also Diversity duty of care BCBS, 743–745 duty of loyalty BCBS, 743–745 evaluation and review performance evaluation, 491, 496, 520, 758, 760, 843, 961 evaluation of the board Agendas, 18, 123, 267, 400, 501, 502, 750, 870, 885, 945, 947–953, 963, 964, 995, 1149, 1150 ASX Board and executive review, 960 board renewal, 451, 957, 960 board review of performance for board and committees, 958–961 communication with major shareholders, 141, 758, 957, 962–963 cooperation of the Board and committees, 963–965 evaluation statement of skills and experience, 141, 962, 963 expertise banking industry specific knowledge, skills/competencies and professional qualities, 782, 934 board selection process, 936 composition of Board and relevant expertise, 936 deficiencies in bank-specific knowledge or expertise, 108 deficiencies in knowledge of securitised products, 800 determining the balance for effective challenge, testing and debate, 935–936

Index development, training and support of NEDs and NED mentoring by senior executives, 737, 941–943 financial industry expertise and independence trade-off, 937–938 inadequate risk management and internal controls, 109, 737, 933–935, 1122–1123 lack of financial expertise predictive of bank failure, 932 mix of financial and non-financial industry knowledge for effective challenge, 935–936 non-executive director independence variables from Stage 1, 939–940 number and time commitment for compensation/remuneration and risk committees-relational effect paths, 940–941 number and time commitment of NEDs for Audit, Remuneration and Risk Committees, 938–941 resulting in inadequate risk management and internal controls, 109, 737, 933–935, 1122 senior independent director, 482, 494, 737, 739, 740, 758, 760, 938, 943–944, 952, 961 failures APRA Final Report failings, 761–763 failures (see Failures and failings) ‘Fit and Proper Person’ test additional requirements for head of a group, 785 APRA Prudential Standard 520 Fit and Proper, viii, 12, 120, 783 criteria for fit and proper person, 787 fit and proper person variables, 783–792 fit and proper policy, 465–468, 471, 472, 784–785, 788–792 Information to be provided to APRA, 21, 126, 472, 790–792 [NEDFit&ProperTest] (+) variable-­ banks-­non-executive directors-­ supervisory authority policies and standards on ‘fit and proper person’ test-enhancement of monitoring and skills effects, 783 process for assessing fit and proper person, 788–790 responsible person not fit and proper not to hold position, 791

1309 responsible persons, 464–472, 727, 786–792 senior managers, 466, 787 FSRC Final Report recommendations and commentary on the role of the board FSRCGov, 848 functioning of the board [BankNEDTestRisk] (+), 759–760 [BankNEDTestStrat] (+), 759, 822 challenging and testing risk by Non-executive Directors, 759 challenging and testing strategy by NEDs, 736, 759 Independence APRA Prudential Standard CPS 510 Governance, 772, 818, 978, 1128 ASX listed entities disclosure and factors of independence, 773–775 [AudIndInfo] (-)-Audit Committee-­ Independence-­Information Flow and Decision Quality ‘Trade-off’, 41, 137, 775, 814, 821, 939, 968 [AudIndMon] (+)-Audit Committee-­ Independence-­Monitoring Effect, 41, 517, 775, 814, 821, 939, 968 Bank-specific knowledge and competence, and, 777, 932, 1122 [BrdIndInfo] (-)-Board Independent Director: Executive Director Proportion-Information Flow and Decision Quality ‘Trade-off’, 7, 57, 65, 116, 775, 814, 821, 939, 1282 [BrdIndMon] (+)-Board Independent Director: Executive Director Proportion-Monitoring Effect, 7, 57, 61, 65, 517, 775, 814, 821, 940, 1282 deficiency, 736, 777–778, 834, 837, 843 existing governance variables based on independence ingredient, 775 Governance variables recommended by OECD, 782, 792 Independence test, 772, 974 [NEDBankSecurznInfo] (-)-Banks-­ Non-­Executive Directors-­ Deficiency in Knowledge of Securitization Process of Bank Financial Products-Reduction in Decision-making Quality, 337, 777

1310 Board (cont.) [NEDBankSkillsMon] (+) variable-­ banks-­non-executive ­directors-­ policies and standards on bank-specific competencies, skills and professional qualities-­ enhancement of monitoring and skills effect, 781 [NEDBankWorksInfo] (-)-Banks-­ Non-­Executive Directors-­ Deficiency in Knowledge of Internal Workings of Banks-­ Reduction in Decision-making Quality, 337, 777, 1122 [NEDFit&ProperTest] (+) variable-­ banks-­non-executive directors-­ supervisory authority policies and standards on ‘fit and proper person’ test-enhancement of monitoring and skills effects, 783 OECD findings on independence and competence, 744, 779c–783 [OutBrdPos] (-)-Outside Board Positions of Independent Directors, 775, 814, 821, 940 See also Non-executive directors Key/Core variables [BrdIndMon] (+)-Board Independent Director: Executive Director Proportion-Monitoring Effect, 7, 57, 61, 65, 517, 775, 814, 821, 940, 1282 [BrdSkills] (+) Skills ‘Mix’, 7, 42, 45–48, 57, 60, 65, 117, 782, 1282 Review of [BrdIndMon] (+) variable from Stage 1, 745–746 See also Key/Core variables members, 4, 138, 231, 475, 526–528, 530, 550, 556, 571, 573–575, 588–590, 597, 663, 689, 765, 773, 777, 780, 781, 783, 813, 814, 819, 825, 830, 933, 936, 938, 939, 941, 953, 956–959, 975, 983, 1008, 1032, 1058, 1060, 1145, 1209 NEDs or Non-executive directors [BankNEDDevelopProg] (+) variable-banks-development programs for non-executive directors-enhancement of monitoring effect, 754 [BankNEDFinAwareProg] (+) variable-banks-development programs for financial industry

Index awareness of non-executive directors on risk strategy and management-enhancement of monitoring effect, 754 [BankNEDInduct] (+) variable-banks-­ induction of non-executive directors-enhancement of monitoring effect, 754 [BankNEDSupport] (+) variable-­ banks-‘dedicated support’ for non-executive directors for information and advice in addition to the normal board process-­ enhancement of monitoring effect, 754, 792, 942 [BankNEDTestRisk] (+), 759–760 [BankNEDTestStrat] (+), 759 [BankNEDTime] (+), 755 [BankNEDTrain] (+) variable-banks-­ training of non-executive directors-­ enhancement of monitoring effect, 754 challenging and testing risk by NEDs, 759–760 challenging and testing strategy by NEDs, 736, 759 NED Development programs, 736, 753–755, 792, 1161 NED Financial industry awareness, 736, 753–755, 793, 1161 NED Induction, 754–755, 1161 NED Support, 754–755, 941–943 NED Training, 754–755, 941–943 proportion of executive and non-­ executive directors, 109, 737, 955–957 Time commitment, 744, 750, 751, 753, 755, 938–941, 948, 1131–1133 See also Non-executive directors (NEDs) oversight BCBS, 10 oversight of management specifically for risk, 743–745 performance, 451, 760, 957, 958, 960 Positional Conflict Axis No. 3, 31 priorities Adequate investment in response to ‘high rated’ issues, 1235 APRA financial objectives and prioritisation, 1172, 1234–1238 case studies, 856 CRO backlog, 1237

Index customer outcomes, 14, 298, 316, 317, 321, 849, 852, 855–856, 907–908, 1234 financial objectives and prioritisation, 18, 123, 851–856, 1026, 1234–1238 four factors contributing to prioritisation of financial considerations, 858–861 FSRC Final Report recommendations and commentary on priorities, 18, 123, 849–851 FSRCPriority, 18, 123, 257, 258, 849–850 further examples of investment trade-off decisions, 1237 growth fund and annual group budget, 853–854 Investment allocation decisions, 19, 124, 395, 401, 870 limited scope for proactive investment in risk and compliance before ‘high rated’ issues arise, 1235 NABPriority, 18, 123, 315–321, 851–855 NABPriorityDecision, 316, 855 NABPriorityDecisionCust (–), 855–856 NABPriorityLTGrowth, 319, 320, 853, 854 NABPriorityLTStrat, 320, 321, 852 NAB Self-Assessment 2018 on financial objectives and priorities, 851–856 project delivery, 20, 125, 430, 857, 858, 860 strategic planning and performance objectives, 852–853 trade-offs in decision-making, 854–855 WBCFailAllocateInvest, 20, 125, 422, 856 WBCFailInvest, 20, 125, 422, 856 WBCFinPriority, 20, 125, 423, 859, 860 WBCProject, 20, 125, 430, 857, 858 Westpac Review Team 2018 prioritisation decisions, 856–861 proportion of executive and non-executive directors, 109, 737, 955–957 qualification of directors, 108, 736 reporting further variables for non-financial risk reporting, 869–870

1311 NAB Compliance and regulatory matters, 868–869 NAB Customer impact and outcomes, 866 NAB Non-financial risk reporting, 867–868 NAB Operational and technology risks, 868 NAB Reporting from third-line internal audit, 867 NAB Reporting to the board, 18, 123, 865–870 NAB Second-line risk reporting, 866–867, 1269 NAB Self-Assessment 2018, 865 Westpac investment allocations, 870 Westpac Review Team 2018, 865 Responsibilities, functions and processes, 76 Review (see Evaluation of the board (above)) role FSRC Final Report recommendations and commentary on the role of the board, 848–849 FSRCGov, 848, 849 senior Independent director, 482, 494, 737, 739, 740, 758, 760, 943–944, 952, 961 senior leadership oversight customer experience board (CXB), 873 ELT Risk Committees, 873 Enhancing Executive Team functions, 884 Enhancing RISKCO reporting, 884 executive risk committees, 825, 827 Functioning of Westpac Executive Team, 881–882 Functioning of Westpac RISKCO, 882–883 Group Risk Return Management Committee (GRRMC), 873–879 NABELT, 873–880 NAB Self-Assessment 2018, 108, 873–880 Operation of Executive Leadership Team (ELT) and GRRMC, 875–880 Technology and Operations Risk Management Committee, 874 Value Chain Risk Management Committees, 874, 880 WBCETRISKCO, 20, 125, 419, 420, 882, 883

1312 Board (cont.) WBCExecTeam, 20, 125, 421, 422, 881, 882 Westpac functioning of Executive Team and RISKCO, 881–886 size board size and information and task overload, 140, 753–754, 821 Skills Mix [2019ASXBrdSkillsMatrix] (+), 772 ASX listed entities, 769, 772–775, 1125–1128 Key/Core governance variable, 22, 57 skills Mix [BrdSkills] (+)-Board-Director Skills ‘Mix’, 7, 57, 60, 65, 117, 1282 comparator variable, 45–48 structure, 77–78 testing, 759–760, 1163–1165 Tone at the top (see Culture) Board failure in relation to customers (BrdCust), 17, 122 Board of directors (Brd), see Boards Board Risk Committee (BRC), see Committees Borrowing short Maturity transformation (see Risks) [BrdIndInfo] (-) Key/Core variable (see Board; Non-­ executive directors (NEDs)) [BrdIndInfo] (-)-Board Independent Director: Executive Director Proportion-Information Flow and Decision Quality ‘Trade-off’, 7, 57, 65, 1282 [BrdSkills] (+) Key/Core variable [BrdSkills] (+)-Board-Director Skills Mix, 7, 57, 60, 65, 1282 Key/Core variable (see Board) Business Units (BU) Business Units or First line, 7, 1028, 1204 C CC and Comp Compensation/Remuneration Committee, 17, 122 See also Committees; Incentives Chief Executive Officer (CEO) chairperson CEO entrenchment, 949, 956

Index demarcation of chairperson and CEO, 950 division in CEO/Chairperson roles from Stage 1, 946–947 separation from CEO, 783 time commitment, 109, 737, 758, 945–953 culture and codes of conduct/ethics and conflicts entrenchment of the CEO, 949, 956 challenge, debate and testing, 825, 829, 832, 1064 competence and banking/financial industry expertise affected the ability and confidence of NEDs to challenge ‘strong’ CEOs, 751, 821 ‘duality’, 946–952 entrenchment, 949, 956 executives and high end employees, 578, 579 Positional Conflict Axis No. 3, 31, 32 separation from chairperson, 782 See Board; Culture; Incentives; Risks Chairperson agenda items and access to information, 947 annual election of Chairperson, 335, 760, 953 CEO entrenchment, 949, 956 conditions and criteria for Chairperson, 951 ‘duality’, 946–952 outside meetings for NEDs, 948 promoting alternative views, 947–953 qualifications, 751, 760, 783, 821, 951 remuneration, 528 responsibilities, 109, 737, 741, 945–953, 1133 roles, 737, 751, 758, 760, 765, 780, 782, 945–953 separation from CEO division in CEO/chairperson roles from stage 1, 946–947 time commitment demarcation of chairperson and CEO, 950–951 Chief Risk Officer (CRO), see CRO Class risk classes, 15, 398, 399, 880, 1104 See also Risks Cm committees generally, 17, 122 See also Committees

Index Codes codes of conduct and ethics (see Culture) conduct, of, 405, 462, 482, 490, 529, 551, 589–590, 619, 629, 721, 739, 744, 823, 828, 830, 831, 987, 988 conflicts of interest, of, 108, 198, 589, 720, 737, 831, 987 culture and codes of conduct/ethics and conflicts 2019ASX, 823–825 ASX variables, 822, 825–831 changing board culture and ‘tone at the top’, 825 CodesNED (–), 829, 830 [CodesNEDConflicts*] (+), 831, 987 codes of conduct and ethics, 822–831 conflicts of interest policy, 830, 831 CultNED, 832 culture and ‘tone at the top’ variables, 826 entrenchment of the CEO, 956 Ethics, Compliance and Reputation Committee (see Committees) See also Culture ethics, of (see Culture) governance codes Key Field No. 3–Comparative Corporate Governance Codes, 49, 91 perceived weaknesses, 91 Stage 1, 26, 38, 49, 91, 768 Committees audit committee 510AudCom, 20, 125, 447, 448, 973–975 APRA Prudential Standard 510 Governance on the Board Audit Committee, 972 ASX safeguard the integrity of corporate reports, 970–972 Audit Committee reporting from Group Audit, 982–983 BCBS Audit Committee requirements, 975–978 NABAudCom, 18, 123, 265, 978 NAB Self-Assessment 2018, 864, 975–978 ‘red’ audit report failings in audit committee practice, 396, 978–980 reliance on key individuals, 980–982 reporting weaknesses, 980–982 review of Audit Committee variables from Stage 1, 968

1313 shortcomings in operation, 978–982 See also Failures and failings board committees failings identified by APRA, 979 See also Failures and failings Board Legal, Regulatory and Compliance Committee Westpac Reassessment, 865 Board Risk Committee (BRC) 510BRC, 449, 450, 1129, 1130, 1170 access, 447, 1130, 1133, 1155–1159, 1180 APRA’s Prudential Standard CPS 510 Governance, 1128–1130 ASIC Governance Taskforce 2019, 1141–1145 ASX listed entities, 1125–1128 authoritative financial stability assessments, 1163–1165 BCBS Guidelines 2015, 1137–1146 [BRCIndInfo] (-)–Board Risk Committee–Independence– Information Flow and Decision Quality ‘Trade-off’, 1131 [BRCIndMon] (+)–Board Risk Committee–Independence– Enhancement in Monitoring Effect, 1131 [BRCIndFreq] (+)–Board Risk Committee–Independence in combination with Frequency of Meeting–Enhancement in Risk Management and Internal Monitoring, 1131 BRC responsibilities proposed by, 1136–1146 [BRCRiskReportContents] (+), 1169 CFO, 1154, 1156 Chief Risk Officer (CRO), 110, 550, 583, 593, 601, 1027, 1043, 1131, 1133 composition, 110, 449, 1027, 1129 economic assessments, 1163–1165 emerging issue, 1142, 1145–1146 establishment, 744, 1154, 1157–1158 Executive Risk Committees, 873 external advisers to the BRC, 1027, 1166 failings (see Failures and failings) [FailTransRiskFactors&Rank] (-), 1168 first disclosure variable, 1168–1169 ‘fundamental prudential risks’, 1133

1314 Committees (cont.) Group Risk Return Management Committee (GRRMC), 271, 1049 independence, 202, 1027, 1110, 1133, 1155–1159 information to APRA, 449, 1170 NABELT, 876 NAB Self-Assessment 2018, 1137–1146 nature of risks and responsibilities monitored by the BRC, 1027, 1133–1135 no constraints on persons providing information to APRA, 1170 non-executive director number, time commitment and number of meetings for BRC, 1131–1133 Operation of Executive Leadership Team (ELT) and GRRMC, 875 other, 1145 other risks, 1134 reporting lines, 1027, 1154–1159, 1171, 1209–1210 risk appetite and weightings for incentives (see Incentives) role and contribution of non-executive directors on BRC, 1161 role and responsibilities, 202, 1154, 1155, 1159–1160 responsibilities of the BRC, 1126, 1132, 1136–1137 second disclosure variable, 1169 separate BRC Report, 1027, 1167–1169 significant mergers, acquisitions and disposals, 1027, 1166–1167 status, 1027, 1154–1160 stress, scenario and fail testing, 1163–1165 Walker Review 2009, 1027, 1131–1133, 1136, 1166 Westpac Review Team 2018, 1137–1146, 1154 Walker Review 2009 variables for establishment of the BRC, 1131–1133 See also Non-executive directors Compensation/Remuneration Committee (see Incentives) Ethics, Compliance and Reputation Committee (see Culture and codes of conduct/ethics and conflicts) executive ECmFail, 122

Index failings in Board committees (see Failures and failings) members, 448, 514, 515, 576, 583, 971 NAB Customer Outcomes Committee, 109, 864, 988 Nomination and Governance Committee ASX, 21, 126, 985–986 Non-financial Risk Committee NFRCm, viii, 8, 19, 124, 995–998 NFRCmFail, 342, 343 RISKCO enhancing Executive Team functions, 884 enhancing RISKCO reporting, 884 Functioning of Executive Team and RISKCO, 881–886 Functioning of Westpac RISKCO, 882, 883 WBCETRISKCO, 20, 125, 419, 420, 882, 883 Risk & Compliance Committee, 864 senior leadership oversight Customer Experience Board (CXB), 873 ELT Risk Committees, 873 enhancing Executive Team functions, 884 enhancing RISKCO reporting, 884 Executive Risk Committees, 827 Functioning of Executive Team and RISKCO, 881–886 Functioning of Westpac Executive Team, 881–882 Functioning of Westpac RISKCO, 882–883 Group Risk Return Management Committee (GRRMC), 306–313, 873, 874, 876–879 NABELT, 18, 123, 305–314, 873–880 NAB Self-Assessment 2018, 872, 874 Operation of Executive Leadership Team (ELT) and GRRMC, 875 Technology and Operations Risk Management Committee, 313, 874 Value Chain Risk Management Committees, 314, 874, 880 WBCETRISKCO, 20, 125, 419, 420, 882, 883 WBCExecTeam, 20, 125, 421, 422, 881, 882 Technology Committee control and information technology, 76 ELT Risk Committees, 873 Executive Risk Committees, 873

Index failures and inadequacies in computer risk modelling (see Failures and failings) NAB Operational and technology risks, 868 NAB Self-Assessment 2018, 851 Reporting to the board, 865–870 Technology and Operations Risk Management Committee, 313, 874 Comp and CC Compensation/Remuneration committee, 17, 122 Compensation, see Equity/Option holdings and plans; Incentives Competence, see Board Complexity complex and opaque bank financial instruments complexity of financial products, 110, 1010–1011, 1027, 1118–1123 lack of control, 1010–1011 [NEDFinProdInfo] (-)–Banks–Non-­ Executive Directors-Complex and Opaque Financial Product– Reduction in Decision-making Quality and Delineation and Disclosure of Powers, Duties and Lines of Responsibility, 1010 complex and opaque bank structures boards of parent companies, 1008 directors’ duties to the entity, 1006–1007 making oversight by NEDs problematic, 1008 [NEDBankStructInfo] (-) variable– Banks–Non-Executive Directors-­ Complex and Opaque Bank, Group and Entity Structures–Reduction in Decision Quality and Delineation and Disclosure of Powers, Duties and Lines of Responsibility, 1009–1010 continuous disclosure ASX continuous disclosure obligations, 1012–1013 ASX information and facilities for security holders, 1013–1015 information asymmetry extends beyond shareholders, 1015 culture (see Culture) derivatives products risks (see Risks) valuation, 77, 80

1315 inadequate oversight, risk management and complexity of financial products bank-specific variables exhibiting deficiency in banking industry knowledge and competence, 1122 complex and opaque nature of securitized/financial products, 1123 credit rating deficiency variables, 1121 failure of information flow on risks in CDOs and other financial products, 1123 governance variables for complexity of financial products, 1121–1123 inadequate risk management and internal controls, 1122 risk modelling deficiency variables, 1121 off-balance sheet entities, 109, 737, 1005–1020, 1031 quality of decision-making by NEDs, 109, 737, 1017 separate legal entity principle affecting group-wide risk policy and disclosure, 1006, 1007 transparency and disclosure deficiencies in the quality of decision-­ making by NEDs, 1017 deficiencies in the transparency and timing of reporting and internal and external monitoring, 1017–1018 financial institution level, 1016, 1018–1020 liquidity disclosure, 1019 principles, 563, 1016 risk disclosure, 1018–1019 structured-product level, 1016–1018 valuation disclosure, 1019 Compliance culture CodesNED (–), 829 codes of conduct and ethics, 198, 199, 828–831, 986–988 ethics, compliance and reputation committee, 109, 199, 828–832, 986–988 See also Culture Factor No. 2 Compliance Factor No. 2, 48–50, 969 Corporate Governance and Legal Compliance, 28, 33, 48, 54, 64, 534, 535, 539, 572, 577, 607, 664, 690, 693, 695, 701, 706, 708–710, 1026, 1033, 1203, 1238, 1242

1316 Compliance (cont.) governance factors (see Governance factors) failures and failings accountability and responsibility, 110, 1028, 1241–1245 accountability failings in AML-CTF compliance, 1244 APRA, 1147, 1183–1190 APRA failings in accountability and responsibility, 992, 993, 995, 1146 APRA failings in operational and compliance risk policies, frameworks and management, 1183–1190 compliance breach assessment and reporting, 19, 123, 322, 323, 1049–1050 governance variables for failings in accountability and responsibility, 1172, 1241–1245 issue, 1049 function (see Management in Risks; Management function or Second Line in Risks; Risks) NABRedFlagComplyBr NAB board oversight of risk management in relation to compliance breach assessment and reporting, 19, 123 NABRiskMan NAB risk management and compliance, 19, 123 NAB risk management framework (RMF), 1028, 1264 NAB Second Line Compliance function, 1269–1270 NFRMan APRA’s Non-Financial Risk Management–Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks, 19, 124 NFRWeak APRA’s Non-Financial Risk Management–Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks, 19, 124 reporting to the board NAB Self-Assessment 2018, 865–870 NAB Compliance and regulatory matters, 868

Index resources, for, 13, 367, 669, 833, 1025, 1072, 1240 risk (see Management in risks; Management function/Second Line in risks; Risks) SecLine 2nd line risk management function, 333, 334, 364–368, 370, 373, 377, 431–436, 447, 490, 600, 1174, 1177, 1179, 1183–1192, 1239, 1240, 1269–1273, 1276–1281 Second Line of Defence APRA failings in operational and compliance risk policies, frameworks and management, 1183 bank compliance function, 1187 BCBS Principle 9, 1238 Compliance Factor No.2, 48–50, 969 compliance function, 1106, 1172, 1240 Corporate Governance and Legal Compliance (see Governance factors) divisional approaches to manage risk and compliance, 1280–1281 effectiveness of compliance function, 1240 managing operational and compliance risks, 1183 operational and compliance risk policies and frameworks, 1183 resourcing and capability of the operational risk and compliance functions, 1184 Westpac Review Team 2018, 1280–1281 Shareholder-Primacy Interrelationship Scheme Figure 3.1, 38–39 Conduct ASX 2019ASX (see ASX) ASX variables, 972, 1126, 1130 board, 739 culture and codes of conduct/ethics and conflicts, 822–831 codes, of, 15, 17, 34, 60, 108, 122, 198, 199, 277, 365, 526, 737, 817–862, 906, 986–988, 1238, 1240 culture and codes of conduct/ethics and conflicts 2019ASX, 823–825 ASX variables, 972, 1126, 1130 changing board culture and ‘tone at the top’, 825

Index CodesNED (–), 829–831 [CodesNEDConflicts*] (+), 831 Codes of conduct and ethics, 822, 826, 828, 829, 831 conflicts of interest policy, 830 CultNED, 827 culture and ‘tone at the top’ variables, 826 Ethics, Compliance and Reputation Committee (see Committees) Entrenchment of the CEO, 825 See also Culture FSBSupp FSBSupp 1–4 governance of compensation and misconduct risk, 668 FSBSupp 5–7 effective alignment of compensation with misconduct risk, 670 FSB Supplementary Guidance to the FSB Principles and Standards on Sound Compensation, the use of compensation tools to address misconduct risk, vii, 10, 18, 19, 119, 122 See also Incentives misconduct, vi, vii, 3–23, 28, 54, 64, 65, 72–73, 77, 105, 106, 109, 116, 119, 120, 251–256, 259, 429, 431, 512, 515, 526, 543, 545, 575, 587, 596, 634, 637, 667–673, 675–679, 681, 682, 719, 725, 735–737, 746, 776, 828, 844–847, 1020, 1023–1044, 1277 NAB Self-Assessment 2018 NABCompRisk&Cond, 18, 123, 622–624 recommendations and commentary on remuneration, 106, 613–625 risk and conduct within the remuneration framework (see also Incentives) NFRMan APRA’s Non-Financial Risk Management–Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks, 19, 124 NFRWeak APRA’s Non-Financial Risk Management–Failings in NonFinancial Risk Management of Operational, Compliance and Conduct Risk Frameworks, 19, 124

1317 non-executive directors changing board culture and ‘tone at the top’ variables, 825, 832, 1064 CodesNED (–), 198, 199, 277, 829–831, 987, 988 [CodesNEDConflicts*] (+), 831, 987 codes of conduct and ethics, 198, 199, 277, 829, 831, 986–988, 1240 conflicts of interest policy, 831 CultNED, 832 remuneration consultants code of conduct, 526, 528, 551, 589–590 See also Incentives risk, 15, 19, 110, 124, 253, 268, 312, 333, 344–348, 354, 368, 369, 399, 431, 432, 434, 435, 504, 673, 677, 715, 847, 871, 877, 880, 998–1002, 1083, 1085, 1098, 1103, 1130, 1189, 1190, 1239, 1267, 1271–1273, 1276–1278, 1284 APRA failings in operational and compliance risk policies, frameworks and management, 1183 APRA’s improvements in non-financial risk management (NFRMan), 998–1002 conduct and reputation risks, 111, 418, 1229, 1277–1279 conduct risk management, 333, 431, 432, 1270, 1277, 1278 manage function/second line, 333, 431, 432, 434, 435, 1272, 1276–1278 management of conduct and reputation risks, 111, 1277–1279 non-financial risk, 7, 14, 15, 73, 344–348, 874, 877, 880, 998–1002 reputational risk management, 1231 second line of defence, 110, 1027, 1106, 1172–1174, 1205, 1212 Westpac Review Team 2018, 1277–1279 stakeholders (see Stakeholders) See also Risks Conflicts of interest Codes, 108, 589, 737, 831, 987 2019ASX, 490 ASX variables, 972, 1126, 1130 [CodesNEDConflicts], 831, 987 conflicts of interest policy, 830, 831 culture and codes of conduct/ethics and conflicts, 822–831 See also Codes

1318 Consequences failures and failings APRA, 1149, 1183–1190 consequences of the federated organisational structure, 1243 limited appetite to apply consequence management, 1244 FSRC Final Report disclosure of consequences, 680 issues of implementation, 680–682 remuneration, 106, 108, 675–686, 844, 845 incentives board oversight of remuneration practices, 620–621 consequence management for variable remuneration, 18, 123, 277–280, 616–620 NABBrdOseeRem, 18, 123, 271 NABComp, 277, 280, 616–621, 624, 625 NABCompBoard, 620 NABCompConseqMan, 18, 123, 277–280, 616–620 NABCompRemConseq, 18, 123, 281 NABCompRisk&Cond, 18, 123, 282–284 NAB Self-Assessment 2018, 540, 554, 555 non-remuneration components of consequence management, 635–636 recommendations and commentary on remuneration, 106, 613–625 remuneration and consequence management, 872 remuneration consequence, 18, 123, 271, 361, 621, 624–625, 872, 887, 1252 remuneration framework–fixed and variable remuneration, 614–616 remuneration governance model, 621–622 risk and conduct within the remuneration framework, 18, 123, 622–624 WBCNonRemConseqMan, 427–430, 635–639 Westpac Review Team 2018, 872 NABCompConseqMan NAB consequence management for variable remuneration, 18, 123 See also Incentives NABCompRemConseq

Index NAB application of remuneration consequence, 18, 123, 624, 625 See also Incentives risk, 350, 1004 [BankSystRisk] (-)–banks–level of systemic risk–effects of risk-­ taking, 809 systemic risk, 85 WBCNonRem Westpac non-remuneration consequence management, 20, 125 Westpac Review Team 2018 remuneration and consequence management, 872 Control Behaviours Axis No. 2 (see Three Relational Axes of Good Governance) committees control and information technology, 76 Technology Committee, 874 complexity complex and opaque bank financial instruments, 1010–1011 inadequate oversight, risk management and complexity of financial products, 110, 1119–1120 inadequate risk management and internal controls, 933 lack of control, 1010–1011 ‘control code’ Key Code and Advanced Handbook, 7 culture, 23, 51, 73, 76, 579, 1078 FSBComp, 17, 122 FSBP 1–3 effective governance of compensation, 596–600 FSB Principles for Sound Compensation Practices (FSBP), 17, 122 financial and risk control staff to be independent, have authority, etc, 599 incentives owner-control, 513 [OwnerControlRisk] (-), 653 ownership structure, 77, 513 predicts bank failure, 513, 651–654 market for corporate control ‘substitution effect’ of governance variables, 96 weaker, 96–97 NAB

Index NAB first line risk and control ownership, 1266–1268 NAB Risk Management Framework (RMF), 1028, 1264 non-executive directors banking industry specific knowledge, skills/competencies and professional qualities, 934 deficiencies in bank-specific knowledge/expertise, 108 expertise, 336, 735, 750, 934, 937, 1122 inadequate risk management and internal controls, 933 resulting in inadequate risk management and internal controls, 1122 ownership structure [BankControlRisk] (-)–banks–level of owner-control (high)–effects of risk-taking, 810 controlling shareholder, 651, 810–811 predictive of greater risk and bailout, 810–811 profit centres separate to risk management and control, 35, 230, 1024, 1031, 1043 risks, 596, 750, 843 APRA’s improvements in non-financial risk management (NFRMan), 998–1002 [BankControlRisk] (-)–banks–level of owner-control (high)–effects of risk-taking, 810 common risk and control language, 437, 1190–1191 controlling shareholder, 810–811 deficiencies in bank-specific knowledge/expertise, 108 expertise, 35, 48, 92, 93, 735–746, 926, 933, 934, 1031, 1041, 1098 failings, 990 frameworks, controls and standards, 1181 gaps and control weaknesses, 1000 inadequate oversight, risk management and complexity of financial products, 110, 1119–1122 inadequate risk management and internal controls, 109, 737, 933–935, 1027, 1122 internal controls, 34, 77–79, 109, 134, 521, 737, 972, 976, 1027, 1032, 1078, 1080, 1122, 1162, 1200–1201

1319 management, 236, 606, 1120 NAB First Line risk and control ownership, 1266–1268 NABRiskMan, 331, 332, 1266–1268 NAB Risk management framework, 1028, 1264 non-financial risk, 339, 347, 710, 1000, 1265 predictive of greater risk and bailout, 810–811 process to regularly review, assess and test controls, 436, 1191–1192 resulting in inadequate risk management and internal controls, 109, 737, 933–935, 1027, 1122 risk management framework (RMF), 1268 risk management function/second line, 1282 second line of defence, 1177, 1205 separate risk management from control from profit centres, 230, 1024, 1043 Westpac Reassessment, 110, 1113, 1181 Westpac Review Team 2018, 1219 structures, 22, 51, 58, 78, 1120, 1200 technology control and information technology, 76 Three Lines of Defence Model Business Units/First Line, 1115 Westpac Reassessment, 14 building Line 1 risk and control capability, 110, 1113–1114 Control code Key Code and Advanced Handbook, 7 Core 2020WBCPillar1 Westpac Reassessment CORE Program Pillar 1, 22, 126 2020WBCPillar2 Westpac Reassessment CORE Program Pillar 2, 22, 126 2020WBCPillar3 Westpac Reassessment CORE Program Pillar 3, 22, 126 alignment [EqOptIncent] (+)-Equity/Option Plans and Holdings of Directors/ Executives–Incentive/’Alignment’ Effect, 8, 57, 61, 65, 117, 517, 588, 1284 key/core governance variables, 117 board

1320 Core (cont.) [BrdIndMon] (+)-Board Independent Director: Executive Director Proportion–Monitoring Effect, 7, 57, 61, 65, 517, 775, 814, 821, 940, 1284 [BrdSkills] (+)–Board–Director Skills ‘Mix’, 7, 57, 60, 65, 117, 1284 [BrdSkills] (+) Skills ‘Mix’, 7, 42, 45–48, 57, 60, 65, 117, 782, 1284 comparator variable, 45–48 key/core governance variable, 57, 116 key/core variables, 60 review of [BrdIndMon] (+) variable from Stage 1, 62, 736, 745–746 Skills ‘Mix’, 7, 42, 45–48, 50, 57, 60, 65, 110, 117, 174, 535, 572, 607, 664, 690, 709, 782, 1026, 1033, 1081, 1084, 1088, 1093, 1095, 1108–1111, 1117, 1128, 1131, 1133, 1135, 1137, 1139–1141, 1145, 1157, 1164, 1166, 1167, 1173, 1177, 1179, 1181, 1187, 1200, 1203, 1235, 1239, 1242, 1284 [EqOptEntrch] (-) [EqOptEntrch] (-)-Equity/Option Plans and Holdings of Directors/ Executives–‘Entrenchment’ Effect (excludes short-term options), 8, 57, 61, 65, 117, 518, 589 key/core variable, 57, 535–538, 545, 551, 555, 558, 578, 588, 589, 597, 600, 605, 608, 614, 628, 668, 670, 677, 678, 680, 684, 697 [EqOptIncent] (+) [EqOptIncent] (+)-Equity/Option Plans and Holdings of Directors/ Executives–Incentive/’Alignment’ Effect (excludes short-term options), 8, 57, 61, 65, 117, 517, 588 key/core variable, 534–538, 540, 547, 548, 551, 554, 558, 578, 589, 592, 597, 600, 605, 608, 614, 628, 668, 670, 677, 678, 680, 681, 684, 696, 715, 717, 718, 721, 722, 724, 726, 729, 1162, 1284, 1285 equity/option plans and holdings [EqOptEntrch] (-)-Equity/Option Plans and Holdings of Directors/ Executives–‘Entrenchment’ Effect (excludes short-term options), 8, 57, 61, 65, 117, 518, 589

Index [EqOptIncent] (+)-Equity/Option Plans and Holdings of Directors/ Executives–Incentive/’Alignment’ Effect (excludes short-term options), 8, 57, 61, 65, 117, 517, 588 key/core variables, 57, 61, 517, 534, 535, 588 incentives ‘core’ components of remuneration, 514 disclosure, 563 remuneration in ‘bands’, of, 513 failures in bank governance (see Failures and failings) key/core governance variables [AudCom] (+)-Audit Committee-­ Presence, Operation and Frequency, 7, 57, 65, 116, 968, 1283 [BrdIndInfo] (-)-Board Independent Director: Executive Director Proportion–Information Flow and Decision Quality ‘Trade-off’, 7, 57, 65, 116, 775, 814, 821, 939, 1284 [BrdIndMon] (+)-Board Independent Director: Executive Director Proportion–Monitoring Effect, 7, 57, 61, 65, 517, 775, 814, 821 [BrdSkills] (+)–Board–Director Skills ‘Mix’, 7, 57, 60, 65, 117, 1284 [EqOptEntrch] (-)-Equity/Option Plans and Holdings of Directors/ Executives–‘Entrenchment’ Effect (excludes short-term options), 8, 57, 61, 65, 117, 518, 589 [EqOptIncent] (+)-Equity/Option Plans and Holdings of Directors/ Executives–Incentive/’Alignment’ Effect (excludes short-term options), 8, 57, 61, 65, 117, 517, 588 [TransTimeMon] (+)-Transparency and Timing of Reporting– Monitoring Effect, 8, 48–50, 57, 62, 65, 117, 1284 non-executive directors [BrdIndMon] (+)-Board Independent Director: Executive Director Proportion–Monitoring Effect, 7, 57, 61, 65, 517, 775, 814, 821, 940 key/core variable, 65 relational effect path, 57, 59–61, 64, 65, 116, 117, 1283

Index reporting [TransTimeMon] (+)-Transparency and Timing of Reporting–­ Monitoring Effect, 8, 48–50, 57, 62, 65, 117, 1284 risks ‘CORE’ Remediation Program, 1028, 1283–1286 failings, 71–81 key/core variable, 65 management function, 1283 Pillar 1–Direction and Tone set by Board and Group Executive, 1284–1285 Pillar 2–Clear Risk Boundaries for Decision-making, 1286 Pillar 3–Accountable and Empowered People, 1285–1286 second line of defence, 110, 1027, 1156, 1172–1174, 1205, 1212 [TransTimeMon] (+)-Transparency and Timing of Reporting– Monitoring Effect, 8, 48–50, 57, 62, 65, 117, 1284 Westpac Reassessment, 1283–1286 skills, 499, 1113 themes, 12, 864 Westpac 2020WBCPillar1 (Westpac Reassessment CORE Program Pillar 1), 22, 126, 503, 1284, 1285 2020WBCPillar2 (Westpac Reassessment CORE Program Pillar 2), 22, 126, 504, 1286 2020WBCPillar3 (Westpac Reassessment CORE Program Pillar 3), 22, 126, 504, 505, 1285, 1286 2020WBCSecLine (Westpac Reassessment 2nd Line Risk Management Function), 22, 126, 505–507, 1181–1183 ‘CORE’–Customer Outcomes & Risk Excellence, 1283 Cost of Capital adjustment to variable remuneration (see Incentives) firm cost of capital (see Proxies) FSBIS FSB Implementation Standards (FSBIS), 17, 106, 122, 595–612 FSBIS 3 compensation and capital, 609 incentives adjustments, 233, 526

1321 Compensation/Remuneration Committee, 186, 560, 564, 580, 592, 601 FSB Implementation Standards (FSBIS), 595 FSBIS 3 compensation and capital, 609 IIF examples of risk-adjusted compensation and incentives, 564–570 IIF Risk-based Incentive Principles, 559 long-term profitability adjusted for cost of capital, 559–560 risk adjustments, 186, 560, 561, 564, 580, 582, 584, 592, 601 proxies, v, 67 risks failings, 186, 233, 526, 560, 561, 564, 580, 582, 592, 601, 1010 management, 576 on formation flow on leverage and risks, 227, 1038, 1118 over-reliance on regulatory capital ratios and rates of return on equity, 1038, 1118 Chief Risk Officer (CRO) access, 200, 579, 580, 1159 APRA financial objectives and prioritisation CRO backlog, 1237 board, 35, 1031, 1209 Committees Board Risk Committee (BRC), 110, 195, 550, 582, 593, 601, 1131, 1133, 1154, 1163 composition, 110, 537 establishment, 744, 1154, 1157 failure of CRO to report directly to the Board and Board Risk Committee (BRC) in addition to CEO, 1024, 1043 independence, 202, 1027, 1155, 1157 management, 363, 365, 379, 381, 384, 386, 743, 744, 1133, 1138, 1155, 1156, 1159 priorities, 1180 reporting lines, 202, 1027, 1158 reporting lines of the CRO, 1157–1159 risks, 195, 550, 582, 585, 594, 1131, 1163 role and responsibilities, 202, 250, 1159–1160 status, 203, 1027, 1155, 1158

1322 Coverage Bank Combined Coverage and Relational Proximity Table 10.2, 8, 16, 22, 30, 33, 45, 52, 56, 64, 67, 73, 92, 104, 117, 126–507, 523, 524, 539, 562, 564, 565, 568, 570, 573, 577, 588, 591, 593, 594, 645, 647, 650, 651, 653, 654, 658, 660, 665, 690, 710, 738, 742, 746, 748, 754, 755, 759–761, 768, 770, 773, 778, 783, 784, 793, 798–801, 803, 807–811, 813, 815, 828, 830, 831, 833, 856, 865, 873, 875, 881, 895, 910, 928, 932, 934, 935, 942–944, 948–953, 957, 960–964, 970, 972, 984, 985, 987–989, 999, 1009, 1011, 1018, 1034, 1035, 1065, 1066, 1069, 1079, 1081, 1087, 1093, 1096, 1101, 1122, 1126, 1128, 1132, 1161, 1169, 1170, 1203, 1211, 1213, 1217, 1222, 1227, 1231, 1232, 1235, 1239, 1240, 1242, 1243, 1250, 1252, 1255, 1264, 1278 direction of effect arrows, 39 dual direction (+/-), 882 negative direction (-), 64, 736 positive direction (+), 64, 876 reflexive relationship, 33 direction of effect (see Bank Combined Coverage and Relational Proximity Table 10.2) direction of effect (see Revised Stage 1 Combined Coverage and Relational Proximity Table 3.1) governance factors, vi, 41, 45, 55, 59, 782, 831, 910, 969, 988, 1066, 1087 governance variables, 41, 45, 64, 782, 831, 910, 1066, 1087 hypothesised Bank Combined Coverage and Relational Proximity Table 3.1, 40–45, 48, 50, 91, 92, 117, 535–537, 654, 745, 1033 target or hypothesised coverage/rating, 8, 22, 33, 51, 56, 58–60, 64, 67, 104, 116, 126–507 relational proximity rating, and calculation of relational proximity rating from coverage figure, 8, 9, 29, 41–44, 56, 67, 126–507 relational proximity table, and

Index calculation of relational proximity rating from coverage figure, 45, 126–507 rprox, and calculation of relational proximity rating from Coverage figure, 126–507 stage 1 coverage Table 3.1, 33, 40–44, 48, 50, 91, 92, 535–537, 654, 745, 969, 1033 direction of effect and ‘dual direction’ governance variables, 64, 117, 127 operation of the coverage table, 32–33, 40 stage 1 (see Stage 1) stage 2 Bank Combined Coverage and Relational Proximity Table, 1034 table 10.2, 22, 33, 56, 73, 92, 104, 126–507, 539, 645, 647, 654, 1034 target/hypothesised coverage/rating, 8, 33, 58–60, 67, 104, 127 total governance variable Coverage (see Bank Combined Coverage and Relational Proximity Table) zone, range or area of operation or effect, 40 Cult bank and risk culture, 17, 122 See also CultFail; Culture; Failures and failings; Risks CultFail failure of bank culture, 17, 122 See also Cult; Culture; Failures and failings; Risks Culture accountability BEAR, 261, 890 clarity of accountability, 863, 889, 890 effectiveness of accountability, 890 [FSRCAccPersonEndtoEndResp] (+), 251, 862 FSRC Final Report recommendations and commentary on accountability, 18, 123, 861 NABAcc, 259–265, 885, 887–891 NABAccClarify, 889, 890 NAB Accountabilities for resolving ‘complex’ issues, 890 NAB Accountabilities in Performance and Remuneration, 891

Index NAB Self-Assessment 2018, 108, 863–890 APRA Information Paper 2019 on risk culture, 17, 109, 122, 927–930 bank culture, 17, 122, 203–212, 252, 370, 386, 387, 600, 683–685, 827, 828, 846, 1065, 1067–1077, 1100, 1180 behaviour, 6, 503, 1285 board culture required changes, 109, 890 challenge and closure of issues NABBrdChall, 18, 123, 268, 269, 871 NAB Self-Assessment 2018, 108, 870–872 challenge, debate and testing Bank-specific competencies, skills and professional qualities, 337, 781, 822, 934 challenge and testing variables, 822 competence and banking/financial industry expertise affected the ability and confidence of NEDs to challenge ‘strong’ CEOs;, 751, 821 existing governance variables Based on the independence ingredient, 775, 814 functioning of the board and the monitoring and evaluation of performance of directors and the board as a whole, 751, 820 gaps in reporting and metrics, 139, 751, 758, 761, 820 governance variables examining the time, qualifications, role and election of the chairperson, 751, 760, 821 increased time commitment from NEDs, 750, 751, 755, 821 over-reliance on key individuals, 751, 820 rigour and urgency by the board, 751, 758, 820 size, composition and qualification of the board, 751, 820 Complexity (see Complexity) Controls (see Control) cultural inhibitors to targeted culture failure of collective intensity or individual resolve to fix complex issues, 291–294, 895, 902–904 failure to listen and learn from customers, regulators and employees, 295–297, 895, 905, 906

1323 NABCultInhib, 18, 123 other priorities put before commitment to customers, 297–300, 895, 907–909 over-reliance on people for deficiencies in systems and processes, 901–904 rigour and discipline, 287–290, 895, 899–901 cultural ‘levers’ NABCultLever, 18, 123 culture and codes of conduct/ethics and conflicts 2019ASX, 824, 825 ASX variables, 972, 1126, 1128 changing board culture and ‘tone at the top,’ 825, 832, 1064 CodesNED (–), 829 [CodesNEDConflicts*] (+), 831, 987 codes of conduct and ethics, 17, 60, 122, 198, 199, 277, 817–862, 906, 986–988, 1240 conflicts of interest policy, 830, 831 CultNED, 832 culture and ‘tone at the top’ variables, 826 entrenchment of the CEO, 956 Ethics, Compliance and Reputation Committee (see Codes) Ethics, Compliance and Reputation Committee (see Committees) See also Codes definition, 832, 894 FSB Framework for Assessing Risk Culture (FSBCult) Accountability, 839 aims of assessing risk culture, 832 challenge, 20, 124, 412, 920 Effective communication and challenge, 108, 238, 239, 817, 841, 842 FSBCultAcc, 839 FSBCultTone, 834 FSB’s ‘tone at the top, 832 FSRC Final Report recommendations and commentary of governance, 18, 123, 847–849, 861 Incentives, 842 Indicators of a sound risk culture, 108, 236–246, 834–837, 839–844 NABCultTone, 18, 123, 302–304, 837–839 NAB’s ‘tone from the top’, 837

1324 Culture (cont.) FSRC Final Report recommendations and commentary on accountability BEAR, 862 [FSRCAccPersonEndtoEndResp] (+), 862 FSRC Final Report recommendations and commentary on culture FSRCCult, 18, 123, 252–254, 846, 847 incentives FSBCultIncent, 843 FSB Framework for Assessing Risk Culture (FSBCult), 737, 817 FSB indicators of a sound risk culture, 108 See also Incentives measuring risk culture NABCultMeas, 18, 123 NAB Self-assessment 2018, xi, 863–891 norms of behaviour, 13, 864 risk culture aims for risk culture, 1068 balance empowerment with challenge, although not well executed, 1069, 1075 changing board culture and ‘tone at the top, 825, 832, 1064 creating a risk culture and risk appetite, 1026 developing a risk appetite is a responsibility of the board, 1080 elements of sound risk culture, 109, 1066–1068 findings and commentary on culture 1-9, 909, 910 less tendency towards reflection, introspection and learning, 1068, 1073–1074 nine themes inhibiting sound risk culture (APRA), 1026, 1068–1077 not fully ‘walking the talk’ on risk management, 1068, 1072 over-confidence and over-collaboration, 1069, 1075 reactivity rather than pre-emption regarding risk, 211, 1068, 1070 risk appetite, 89, 109, 579, 1063–1094, 1174 Risk Appetite Statement (RAS), 109, 164, 250, 377, 832, 1081–1092, 1096, 1138, 1176, 1186, 1257, 1265 self-perceived but incomplete focus on the customer, 1069

Index uneven influence of the risk function, 1068, 1071 values-led institution but an over-­ reliance on good intent, 1069, 1076 Westpac Reassessment findings on risk culture, 925 Westpac Review Team 2018, 108, 863–890 Widespread complacency, 1068, 1069 senior management responsibilities governance variables, 1078 provision of information, 1078 risk culture, 1078–1080 risk management, 1078–1080 SManRedFlag, 19, 124, 1079, 1096, 1198 ‘tone at the top’, 108, 109, 737, 825, 826, 829, 832, 1064 values and behaviours, 896–897 Westpac Reassessment findings on risk culture, 925–927 Westpac Review Team 2018 findings and commentary on culture 1-9, 909, 910 D Decision-making factor No. 7 shareholder-primacy interrelationship scheme figure 3.1, 535 See also Governance factors quality, 337, 338, 777, 778, 797, 800, 813, 932, 946, 1009–1011, 1017, 1122, 1123 trade-off, 854–855, 921 Deferred remuneration, 17, 122, 185, 186, 578, 679, 688, 696–700 See also Incentives Deposit insurance, see Distinguishing features; Risks Depositors, see Stakeholders Direction of effect arrows, 39 negative direction (-), 64 positive direction (+), 64 See also Bank Combined Coverage and Relational Proximity Table 10.2; Revised Stage 1 Combined Coverage and Relational Proximity Table 3S1; Shareholder Primacy Interrelationship Scheme Figure 3.1

Index Director ASX Diversity Policy 2019ASXDiversity, 21, 126, 492, 493, 769, 770 Board, of, 12, 17, 21, 121, 122, 126, 138, 140, 141, 165, 170, 173, 177, 178, 231–233, 450, 451, 596–599, 749, 750, 780, 814, 957, 959, 960, 962, 963, 1080, 1155, 1207–1209, 1241 board, of (see Board) committees (see Committees) culture (see Culture) diversity interim variables for board diversity, 767–770 [EqOptEntrch] (-), 57, 61, 65, 117, 518, 535, 536, 589, 1282 [EqOptIncent] (+), 8, 57, 61, 65, 149, 183–196, 199, 202, 222, 231–235, 246–256, 259, 276–287, 386–388, 403–405, 407, 408, 428–430, 453–464, 484–488, 503, 517, 534–538, 540, 547, 548, 551, 554, 555, 558, 578, 588, 589, 592, 597, 600, 605, 608, 613, 628, 668, 670, 677, 678, 680, 681, 684, 697, 715–718, 721, 722, 724, 726, 729, 1162, 1282 equity/option plans and holdings, 8, 43, 57, 61, 65, 117, 220, 221, 517, 518, 533–535, 588, 589, 1282 executive, 7, 17, 42, 50, 57, 61, 65, 116, 122, 170, 171, 210, 219, 335, 458, 487, 512, 517, 531, 535, 540, 541, 544, 548, 557, 572, 607, 649, 664, 690, 709, 722–725, 735, 736, 740, 745, 755, 772, 773, 775, 781, 784, 798, 800, 802, 807, 814, 818, 821, 825, 827, 935, 939, 940, 946, 948, 949, 956, 970, 1026, 1033, 1065, 1086, 1100, 1121, 1122, 1155, 1159, 1161, 1203, 1242, 1282 failures and failings Board of director, executive and management turnover, 749 fit and proper [NEDFit&ProperTest] (+) variable-­ banks-­non-executive directors-­ supervisory authority policies and standards on ‘fit and proper person’ test-enhancement of monitoring and skills effects, 339, 783 functions

1325 align interests of board, CEO and management with outside shareholders, 33 deter directors, CEO and management, 32, 116 punish directors, CEO and management, 32, 64 incentives incentive equity holdings/plans of directors and officers, 648 See also Incentives independent (see Non-executive directors (NEDs)) key/core governance variables from Stage 1 [AudCom] (+)-Audit Committee-­ Presence, Operation and Frequency, 7, 41, 57, 65, 116, 133, 968–970, 976, 1281 [BrdIndInfo] (-)-Board Independent Director: Executive Director Proportion-Information Flow and Decision Quality ‘Trade-off, 7, 57, 65, 116, 138, 162, 200, 775, 814, 821, 939, 1122, 1282 [BrdIndMon] (+)-Board Independent Director: Executive Director Proportion-Monitoring Effect, 7, 57, 61, 65, 108, 116, 517, 745–746, 755, 772, 773, 775, 782, 784, 798, 800, 802, 807, 814, 818, 821, 940, 1100, 1282 [BrdSkills] (+)-Board-Director Skills ‘Mix’, 7, 42, 57, 60–61, 65, 117, 174, 782, 1282 [EqOptEntrch] (-)-Equity/Option Plans and Holdings of Directors/ Executives-‘Entrenchment’ Effect (excludes short-term options), 8, 43, 57, 61, 65, 117, 220, 518, 535, 589, 1282 [EqOptIncent] (+)-Equity/Option Plans and Holdings of Directors/ Executives-Incentive/‘Alignment’ Effect (excludes short-term options), 8, 43, 57, 61, 65, 117, 221, 517, 534, 588, 1282 [TransTimeMon] (+)-Transparency and Timing of Reporting-­ Monitoring Effect, 8, 44, 48–50, 57, 62, 65, 117, 392, 1018, 1282 key/core variable

1326 Director (cont.) [EqOptEntrch] (-)-Equity/Option Plans and Holdings of Directors/ Executives-‘Entrenchment’ Effect (excludes short-term options), 8, 43, 57, 61, 65, 117, 220, 518, 533, 535, 589, 1282 [EqOptIncent] (+)-Equity/Option Plans and Holdings of Directors/ Executives-Incentive/’Alignment’ Effect (excludes short-term options), 8, 57, 61, 65, 117, 221, 518, 588, 1282 NEDs/Non-executive director (see Non-executive directors (NEDs)) Risks (see Risks) See also Board; Committees; Culture; Diversity; Equity/Option plans and holdings; Incentives; Non-executive directors; Risks Distinguishing features banks, 23, 36, 81, 84–93, 96, 104, 518 combined with failures, 81 deposit insurance, necessity for [BankDepInsure] (-), 519, 522, 523, 655 failures and failings distinguishing features of banks, combined with, 81 free-riding, 87–88 government bailout, effect of [BankGovBail] (-), 87, 92, 142, 519, 522, 523, 655 interconnectedness of banks [BankConnect] (-), 93, 140, 808, 809 leverage [BankHighLevRisk] (-), 93, 806–811, 815 high, 806, 808 liquidity [BankLiqRisk] (-), 93, 808 continuous access/requirement, 86, 808 cut-off/shortness of, 86, 808 maturity of debt [BankDebtTransRisk] (-), 93, 808 moral hazard, 87 prudential regulation, necessity for [BankPrudReg] (+), 91–93 [NationGov*] (+), 91, 92 similarities and differences with Enron, 84, 85 systemic Risk [BankSystRisk] (-), 93, 809

Index Diversity ASX Diversity Policy 2019ASXDiversity, 21, 126, 769–770 EC Green Paper 2010, 765–767 EC Second Green Paper 2011, 766, 767 failures and failings, 749 governance variables, of, 767–769 interim variables for board diversity, 767–770 NEDDiv Non-executive directors-­ diversity, 19, 124 NED/Non-executive director variables for diversity NEDDiv, 767–768 NED/Non-executive director variables for gender diversity [NEDDivGender*] (+), 768 See also ASX Diversity Policy; Board; Failures and failings; Non-executive directors (NEDs) E Earnings management or manipulation, see Proxies Efficiency Agency costs, reduction of, v, 9, 27, 29, 515 long-term, v, 5, 9, 27, 29, 31, 39, 59, 60, 66, 67, 81, 515, 1007 proxies earnings manipulation/‘management’, v, 9, 67, 97 firm cost of capital, v, 5, 67 firm operating performance/profit, v, 39, 67, 97 firm value/share price, v, 5, 67, 97 Shareholder Wealth-maximisation Principle, 97–99, 642 Survival or sustainability of the bank, relationship to, 67 Emerging ASIC Governance Taskforce 2019 emerging issue, 209, 1071, 1142, 1145 Board Risk Committee (BRC), 1142, 1143, 1145, 1160 committees ASIC Governance Taskforce 2019, 1057–1062, 1141–1146 BRC responsibilities proposed by, 1136–1146 emerging issue, 1142, 1145

Index Responsibilities of the BRC, 1125, 1132, 1136–1137 risks New, emerging and heightened risks, 1192–1193 risk identification variables, 1175–1179 Second Line of Defence, 1174–1193 themes, 12–14, 492, 770, 927, 998 Employees alignment [EqOptRiskAlignHighEnd] (+), 61, 105, 561, 567, 568, 589 Equity and Options for Executives and High End Employees--Level of Risk-Taking in Alignment with Shareholder Interests, 61, 105, 222, 538, 550, 560, 567, 568, 589, 655, 657 culture cultural inhibitors to targeted culture, 287–300, 895, 899–909 failure to listen and learn from customers, regulators and employees, 295–297, 895, 905–907 NABCultInhib, 18, 123 [EqOptRiskAlignHighEnd] (+) Equity and Options for Executives and High End Employees-Level of Risk-Taking in Alignment with Shareholder Interests, 61, 105, 222, 538, 550, 567, 568, 589, 655, 657 [EqOptRiskFailHighEnd] (-) Equity and Options for Executives and High End Employees-Risk-Taking in Excess of Risk Appetite-­ Likelihood of Bank Failure, 61, 105, 223, 538, 550, 561, 567, 569, 589, 655, 657 Equity/Option plans and holdings [EqOptRiskAlignHighEnd] (+)-Equity and Options for Executives and High End Employees-­Level of Risk-Taking in Alignment with Shareholder Interests, 61, 105, 567, 568, 589 [EqOptRiskFailHighEnd] (-)-Equity and Options for Executives and High End Employees-Risk-Taking in Excess of Risk Appetite-­ Likelihood of Bank Failure, 61, 105, 561, 567, 569, 589

1327 HighEnd Executives and high end employees, 18, 123 HighEnd (see Incentives) ‘High end’ employees (see Incentives) Incentives disclosure of bands and elements of compensation, 105, 563, 570–574, 607, 1202 Employees-Risk-Taking in Excess of Risk Appetite-Likelihood of Bank Failure, 61, 105, 164, 183, 185, 186, 190, 195, 203, 223, 352, 538, 550, 553, 555, 561, 567, 569, 578, 579, 583, 585, 587, 589, 644, 647, 653, 655–657, 665 [EqOptRiskAlignHighEnd] (+)-Equity and Options for Executives and High End Employees-­Level of Risk-Taking in Alignment with Shareholder Interests, 61, 105, 567, 568, 589 [EqOptRiskFailHighEnd] (-)-Equity and Options for Executives and High End Employees-Risk-Taking in Excess of Risk Appetite-­ Likelihood of Bank Failure, 61, 105, 561, 567, 569, 589 equity and option compensation, 104–107, 1120 executives and high end employees, 61, 191, 192, 194, 195, 564–574, 577–585, 588, 591, 644, 656, 1162 executives and ‘high end’ employees, 577, 591, 644 ‘High end’ employees, 513, 573–574, 577, 591, 644 required minimum shareholdings, 526, 528, 550, 588–589 ‘retention’ vesting arrangements, 526, 588 Risk ‘alignment’ effect and risk ‘failure’ effect of equity and options, 537–539 ‘skin in the game’ shareholdings, 526, 588 NAB cultural inhibitors to targeted culture, 18, 123, 287–300, 895, 901, 903–906 Failure to listen and learn from customers, regulators and employees, 295–297, 895, 905–907

1328 Employees (cont.) NABCultInhib, 18, 123 risks escalate problems or ‘red flags, 18, 19, 123, 124, 979, 1038, 1078, 1146, 1175, 1210 expertise or experience of risk management employees in entire range of risks, 1024, 1041 failings, 1023–1044 Issues and incidents identified by Westpac employees, 1172, 1217–1221 management, 226, 1041 positional Conflict Axis No. 3, 31–32 from Staff, 1172, 1213 Three Relational Axes of Good Governance, 31–32 training employees responsible for distributing risk products, 1024, 1041 Enhanced disclosure of pay not linked to performance exceptional commencement/termination/ pension arrangements, 662–663 “Golden hellos,’ 662–663 ‘golden parachutes’, 662–663 See also Incentives Entrenchment board culture and codes of conduct/ethics and conflicts, 822–831 entrenchment of the CEO, 956 effect, 8, 43, 57, 61, 65, 117, 209, 220, 518, 533–537, 588, 828, 1282 equity/option plans and holdings [EqOptEntrch] (-), 8, 43, 57, 61, 65, 117, 518, 533, 535, 589, 1282 [EqOptEntrch] (-)-Equity/Option Plans and Holdings of Directors/ Executives-‘Entrenchment’ Effect (excludes short-term options), 8, 57, 61, 65, 117, 518, 589, 1282 key/Core variable, 57, 61, 65 executives, 8, 43, 57, 61, 65, 117, 209, 220, 518, 533, 535, 589, 1282 See also Codes; Culture; Culture and codes of conduct/ethics and conflicts; Non-executive directors Environment risks APRA failings in operational and compliance risk policies,

Index frameworks and management, 1183–1190 ASX, 110, 1263–1273 bank control environment, 1185 environmental and social risks, 110, 1272–1273 management function or second line, viii, 20, 125, 333, 334, 431–435, 490, 491, 600, 1028, 1193, 1204, 1211–1214, 1272, 1273, 1275–1281 second line of defence, 1183–1185 social risks, 110, 1263–1273 three relational axes of good governance Positional Conflict Axis No. 3, 31 See also Risks; Stakeholders; Stakeholder Model; Three Relational Axes of Good Governance [EqOptEntrch] (-) Key/Core variable [EqOptEntrch] (-)-Equity/Option Plans and Holdings of Directors/ Executives-‘Entrenchment’ Effect (excludes short-term options), 57, 61, 65 [EqOptIncent] (+) Key/Core variable [EqOptIncent] (+)-Equity/Option Plans and Holdings of Directors/ Executives-Incentive/’Alignment’ Effect (excludes short-term options), 57, 61, 65 [EqOptRiskAlignHighEnd] (+) Equity and Options for Executives and High End Employees-Level of Risk-Taking in Alignment with Shareholder Interests, 61, 105, 222, 538, 550, 567, 569, 589, 655, 657 [EqOptRiskFailHighEnd] (-) Equity and Options for Executives and High End Employees-Risk-Taking in Excess of Risk Appetite-­ Likelihood of Bank Failure, 61, 105, 223, 538, 550, 561, 567, 569, 589, 655, 657 Equity/Option plans and holdings directors, 8, 43, 57, 61, 65, 117, 220, 221, 517, 518, 533–535, 588, 1282 [EqOptRiskAlignHighEnd] (+)-Equity and Options for Executives and High End Employees-Level of Risk-Taking in Alignment with Shareholder Interests, 61, 105, 567, 568, 589

Index [EqOptRiskFailHighEnd] (-)-Equity and Options for Executives and High End Employees-Risk-Taking in Excess of Risk Appetite-Likelihood of Bank Failure, 61, 105, 561, 567, 569, 589 excludes short-term options, 8, 43, 57, 61, 65, 117, 220, 221, 517, 518, 533–535, 588, 1282 executives, 8, 43, 57, 61, 65, 117, 220, 221, 517, 518, 533–535, 588, 1282 Incentives cashing-out equity and options, 645, 647 [CCCashOutLimit] (+), 647, 657, 658 [CCCashOutRisk] (-), 647, 657, 659 disclosure of band and elements of compensation, 563, 570–574 [EqOptRiskAlignHighEnd] (+)-Equity and Options for Executives and High End Employees-­Level of Risk-Taking in Alignment with Shareholder Interests, 61, 105, 567, 568, 589 [EqOptRiskFailHighEnd] (-)-Equity and Options for Executives and High End Employees-Risk-Taking in Excess of Risk Appetite-­ Likelihood of Bank Failure, 61, 105, 561, 567, 569, 589 [EquityHigherLvlMan] (+/-), 651, 655 [EquityLowerLvlMan] (-), 650, 651, 655 executives and high end employees, 588–589 ‘High end’ employees, 513, 573, 577, 591, 592, 644 Incentives and risk-taking, 645 predict bank failure, 513, 648–651 risk ‘alignment’ effect and risk ‘failure’ effect of equity and options, 537–539 shareholder value maximisation in banks, 513, 641–660 shareholdings of higher-level management, 649 shareholdings of lower-level management, 513, 648–651 Key/Core variables [EqOptEntrch] (-)-Equity/Option Plans and Holdings of Directors/ Executives-‘Entrenchment’ Effect

1329 (excludes short-term options), 57, 61, 65 [EqOptIncent] (+)-Equity/Option Plans and Holdings of Directors/ Executives-Incentive/’Alignment’ Effect (excludes short-term options), 57, 61, 65 restrictions clawback, 105, 526, 574–587, 589 deferral, 105, 526, 574–587, 589 delay, 61, 105, 526, 574–587 lock-up, 105, 526, 574–587, 589 See also Incentives Escalation failures and failings escalation of information or ‘red flags’, 62, 1046–1047, 1208–1210 Information flow, 62 Issue escalate problems or ‘red flags’ generally-deficiencies in the flow of information upward through the bank to senior management and/or the board, 1046–1047 escalation, 160, 424, 861, 1151, 1211, 1215, 1220 NABRedFlag NAB board oversight of risk management in relation to failure to escalate problems or ‘red flags’, 18, 123 NAB Self-Assessment 2018 escalation, 619, 1046, 1047, 1053, 1054 real-time, 228, 1024, 1041–1042 ‘Red flag’, 62, 1208–1210 reporting, 673, 763, 1046, 1049–1055, 1057–1059, 1062, 1219 risk communication communication/escalation, 110, 1028, 1202–1204 escalation upwards through ‘red flags’, 1209, 1211, 1212 principles, 1202 risks, 110, 841, 1208–1210 at board level reporting to shareholders and external market/stakeholders, 165, 170, 173, 177, 178, 1207, 1208 communication, 110, 1028, 1202–1204 communication/escalation, 110, 1202–1204, 1206 at customer level, 1204 disclosure, 1046, 1058

1330 Escalation (cont.) escalate information rapidly upward in the bank, 1024, 1041–1042 escalate problems or ‘red flags’, 18, 19, 62, 123, 124, 228, 325, 327, 381–383, 389, 390, 979, 981, 982, 989, 992, 993, 995, 997, 998, 1002, 1030, 1038, 1046, 1047, 1058, 1079, 1080, 1146, 1175, 1176, 1207, 1210–1212 escalation upwards through ‘red flags’, 110, 1028, 1208–1210 failings, 763, 1025, 1028, 1033–1035, 1148 at first line of defence business unit level, 1204–1205 Identification, 110, 1202–1204, 1206 Information on risks, 228, 231, 1041, 1042 management, 62, 110, 160, 237, 322, 417, 424, 473, 840, 841, 1025, 1028, 1033–1035, 1046–1062, 1080, 1096, 1172, 1201–1204, 1208–1210, 1213, 1218, 1219, 1222, 1223, 1225, 1227, 1232, 1233, 1243, 1272 monitor changes in risks in real time, 228, 1024, 1041–1042 principles, 110, 1028, 1202–1204 principles for identification, escalation/ communication and disclosure of risk, 110, 1202–1204 real time, 228, 231, 1024, 1041–1042 at second line risk management function level, 1205–1207, 1212 at whistleblower level, 1207–1208 See also Risk Management Failings; Risks SManRedFlag Risk management-failure by senior management to escalate problems or ‘red flags’, 19, 124 upwards to the board, 1079, 1199, 1210–1212 See also Risks Ethics, see ASX; Board; Chief Executive Officer (CEO); Codes; Committees; Culture; Culture and codes of conduct/ethics and conflicts; Entrenchment; Non-executive directors (NED) European Commission (EC), x, vii, viii, 8–10, 35, 62, 74, 89–90, 118, 140, 161, 162, 200, 202, 203, 225–228, 230, 231, 337, 338, 512, 520, 521, 598,

Index 600, 750–752, 765–768, 820, 938, 939, 959, 979, 1020, 1024, 1031, 1037, 1038, 1041–1044, 1046, 1058, 1079, 1120, 1149, 1157–1159, 1170, 1209, 1210 diversity EC Green Paper 2010, 765–767 EC Green Paper 2010, x, 9, 35, 62, 90, 91, 118, 225–228, 230, 231, 337, 338, 520, 521, 600, 750, 752, 765–767, 979, 1031, 1037, 1038, 1041–1044, 1046, 1058, 1079, 1120, 1149, 1157, 1170, 1211, 1212 EC Second Green Paper 2011, x, 10, 118, 140, 161, 162, 200, 337, 338, 512, 598, 766, 767, 939, 959, 1024 failures and failings EC Green Paper 2010, 35, 225–228, 230, 231, 750, 1031, 1037, 1038, 1041–1044, 1046, 1058, 1149, 1170, 1212 non-executive directors (NED) diversity, 766–769 EC Green Paper 2010, 337, 338 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications Execution program and project, 14, 1286 risks APRA issue identification, escalation and resolution, 1170, 1213–1221 escalate problems or ‘red flags’, 18, 19, 62, 123, 124, 1038, 1046–1047, 1078, 1146, 1175, 1209 failings, 1271 management, 1072, 1271 project execution capabilities, 352, 1216 From Staff, 1213–1221 See also Risks Executive committee, 13, 17, 122, 128, 169, 205–207, 213–219, 358, 377, 383, 422, 514, 515, 576, 583, 825, 861, 882, 995, 996, 1073, 1074, 1076, 1179, 1188, 1216, 1223–1225, 1237–1240, 1243, 1250 compensation (see Incentives) director, 7, 17, 42, 48, 50, 57, 61, 65, 108, 116, 122, 170, 171, 517, 535, 548, 572, 607, 664, 690, 709, 722, 724, 736, 745–746, 755, 772, 773, 775, 781, 784, 798, 800, 802, 807, 814,

Index 818, 821, 937, 938, 946, 970, 1026, 1033, 1065, 1086, 1102, 1121, 1159, 1203, 1242, 1282 [EqOptRiskAlignHighEnd] (+) Equity and Options for Executives and High End Employees-Level of Risk-Taking in Alignment with Shareholder Interests, 61, 105, 222, 538, 550, 567, 569, 589, 655, 657 [EqOptRiskFailHighEnd] (-) Equity and Options for Executives and High End Employees-Risk-Taking in Excess of Risk Appetite-­ Likelihood of Bank Failure, 61, 105, 223, 538, 550, 561, 567, 569, 589, 655, 657 equity/option plans and holdings [EqOptRiskAlignHighEnd] (+)-Equity and Options for Executives and High End Employees-­Level of Risk-Taking in Alignment with Shareholder Interests, 61, 105, 567, 568, 589 [EqOptRiskFailHighEnd] (-)-Equity and Options for Executives and High End Employees-Risk-Taking in Excess of Risk Appetite-­ Likelihood of Bank Failure, 61, 105, 561, 567, 569, 589 Executive leadership team (ELT), 18, 123, 260, 264, 283, 285, 295, 305–314, 321, 614, 615, 620, 624, 625, 852, 863, 873–880, 887, 890, 891, 904, 1051, 1057, 1265 failures and failings APRA, 1050, 1053 board of director, executive and management turnover, 749 ECmFail, 17, 122 executive Committee, of, 128, 169, 205–207, 213–219, 995, 996, 1073, 1074, 1076, 1216, 1223–1225, 1235–1238, 1243 NFRCmFail, 342–343 non-financial risk committee, 342, 343, 861, 995–998 senior executive leadership, 995–998 fit and proper fit and proper person test, 4, 108, 339, 736, 744, 771–793 [NEDFit&ProperTest] (+) variable-­ banks-­non-executive directors-­ supervisory authority policies and standards on ‘fit and proper person’

1331 test-enhancement of monitoring and skills effects, 783 FSRC Final Report Commentary and recommendations in relation to remuneration, 668, 675–686 executive remuneration, 106, 254, 279, 304, 485, 516, 529, 542, 543, 579, 580, 618, 620, 676–681, 838 remuneration, 106, 675–686, 844 HighEnd executives and high end employees, 18, 123 HighEnd (see Incentives) Incentives [EqOptRiskAlignHighEnd] (+)-Equity and Options for Executives and High End Employees-­Level of Risk-Taking in Alignment with Shareholder Interests, 61, 105, 567, 568, 589 [EqOptRiskFailHighEnd] (-)-Equity and Options for Executives and High End Employees-Risk-Taking in Excess of Risk Appetite-­ Likelihood of Bank Failure, 61, 105, 567, 569, 589 equity and option compensation, 104–107, 1120 executives and ‘high end’ employees, 577, 591, 592, 644 required minimum shareholdings, 528, 588–589 ‘retention’ vesting arrangements, 526, 588 risk ‘alignment’ effect and risk ‘failure’ effect of equity and options, 537–539 ‘skin in the game’ shareholdings, 526, 588 leadership Team, 18, 123, 260, 264, 285, 305–314, 321, 614, 852, 873–880, 887, 1051, 1057 non-executive directors (NED), 19, 61, 108, 124, 527, 649, 661, 727, 736, 750, 757, 766, 773, 797, 807, 818, 894, 932, 957, 971, 1009, 1060, 1064, 1100, 1123, 1131, 1154 senior leadership team, 873–880 team, 20, 125, 395, 411, 417, 419–423, 438, 440, 497, 501–505, 820, 823, 825, 857, 860, 881–886, 912, 914, 956, 1181, 1233, 1280–1286 three relational axes of good governance Positional Conflict Axis No. 3, 31–32

1332 Executive Committee (ECm), 13, 17, 122, 128, 169, 205–207, 213–219, 358, 377, 383, 422, 514, 515, 576, 583, 825, 861, 882, 995, 996, 1073, 1074, 1076, 1188, 1216, 1223–1225, 1235–1238, 1243, 1250 Executive directors (ED), 7, 17, 42, 48, 50, 57, 61, 65, 108, 116, 122, 170, 171, 517, 535, 548, 572, 607, 664, 690, 709, 722, 724, 736, 745–746, 755, 772, 773, 775, 781, 784, 798, 800, 802, 807, 814, 818, 821, 939, 940, 946, 1026, 1033, 1065, 1086, 1100, 1122, 1161, 1203, 1242, 1282 Expertise bank-specific banking industry specific knowledge, skills/competencies and professional qualities, 782, 934–935 deficiencies in bank-specific knowledge or expertise, 108 expertise, 109, 737, 931–944 resulting in inadequate risk management and internal controls, 109, 737, 933–935 See also Board board (see Board) CEO, 738, 739, 742–744, 933–935, 943 controls (see Controls) culture bank-specific competencies, skills and professional qualities, 934 challenge, debate and testing, 737, 820–822, 825, 826, 829, 832, 1064 Competence and banking/financial industry expertise affected the ability and confidence of NEDs to challenge ‘strong’ CEOs, 751, 821 See also Culture employees, 226, 776, 1041 failures and failings expense of expertise, at, 76, 78 Independence expense of expertise, 76, 78 non-executive directors (NED) banking industry specific knowledge, skills/competencies and professional qualities, 782, 934–935 board selection process, 936 composition of board and relevant expertise, 936 deficiencies in bank-specific knowledge or expertise, 60, 108, 736, 776–779, 1027

Index deficiencies in knowledge of securitization process, 777 determining the balance for effective challenge, testing and debate, 935–936 development, training and support of NEDs and NED mentoring by senior executives, 737, 941–943 escalate problems/‘red flags’, 1038 expertise, 336, 735–737, 744, 745, 750, 751, 932–943 expertise or experience of risk management employees in entire range of risks, 1024, 1041 failings, 736, 932, 933 financial industry expertise and independence trade-off, 937–938 Inadequate risk management and internal controls, 737, 933–935, 1027, 1122–1123 lack of financial expertise predictive of bank failure, 932 management, 735, 737, 745, 933–935 mix of financial and non-financial industry knowledge for effective challenge, 935–936 Non-executive director independence variables from Stage 1, 939–940 number and time commitment for compensation/remuneration and risk committees-relational effect paths, 940–941 number and time commitment of NEDs for audit, remuneration and risk committees, 938–941 resulting in inadequate risk management and internal controls, 737, 933–935, 1122–1123 risks, 735–746, 933–943 senior independent director, 144, 737, 943–944 External stakeholders governance factors Identification, Participation and Protection of Stakeholder Interest, vi, 28, 33, 55, 64, 88, 89 No. 6 Stakeholders, 33 outsiders distinguished from ‘insiders’, 30–32 stakeholder model, 26, 29, 96 stakeholders, 31, 89, 1099 three relational axes of good governance Positional Conflict Axis No. 3, 31

Index F Fail failure of board oversight of risk management and other governance variables, 17, 122 Failure of Executive Committee (ECmFail), 17, 122, 206, 207, 1073, 1074 Failures and failings accountability and responsibility, 110, 1028, 1241–1245 APRA accountability failings in AML-CTF compliance, 1243 accountability principles in APRA final report, 1245 ‘complexity ‘excuse’ used to diffuse accountability’, 1244 consequences of the federated organisational structure, 1243 first line accountability not consistently applied, 1245 lack of accountability for risk systems, 1245 limited appetite to apply consequence management, 1244 recommendations for accountability, 1170, 1245 trust and over-consulting, 1243 unclear roles and responsibilities used to diffuse accountability, 130, 1244 APRA failings in accountability and responsibility, 1241–1245 APRA failings in operational and compliance risk policies, frameworks and management, 1181 APRA final report, 761–762 Board Committees, 989–992 board decision-making, 753, 946 board effectiveness, 761–762 board failings internal monitoring, 761–762, 989–991 reporting to the board, 762–763 risk management, 760 board failure in relation to customers, 17, 122 board internal monitoring, 761–762 Board of director, executive and management turnover, 749 board oversight, of, 1029–1034 Board Risk Committee (BRC) failings in operation, 983, 984, 1131, 1139–1143, 1146–1149 reliance on key individuals, 1146–1149

1333 reporting, 394, 884, 1027, 1150, 1167–1169 Westpac reporting to the BRC, 1149–1151 Board risk management, 1025–1028 computer modelling, 76, 78 culture, of (see Culture) derivatives products complexity, 77, 80 risk, 77 valuation, 77, 80 disclosure of risks, 79 distinguishing features of banks, 83 escalation of information or red flags, 62, 110, 1173, 1208–1210 excessive leverage encouraged by self-regulatory rules, 80 excessive risk taking, 76, 78, 79 Executive Committee of, 213, 215–218, 995, 996, 1073, 1074, 1216, 1233, 1236–1238, 1243 ECmFail, 17, 122 expense of expertise, at, 76, 78 fail, 17, 122 failures identified by APRA Board assessment of risk culture, 992–993 candour of messaging to the board and its committees, 992 communication between board committees, 989, 990 over-confidence and lack of benchmarking, 993–994 governance variables for failings in accountability and responsibility, 1170, 1241–1242 governance variables, of board’s role in risk management, 752 governance variables, of APRA final report, 761–763 challenge of major risk and strategic issues, 751 diversity, 765 EC Green Paper 2010, 35 risk management, 109, 1029–1032 underlying considerations, 751 Walker Review 2009, 754, 942, 1131 incentives bank strategy, 79 long-term interests, 79, 842 not matched to, 79 risk appetite, 79 issue APRA, 1170, 1211

1334 Failures and failings  (cont.) ASIC, 109, 1045–1062 ASIC Governance Taskforce 2019, 1045, 1057–1062, 1143, 1144 audit and regulatory issues, 1050 breach reporting, 1053–1054 complaints reporting, 1051 complex issue management and closure, 1055 compliance breach assessment and reporting, 1049, 1050 customer remediation procedure, 1052 design gaps (generally) in the issue management framework, 1046 escalate problems or ‘red flags’ generally-deficiencies in the flow of information upward through the bank to senior management and/or the board, 1038 escalation, 1046–1062 ‘excessive’ risks, 1052 [FailRedFlag] (-), 1046, 1058 identification, 1046–1062 information flows, 1046–1062 monitoring and reporting of issues, events and actions, 1049 NAB, 1046–1062 operational risk management policy, 1047–1049 regulatory engagement, 1053 regulatory interaction, 1057–1062 resolution, 1046–1062 resolving customer complaints, 1056 senior executive leadership, 995–998 significant issues, 1052, 1060 voice of customer in issue management, 1054 whistleblower program, 1051 metrics, 62, 79 monitoring of organisation-wide risk, 1037 monitoring of strategy, 1042 multiple failures in governance variables, 76 Non-financial Risk Committee NFRCmFail, 342, 343 priorities (see Board) rating securitised products (see Risks) reliance on ratings agencies reporting, 77, 80 risk appetite (see Risks) risk appetite statements (RAS) (see Risks) risk communication communication/escalation, 1200–1201

Index disclosure, 1200–1201 escalation upwards through ‘red flags’, 1208–1210 principles, 1202 risk communication (see Risks) risk management APRA failings in accountability and responsibility, 1241–1245 risk management (see Risks) risk management framework (RMF) (see Risks) risk management strategy (RMS) (see Risks) risk modelling (see Risks) risks (see Risks) Financial Services Royal Commission (FSRC) Australian Banking Royal Commission, vi, 4–23, 54, 65, 72–73, 77, 105, 109, 512, 515, 526, 735–737, 749, 1020, 1024–1044 Banking, Superannuation and Financial Services Industry, x, 5, 6, 119, 120, 675, 844 FSRCAcc FSRC final report recommendations and commentary on accountability, 18, 126, 861–862 FSRCCult FSRC final report recommendations and commentary on culture, 18, 123, 845–847 FSRCGov FSRC final report recommendations and commentary on governance, 18, 123, 847–849 FSRCPriority FSRC final report recommendations and commentary on priorities, 18, 123, 849–851 See also Board; Culture; FSRC final report; Incentives; Risks; Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications Financial Stability Board (FSB), see Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications Firm cost of capital, see Proxies Firm operating performance/profit, see Proxies Firm value/share price, see Proxies

Index ‘Fit and Proper Person’ 520FitProp, 21, 126, 464–469, 784–790 520FitPropInfo, 21, 126, 470, 471, 791 520FitPropWhistle, 21, 126, 471, 472, 790 APRA Prudential Standard 520 Fit and Proper, 783–792 Boards (see Boards) ‘fit and proper person’ test, 108, 339, 736, 744, 772–793 fit and proper person variables additional requirements for head of a group, 785 criteria for fit and proper person, 787 information to be provided to APRA, 21, 126, 472, 789–791 process for assessing fit and proper person, 788–789 responsible person not fit and proper not to hold position, 791 responsible persons, 464–472, 784–792 senior managers, 466, 787, 788 [NEDFit&ProperTest] (+) variable-­ banks-­non-executive directors-­ supervisory authority policies and standards on ‘fit and proper person’ test-enhancement of monitoring and skills effects, 783 Non-executive directors (NEDs) independence, 62, 108, 750, 774 OECD findings on independence and competence governance variables recommended by OECD, 782–783 [NEDFit&ProperTest] (+) variable-­ banks-­non-executive directors-­ supervisory authority policies and standards on ‘fit and proper person’ test-enhancement of monitoring and skills effects, 781–782 Framework compliance, 19, 124, 330, 332, 333, 342, 344–348, 431, 434, 717, 723, 999–1002 controls, 672, 971, 1181 NAB, 554, 613–619, 622–624, 1028, 1052 NAB Risk Management Framework (RMF) NAB first line risk and control ownership, 110, 1266–1268 NAB second line compliance function, 110, 1269–1270 NAB second line conduct risk, 110, 1270–1271

1335 NAB second line operational risk, 110, 1271–1272 NAB second line risk management and risk reporting, 110 Risk Management Framework (RMF) 220RMF, 20, 125, 443–446 APRA Prudential Standard CPS 220 Risk Management, 11, 109, 120, 1024, 1029, 1081, 1093, 1256 APRA RMF, 20, 110, 125, 1255–1259 material risks, 1093, 1255–1259 review of the risk management function, 1257–1258 risk management declaration and notification requirements, 1258–1259 risks, 19, 124, 344–348, 504, 752, 998–1002, 1142, 1255–1272, 1275 three lines of defence model, 888 See also Compliance; Controls; Risk Management Framework (RMF) in Risks; Risks Free-riding free-riding, effect of, 87–88, see Distinguishing features; Risks FSBComp FSB, 17, 122 FSBP 1-3 effective governance of compensation board to oversee compensation system design and operation, 597 financial and risk control staff to be independent, have authority, etc, 509 FSBP 4-7 effective alignment of compensation with prudent risk-taking adjusted for all types of risk, 600 mix of cash, equity, etc to be consistent with risk alignment, 605 outcomes symmetric with risk outcomes, 602 payout schedules sensitive to time horizon of risk, 603 FSBP 8-9 effective oversight and engagement by stakeholders clear, comprehensive and timely information on compensation practices, 235, 249, 606, 611, 612 rigourous and sustained review and deficiencies addressed, 606

1336 FSBComp (cont.) FSB Principles for Sound Compensation Practices (FSBP), x, vii, 10, 17, 106, 118, 119, 122, 595–612, 675 See also Incentives; Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications FSBCult accountability FSBCultAcc, 839 FSRC final report recommendations and commentary of governance, 18, 123, 847–849 aims of assessing risk culture, 832 challenge, 835, 841, 843, 844 effective communication and challenge FSBCultComm, 841 elements of a sound risk culture accountability, 832–833, 839 effective communication and challenge, 238, 239, 841–842 incentives, 836, 842–844 ‘tone at the top’, 825–826, 832 FSB, 17, 122 FSB Framework for Assessing Risk Culture (FSBCult), 737 FSB’s ‘tone at the top’ FSBCultTone, 834 incentives FSBCultIncent, 843 indicators of a sound risk culture, 236–246, 834–837, 839–844 See also Culture; Incentives; Risks; Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications FSB Implementation Standards (FSBIS), 106, 595–612 FSB, 17, 122, 595–612 FSBIS 1 and 2 Compensation/ Remuneration Committee structure and governance, 608–609 FSBIS 3 compensation and capital, 609 FSBIS 4-14 pay structure and risk alignment, 609–611 FSBIS 15 disclosure, 611–612 See also Alignment; Cost of capital; Culture; Incentives; Risks; Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and

Index Industry Body Reports, Codes, Rules and Publications FSBRAF FSB, 17, 122 FSB Principles for An Effective Risk Appetite Framework (FSBRAF) effective risk appetite framework, x, vii, 10, 17, 110, 119, 122, 1092–1103 Risk Appetite Statement (RAS), 1093–1094 risk limits, 1095 roles and responsibilities for an effective RAF, 1096–1101 See also Risks; Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications FSBSupp FSB, 18, 122, 668 FSB Supplementary Guidance to the FSB Principles and Standards on Sound Compensation, the use of compensation tools to address misconduct risk FSBSupp 1-4 governance of compensation and misconduct risk, 668–670 FSBSupp 5-7 effective alignment of compensation with misconduct risk, 670–673 See also Incentives; Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications FSRCAcc FSRC final report recommendations and commentary on accountability, 18, 123 FSRCCult FSRC final report recommendations and commentary on culture, 18, 123 FSRC final report accountability, 861–862 board, 848 commentary and recommendations in relation to remuneration, 106, 676–686 culture, 844–847 executive remuneration clawback, 679 culture, 106

Index design of variable remuneration, 676, 678–679, 718–720 experimentation in the design of remuneration, 676–677 ‘front-line’ or ‘customer-facing’ staff, 682–686 governance, 106, 844, 845 performance management, 683–686 remuneration, 106, 680, 681 Sedgwick Review, 682–684, 686 FSRC, x, vii, 5, 11, 18, 106, 108, 120, 123, 595, 675–686, 844–862 FSRCAcc FSRC final report recommendations and commentary on accountability, 18, 123, 861–862 FSRCCult FSRC final report recommendations and commentary on culture, 18, 123, 845–847 FSRC final report recommendations and commentary on the role of the board FSRCGov, 848–849 FSRCGov FSRC final report recommendations and commentary on governance, 18, 123, 847–849 FSRCPriority FSRC final report recommendations and commentary on priorities, 18, 123, 849–851 governance, 676–678, 680, 844, 845, 847–849 issues of implementation disclosure of consequences, 680–681 proportion of fixed and variable remuneration, 676, 678 risk-related adjustments to remuneration, 680 supervision of remuneration translated for boards, 681 management (see Management in Risks) non-financial risks, 677, 678, 681, 682, 861 non-financial risks (see Non-financial in risks) priorities, 18, 123, 849–851 remuneration, 106, 108, 675–686, 844 risks, 680, 861 role of the board, 848–849 See also Accountability; Board; Culture; Incentives; Risks; Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and

1337 Industry Body Reports, Codes, Rules and Publications FSRCGov FSRC final report recommendations and commentary on governance, 847–849 FSRCPriority FSRC final report recommendations and commentary on priorities, 849–851 G General public, see External stakeholders; Stakeholder Model; Stakeholders; Three Relational Axes of Good Governance Global Financial Crisis (GFC), 3–23, 74, 87, 512, 659, 799, 1010, 1023–1044 ‘Golden hellos’, see Incentives ‘Golden parachutes’, see Incentives Governance Key/Core governance variables from Stage 1 [AudCom] (+)-Audit Committee-­ Presence, Operation and Frequency, 7, 57, 65, 116, 968, 1281 [BrdIndInfo] (-)-Board Independent Director: Executive Director Proportion-Information Flow and Decision Quality ‘Trade-off,’ 7, 57, 65, 116, 775, 814, 821, 939, 1282 [BrdIndMon] (+)-Board Independent Director: Executive Director Proportion-Monitoring Effect, 7, 57, 61, 65, 517, 775, 814, 821, 940, 1282 [BrdSkills] (+)-Board-Director Skills ‘Mix, 7, 57, 60, 65, 117, 1282 [EqOptEntrch] (-)-Equity/Option Plans and Holdings of Directors/ Executives-‘Entrenchment’ Effect (excludes short-term options), 8, 57, 61, 65, 117, 518, 589, 1282 [EqOptIncent] (+)-Equity/Option Plans and Holdings of Directors/ Executives-Incentive/’Alignment’ Effect (excludes short-term options), 8, 57, 61, 65, 117, 518, 589, 1282 [TransTimeMon] (+)-Transparency and Timing of ­Reporting-­ Monitoring Effect, 8, 48, 49, 57, 62, 65, 117, 1282

1338 Governance (cont.) Relationship with risk management (see Risks) See also FSRC FinalReport; Governance factors; Governance variables; Hypothesised; Incentives; Risks Governance factors affected, vi, 27, 29, 40, 45, 54, 55, 64, 67 backbone, 25, 30 Bank Combined Coverage and Relational Proximity Table 10.2, 22, 126 coverage (see also Coverage) firm-level, vi, 25, 28–30, 34, 39, 97, 535, 815, 816 influenced, vi, 25, 29, 30, 40, 45, 54, 55, 64, 66, 67, 816, 956, 969 interrelationships, 25, 27–30, 38–40, 46, 47, 49, 67, 1007 No. 3 Alignment Corporate Governance and Legal Compliance, 27, 33, 39 No. 4 Compensation Board, CEO and Management Compensation and Incentives, 27, 33 No. 2 Compliance Corporate Governance and Legal Compliance, 27, 33 No. 7 Decision-making Quality of Board, CEO and Management Decisionmaking, 27, 33 No. 1 Reporting Transparency, Timing and Integrity of Financial and Other Reports, 27, 33 No. 8 Responsibility Delineation and Disclosure of Powers, Duties and Lines of Responsibility, 27, 33 No. 5 Risk Management, Monitoring & Audit Risk Management and Internal and External/Audit Monitoring Quality, 27, 33 No. 6 Stakeholders Identification, Participation and Protection of Stakeholder Interests, 27, 33 recurring theme, vi, 33, 34, 38, 75 Relational proximity (see Relational proximity rating) Re-naming, 34, 983, 1025

Index rprox, vi, 45, 48, 50, 55, 57, 59, 62, 523, 534, 709, 738, 741, 748, 761, 768, 782, 785, 807, 813, 816, 827, 830, 831, 833, 894, 910, 988, 989, 1025, 1066, 1087, 1134, 1136, 1137, 1139, 1157, 1166, 1249, 1250 Shareholder-Primacy Interrelationship Scheme Figure 3.1, 38–40 switched-on, vi, 25, 29, 30, 40, 45, 54, 55, 64, 66, 67 underlying theme, 76 See also Accountability; Aims; Board; Coverage; Culture; Hypothesised; Incentives; Reporting; Responsibility; Risks; Weighing mechanism Governance variables Bank Combined Coverage and Relational Proximity Table 10.2, 22, 126 coverage coverage of governance factors by governance variables, vi, 45 See also Coverage firm-level, v, vi, 25, 28–30, 34, 39, 97, 535, 815, 816 functions Align interests of Board, CEO and management with outside shareholders, 33 Deter directors, CEO and management, 32, 116 Punish directors, CEO and management, 31, 64, 116 good governance variables, 28 interrelationship, 25, 28–30, 33, 38–41, 46, 47, 49, 55, 67 mechanisms, v, 5, 8, 16, 22, 28, 33, 44, 58–60, 64, 66, 97, 100, 642, 668, 816 processes, v, 5, 28, 32, 58–60, 64, 95, 934 protocols, v, 5, 8, 28, 32, 51, 59, 60, 64, 66, 160 relational proximity (see Relational proximity rating) relative importance, vi, 22, 27, 29, 30, 32, 39, 116, 515 rprox, vi, 39, 45, 126 strength, vi, 22, 29, 30, 32, 34, 37, 39, 45 structures, v, 5, 8, 32, 38, 59 ‘substitution effect’, 96 See also Accountability; Aims; Board; Coverage; Culture; Hypothesised; Incentives; Reporting;

Index Responsibility; Risks; Weighing mechanism Government bailout ownership structure [BankControlRisk] (-)-banks-level of owner-control (high)-effects of risk-taking, 810 [BankHighLevRisk] (-)-banks-level of leverage (high)-effects of risk-­ taking, 806, 807 Bank size and leverage related to probability of bailout, 806 controlling shareholder, 651, 810 governance structure and government bail-out, 107, 737, 806–816 predictive of greater risk and bailout, 810 risks [BankControlRisk] (-)-banks-level of owner-control (high)-effects of risk-taking, 810 [BankGovBail] (-), 92, 519, 522–524, 655 Controlling shareholder, 810 government bailout, effect of, 92, 142, 522, 523, 655 predictive of greater risk and bailout, 810 risk-taking, 87, 92, 519, 522, 523, 655, 806, 808, 810 See also Distinguishing features; GFC; Ownership structure; Risks Government legislators Three Relational Axes of Good Governance Positional Conflict Axis No. 3, 31, 32 H HighEnd executives and high end employees, 18, 123 See also Incentives Hypothesised Bank Combined Coverage and Relational Proximity Table 10.2, 22, 126–507 fixed, 8, 127, 658 relational proximity rating, 8, 116, 126–507 Rprox, 59, 126–507 Shareholder-Primacy Interrelationship Scheme Figure 3.1, 38–40, 67

1339 target or hypothesised coverage/rating, 8, 58, 59, 67, 104, 127 I Incentives adjustments APRA Final Report, 540, 541, 546, 548, 556 benchmarks, 61, 591 breaches of, 186, 594, 650 cost of capital, 186, 233, 526, 559–561, 564, 576, 580, 582, 584, 592–593, 601 Internal procedures, 186, 594 legal requirements, 186, 594 liquidity risk, 187, 234, 526, 581, 582, 584, 592–593, 601 risk adjustments, 184–189, 195, 404–408, 463, 526, 528, 533, 537, 538, 549, 550, 553, 559–569, 572, 573, 575, 578–587, 591–594, 601, 602, 604–606, 612, 629–633, 672, 676, 722, 1131, 1162, 1163 risk appetite, 559, 592–594, 1162, 1163 risk appetite limits1, 186, 594 time horizon of risk, 235, 603, 719 variable remuneration, and, 629, 719, 721, 722 ‘alignment effect’ with shareholder interests, 61, 191, 192, 194, 567, 568 amount, 76, 575, 582, 643 Approach and structure of Part 4 variable pay and risk-taking, 513 APRA Revised Draft Prudential Standard CPS 511 Remuneration 510RemPol, 726–729 511BrdRole, 716 511Defer&Claw, 724, 725 511OtherReq, 730 511RemDesign, 718–720 511RemFrame, 715, 717, 718 511RemOuts, 721 511SpecRole, 722, 723 APRA Clawback, 725 APRA Deferral, 724 Other Requirements of CPS 511, 729–731 remuneration framework, 715–718, 721, 723, 730 remuneration Policy, 715, 716, 726–731

1340 Incentives (cont.) review of the remuneration framework, 717–718 Role of the Board in the Remuneration framework, 716–717 Variable Remuneration Deferral and Clawback, 724–725 variable remuneration design, 718–720 variable remuneration of specified roles, 722–723 variable remuneration outcomes, 721–723 BEAR BEAR deferred remuneration obligations of the ADI, 17, 122 BEARDeferVarRem, 17, 122, 149, 698 Governance variables for deferred remuneration, 696–700 Section 37E, 697 See also Bank Executive Accountability Regime (BEAR) benchmarks adjusting pay benchmarks for risk, 526, 593–594 BRC and risk appetite and weightings for incentives, 1162–1163 ‘Buyout’ rather than ‘reward,’ 515–516 calculated be economic profit not revenue, 591 chairperson pay, 661–662 compensation/remuneration committee 511CC, 21, 125, 456, 457, 547, 548 2019ASXCC, 21, 126, 484–488, 540–545 APRA Final Report, 539–556 APRA Revised Draft Prudential Standard CPS 511 Remuneration, 713–731 ASX Principles and recommendations, 539–555 CBA Risk Gate Opener, 552–553 CC, 17, 122, 456, 540, 547, 864 Composition, 539–555 function, 539–555 group values, 187, 551, 552 IIF examples of risk-adjusted compensation and incentives, 564–570 IIF Risk-based Incentive Principles, 559 KPI performance management, 551–552 long-term profitability adjusted for cost of capital, 559–560

Index NABCC, 18, 123, 276, 277, 554 NAB Self-Assessment 2018, 539–554 OECD 2010 Conclusions and Practices, 531, 558–559 OECD Key Findings 2009, 183, 191–194, 199, 555–557, 603 organisation as a whole and firm-wide profit, 562 remuneration policy, and, 527 risk-taking and risk appetite, 560–561 ‘risk time horizon,’ 188, 561–562, 604 severance pay, 563, 663 Walker Review 2009, 539–555 See also Above Compensation variables from Stage 1 [DirCEO$] (+/-), 517, 533, 536, 537 [EqOptEntrch] (-), 518, 533, 535–537 [EqOptIncent] (+), 517, 533–537 summary of studies, 105, 522, 533 ‘Core’ components of remuneration disclosure, 105, 514–515 Remuneration in ‘bands, of, 105, 526 deferred remuneration BEAR deferred remuneration obligations of the ADI, 17, 122 BEARDeferVarRem, 17, 122, 697 governance variables for deferred remuneration, 696–700 Section 37E, 697–699 See also Bank Executive Accountability Regime (BEAR) disclosure of band and elements of compensation economic profit not revenue, 591 encouraging high or excessive risk-­ talking, 79 equity and option compensation EqOptRiskAlignHighEnd] (+)-Equity and Options for Executives and High End Employees-Level of Risk-Taking in Alignment with Shareholder Interests, 61, 105, 567, 568, 589 EqOptRiskFailHighEnd] (-)-Equity and Options for Executives and High End Employees-Risk-Taking in Excess of Risk Appetite-­ Likelihood of Bank Failure, 61, 105, 561, 567, 569, 589 risk ‘alignment’ effect and risk ‘failure’ effect of equity and options, 537–539 executives and ‘high end’ employees required minimum shareholdings, 526, 528, 550, 588–589

Index ‘retention’ vesting arrangements, 526, 588–589 ‘skin in the game’ shareholdings, 526, 588–589 failure to match strategy and risk appetite, 76 FSB Framework for Assessing Risk Culture (FSBCult) FSBCultIncent, 843 FSB indicators of a sound risk culture, 839, 841, 842 Incentives, 108, 836, 842–844 FSB Implementation Standards (FSBIS), 595–612 FSBIS 1 and 2 Compensation/ Remuneration Committee structure and governance, 608 FSBIS 3 compensation and capital, 609 FSBIS 4-14 pay structure and risk alignment, 609–611 FSBIS 15 disclosure, 611–612 FSB Principles for Sound Compensation Practices (FSBP) adjusted for all types of risk, 600 Board to monitor and review compensation system to operate as intended, 598–599 board to oversee compensation system design and operation, 669 Clear, comprehensive and timely information on compensation practices, 235, 606, 612 financial and risk control staff to be independent, have authority, etc, 599–600 FSBComp, 17, 122 FSBP 1-3 effective governance of compensation, 596–600 FSBP 4-7 effective alignment of compensation with prudent risk-taking, 600–605 FSBP 8-9 effective oversight and engagement by stakeholders, 605–607 mix of cash, equity, etc to be consistent with risk alignment, 605 outcomes symmetric with risk outcomes, 602 payout schedules sensitive to time horizon of risk, 603 rigourous and sustained review and deficiencies addressed, 606 FSB’s Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, the use of

1341 compensation tools to address misconduct risk (FSBSupp) FSBSupp 1-4 governance of compensation and misconduct risk, 668–670 FSBSupp 5-7 effective alignment of compensation with misconduct risk, 670–673 FSRC Final Report clawback, 676, 679, 682 commentary and recommendations in relation to remuneration, 668, 675–686 culture, 108, 683–686 Design of variable remuneration, 676, 678–679 disclosure of consequences, 680–681 executive remuneration, 106, 676–681 experimentation in the design of remuneration, 676–678 ‘Front-line’ or ‘customer-facing’ staff, 682–686 governance, 5, 7, 11, 18, 108, 120, 123, 676–686, 844–849, 861, 862 Issues of implementation, 680–682 performance management, 683–686 proportion of fixed and variable remuneration, 676, 678 remuneration, 675–686 risk-related adjustments to remuneration, 680 Sedgwick Review, 682–684, 686 supervision of remuneration translated for boards, 681–682 ‘High end’ employees disclosure of band and elements of compensation, 105, 184, 563, 570–573, 607, 1202 [EqOptRiskAlignHighEnd] (+)-Equity and Options for Executives and High End Employees-­Level of Risk-Taking in Alignment with Shareholder Interests, 61, 567, 568 [EqOptRiskFailHighEnd] (-)-Equity and Options for Executives and High End Employees-Risk-Taking in Excess of Risk ­Appetite-­ Likelihood of Bank Failure, 61, 567, 569 executives and high end employees, 517, 577, 591 risk ‘alignment’ effect and risk ‘failure’ effect of equity and options, 537–539

1342 Incentives (cont.) ‘Inside debt’ compensation reduces risk-taking, 514, 659–660 Key/Core variables from Stage 1 [DirCEO$] (+/-), 517, 533, 536, 537 [EqOptEntrch] (-), 117, 518, 533, 535–537 [EqOptIncent] (+), 117, 517, 533–537 summary of studies, 105, 522, 533 Long-term variable remuneration (LTVR), 514, 515, 565, 566, 577 Material risk-takers (MRTs) not promote excessive risk, 513, 526 ‘Mix’ or composition, 61 Moody’s challenges for executive compensation, 532 Moral hazard, 518, 576, 1119 NAB Self-Assessment 2018 board oversight of remuneration practices, 620–621 consequence management for variable remuneration, 616–620 NABBrdOseeRem, 872 NABComp, 613–625 NABCompBoard, 620 NABCompConseqMan, 616–620 NABCompRem, 621, 622, 624, 625 NABCompRemConseq, 624, 625 NABCompRisk&Cond, 622–624 Recommendations and commentary on remuneration, 106, 613–625 remuneration and consequence management, 872 remuneration consequence, 621, 624–625 Remuneration framework-fixed and variable remuneration, 614–616 remuneration governance model, 621–622 risk and conduct within the remuneration framework, 622–624 Non-executive pay differentials, 661–662 not matched to bank strategy, 79 long-term interests, 79 risk appetite, 79, 1162 OECD Key Findings 2009 Absence of pay for performance, and, 530–532 overview of multiple governance failures, 76–77 ownership structure, and owner-control, 651–654, 810, 811

Index predict increased risk-taking and bank failure, 513–514 predicts increased risk-taking and bank failure, 513–514 shareholdings of lower-level management, 513, 648–651 pay not linked to performance enhanced disclosure, 662–663 exceptional commencement/ termination/pension arrangements, 662–663 ‘golden hellos,’ 662–663 ‘golden parachutes,’ 662–663 remuneration and consequence management NABBrdOseeRem, 872 NAB Self-Assessmenmt 2018, 872 remuneration consultants code of conduct, 526, 529, 551, 589–590 restrictions, 61, 105, 513, 574–587 [CCRemClawBack] +), 577, 578, 583, 586, 587, 589 [CCRemDefer] (+), 577, 578, 583, 586, 587, 589 [CCRemDelay] (+), 577, 578, 583, 586, 587, 589 [CCRemLock-up] (+), 577, 578, 583, 586, 587, 589 [CCRemRestrictPropn] (+), 577, 578, 583, 586, 587, 589 clawback, 61, 105, 526, 574–587, 589 deferral, 61, 105, 526, 574–587, 589 delay, 65, 105, 526, 574–587, 589 lock-up, 61, 105, 526, 574–587, 589 ‘malus/for feiture’ provisions, 526, 575–577 material risk-taker, 575–577 risk-taking exceeding risk appetite, 1099 likelihood of bank failure, 519, 520, 522–524 ‘Say on pay’ shareholder votes, 529, 557, 647 schemes and arrangements, 76 Sedgwick Review, 515, 620 shareholder value maximisation in banks alignment, 644, 646, 647, 651, 655, 657–660 cashing-out equity and options, 645–647 [CCCashOutLimit] (+), 647, 657, 658 [CCCashOutRisk] (-), 647, 657, 659

Index [CCSTIncentRisk] (-), 644, 645, 647, 655, 656, 659 compensation, 643–647, 649, 650, 652–660 [EquityHigherLvlMan] (+/-), 651, 655 [EquityLowerLvlMan] (-), 650, 651, 655 equity ownership not aligned where holding positions are short-­ term, 656–658 existing [NationGov*] (+) variable, 653 Incentive equity holdings/plans of directors and officers, 648 Incentives and risk-taking, 645–647 incentives, governance variables and shareholder wealth-­ maximisation, 642–647 Incentives tied to short term share price, 644, 655, 656 ‘Inside debt’ compensation reduces risk-taking, 514, 659–660 long-term stockholding and capping the ratio of variable to fixed, 656–658 national governance/shareholder protection regime, 653, 816 owner-control, 651–654 [OwnerControlRisk] (-), 653 predict bank failure, 648–651 predicts bank failure, 651–654 problems with long-term stockholding, 658 risk preference of bank managers and shareholders may diverge, 654–655 shareholdings of higher-level management, 649, 651, 655 shareholdings of lower-level management, 648–651 traditional governance variables maximise the share price, 513, 642–647 short-term bonuses, 513, 654 short-term share price shareholder wealth-­ maximisation, 97–99 short-term variable remuneration (STVR), 514, 515, 549, 577, 580, 581, 586 structure, 79, 246, 512, 564, 573, 836 summary of studies and new governance variables, 105, 522 time horizon, 76, 561, 565 variable pay

1343 compensation governance variables, 517–518, 591 deposit insurance increases risk-taking, and, 518–519, 653 limited liability increasing risk-taking, and, 513, 519–520 short-term profit results and reporting increasing risk-taking, and, 520–522 Walker Review 2009 recommendations, 527–529 ‘wall street bonus system,’ 513 Westpac Review Team 2018 accountability frameworks and policies, 637–638 adjustments for short-term variable reward, 630–633 Bank Executive Accountability Regime (BEAR), 638, 639 deferral of variable reward, 634–635 diffusion of accountability, 638 factors that inform accountability outcomes, 637–639 Implementation of Sedgwick recommendations, 635 navigation and consistency of frameworks and policies, 633 non-remuneration components of consequence management, 635–636 recommendations and commentary on remuneration, 106, 627–639 remuneration approach-fixed and variable remuneration, 628–629 risk gates for Short-term variable reward, 629–630 use of malus provisions, 634 WBCComp, 628–635 WBCCompDeferral, 634 WBCCompMalus, 634 WBCCompMulti, 633 WBCCompSedgwick, 635 WBCCompSTVR, 628–633 WBCCompSTVRRiskAdjust, 630–633 WBCNonRemConseqMan, 635–639 WBCNonRemConseqManBEARAcc, 639 See also Compensation; Remuneration Independence ASX, 738–740, 772–774, 822

1344 Independence (cont.) bank-specific, 736, 737, 744, 776–779, 782, 822 board, 7, 42, 48, 50, 57, 61, 65, 77, 108, 116, 170, 171, 517, 535, 572, 607, 664, 690, 709, 736, 745–746, 755, 772, 773, 775–777, 781–784, 798, 800, 802, 806, 807, 813, 814, 818, 821, 939, 940, 946, 953, 956, 970, 1026, 1033, 1065, 1086, 1100, 1122, 1161, 1203, 1242, 1282 committees, 92, 93, 107, 735–746, 968 CRO, 743–745, 833, 852, 862 expertise expertise, at expense of, 76, 78 ‘Fit and Proper Person,’ 108, 736, 744, 771–793 Incentives, 744, 776, 778, 779, 836, 842–845 Non-executive directors (NEDs), 736–737, 740, 744, 745, 772–775, 777, 778, 782–784, 793, 818–822, 825–832 ownership structure, 780, 781 risks management function or second line in risks, 1028, 1204, 1211–1212 Information board, 956, 1204 Board Risk Committee (BRC) independence (see also Non-­ executive directors) committees, 197, 990 escalation (see Escalation) failures and failings ASIC Governance Taskforce 2019, 1045, 1057–1059, 1063, 1087, 1125, 1141, 1145 Escalate problems or ‘red flags’ generally-deficiencies in the flow of information upward through the bank to senior management and/or the board, 1023, 1038, 1046, 1058, 1210 escalation, 110, 1172, 1173, 1208, 1209 escalation of information or ‘red flags, 211, 1208 [FailRedFlag] (-), 62, 979, 1038, 1046, 1058, 1079, 1146, 1175, 1210 information flows, 21, 62, 126, 212, 474, 1045, 1057–1062, 1067, 1145, 1146 issue, 109, 1045–1062, 1213, 1217 ‘Fit and Proper Person’ test

Index APRA Prudential Standard 520 Fit and Proper, 783–793 Fit and proper person variables, 783–793 Information to be provided to APRA, 783–793 Flow, 7, 41, 56, 65, 116, 600, 763, 775, 797, 814, 821, 865, 897, 928, 932, 955, 968, 1023, 1045, 1067, 1101, 1107, 1108, 1131, 1168, 1176, 1256, 1264, 1276 FSBComp, 17, 122 incentives clear, comprehensive and timely information on compensation practices, 235, 606, 612 FSBP 8-9 effective oversight and engagement by stakeholders, 605–607 FSB Principles for Sound Compensation Practices (FSBP), 605–607 Independence See also Non-executive directors independence existing governance variables based on independence ingredient, 775 Key/Core governance variables from Stage 1, 57 NEDs (see Non-executive directors (NED)) real time, 35, 1024, 1031, 1041 ‘red flag,’ 62, 228, 1038, 1046, 1058, 1079, 1146, 1176, 1210 risks APRA Information Paper 2019, 17, 109, 122, 927–930 APRA’s acknowledged weaknesses are already known, 1002, 1003 Deficiencies in the flow of information upward through the bank to senior management and to the board, 1023, 1038, 1046, 1058, 1210 escalate problems or ‘red flags,’ 979, 1078, 1148, 1175 failings, 109, 1024–1044 failure of information flow on risks in CDOs and other financial products, 1023, 1027, 1039, 1123 flow of information about risks, 1023, 1040, 1241 information flow due to conducting stress tests with past information, 230, 1023, 1039

Index information flow on identifying risks, 1023, 1038 information flow on leverage and risks, 227, 1023, 1038, 1118 information flow on risks in CDOs and other financial products, 1023, 1027, 1039, 1123 information flow to senior management due to ‘silo structures, 227, 1023, 1039 insufficient information and challenge, 1002, 1003 non-financial risk, 60, 190, 709–711, 867–869, 873, 877, 879, 997–1004, 1057–1062, 1102, 1147, 1148, 1265, 1276, 1279 over-reliance on regulatory capital ratios and rates of return on equity, 227, 1023, 1038, 1118 separation and low status of risk managers, 227, 600, 1037 ‘silos,’ 181, 380, 1202, 1205, 1207, 1212 See also Incentives; Non-executive directors; Risks ‘Inside debt’ compensation, see Incentives Insiders board, 648 CEO, 31, 64 distinguished from outsiders, 25, 30–32, 538, 656, 969 management, 31, 64, 116, 558 Three Relational Axes of Good Governance Positional Conflict Axis No. 3, 25, 30–32 Internal audit, see Three Lines of Defence Model Internal stakeholders, see Insiders International Institute of Finance (IIF), see Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications Interrelationship governance factors, 25, 27–30, 33, 38–41, 46, 47, 49, 55, 67, 535, 970, 1007 governance variables, 25, 27–30, 33, 38–41, 43, 46, 55, 67 Shareholder Primacy Interrelationship Scheme Figure 3.1, 67 Interrelationship Schemes Shareholder Primacy Interrelationship Scheme Figure 3.1

1345 affects, 39, 40, 55 arrows, 39 Direction of effect, 39, 55 dual direction (+/-), 67 influences, 39, 60, 80 negative direction (-), 67 one-way, 34, 604, 658 positive direction (+), 47, 67 reflexive relationship, 47, 535 switches-on, 39 two-way, 39 stakeholder model, 27, 29 K Key BEAR key personnel obligations, 17, 122 section 37D, 154, 155, 695, 696 Field Key Field No. 1–The Application of the Principal Theories of the Firm to the Relational Approach, 26, 642 Key Field No. 2, 26 Key Field No. 3–Comparative Corporate Governance Codes, 26, 49, 54, 65, 91 Key Field No. 4, 97 Key Field No. 5–Banks in the GFC and Beyond, vi, 5, 35, 72, 77, 735–746 governance variable, vi, 4, 7, 8, 22, 48, 57, 65, 104, 116, 117, 127, 1281 grouping, prefix/abbreviation Table 10.1, 16–22, 104, 122–126 key/core governance variables from Stage 1 [AudCom] (+)-Audit Committee-­ Presence, Operation and Frequency, 7, 41, 57, 65, 116, 133, 479, 968–970, 1281 [BrdIndInfo] (-)-Board Independent Director: Executive Director Proportion–Information Flow and Decision Quality ‘Trade-off’, 7, 41, 57, 65, 116, 170, 775, 814, 821, 939, 1122, 1282 [BrdIndMon] (+)-Board Independent Director: Executive Director Proportion–Monitoring Effect, 7, 42, 57, 61, 65, 116, 517, 775, 782, 784, 798, 800, 802, 807, 814, 821, 940, 1065, 1086, 1100, 1282

1346 Key (cont.) [BrdSkills] (+)–Board–Director Skills ‘Mix’, 7, 42, 57, 60, 65, 117, 781, 782, 1282 [EqOptEntrch] (-)-Equity/Option Plans and Holdings of Directors/ Executives–‘Entrenchment’ Effect (excludes short-term options), 8, 43, 57, 61, 65, 117, 518, 589, 1282 [EqOptIncent] (+)-Equity/Option Plans and Holdings of Directors/ Executives–Incentive/’Alignment’ Effect (excludes short-term options), 8, 57, 61, 65, 117, 517, 588, 1282 [TransTimeMon] (+)-Transparency and Timing of Reporting– Monitoring Effect, 8, 44, 48–50, 57, 62, 65, 117, 1018, 1282 questions and enquiries, 22 reporting ‘Key’ or ‘Core’ governance variable, 7 [TransTimeMon] (+)-Transparency and Timing of Reporting– Monitoring Effect, 8, 44, 48–50, 57, 62, 65, 117, 1018, 1282 Sahlman, William key questions, 72 Stage 1, 22, 30, 51, 57, 59, 61, 65, 104, 116, 117, 127 Westpac Reassessment ‘key areas’ identified by Westpac for shortcomings, 14 Key Code and Advanced Handbook ‘control code’, 7 ‘deep dive’, 7, 16 L Legal risk operational risk, 15, 748, 761, 916 Lenders three relational axes of good governance Positional Conflict Axis No. 3, 30, 31 Lending ‘long’ maturity transformation, 35, 85, 1031, 1042 See also Risks Leverage distinguishing features, 85 excess of, 77, 79 factors contributing to short-term emphasis and acceptance of increased leverage, 1024–1124

Index failures and failings excessive leverage, 77, 79 government bailout, and, 806–808 ‘hidden leverage’ [BankHiddenLev] (-), 802, 803 [TransTimeHideLev] (-), 803 high [BankHighLevRisk] (-), 93, 806–811, 815 ownership structure [BankHighLevRisk] (-)–banks–level of leverage (high)–effects of risk-taking, 806–807 bank size and leverage related to probability of bailout, 806 governance structure and government bailout, 108, 805–816 regulation encouraged excessive leverage, 77, 79 self-regulatory rules, 80 risks failings, 77, 79 information flow on leverage and risks, 227, 1038, 1118 leverage, 77, 79, 85, 86, 162, 227, 656, 806–808, 1030, 1038, 1117, 1118, 1133 management, 96 over-reliance on regulatory capital ratios and rates of return on equity, 1038, 1118 See also Risks Lines of responsibility accountability, 8, 16, 58–60, 66, 1008 complexity complex and opaque bank financial instruments, 1010–1011 complex and opaque bank structures, 1006–1008 complexity of financial products, 1118–1123 [NEDFinProdInfo] (-)–Banks–Non-­ Executive Directors-Complex and Opaque Financial Products– Reduction in Decision-making Quality and Delineation and Disclosure of Powers, Duties and Lines of Responsibility, 1011 [NEDBankStructInfo] (-) variable– Banks–Non-Executive Directors-­ Complex and Opaque Bank, Group and Entity Structures–Reduction in Decision Quality and Delineation and Disclosure of Powers, Duties

Index and Lines of Responsibility, 1009–1010 governance factors No. 8 Responsibility-Delineation and Disclosure of Powers, Duties and Lines of Responsibility, 33 Shareholder-Primacy Interrelationship Scheme Figure 3.1, 38–40 Liquidity risk, 77, 79, 85, 86, 187, 234, 355, 526, 581, 582, 584, 592–593, 601, 602, 609, 676, 808, 1018–1020, 1036, 1085, 1117, 1133, 1135, 1138, 1197, 1199, 1259 adjustments to variable remuneration risk adjustments, 463, 578, 722 See also Incentives complexity financial institution level, 1016, 1018–1020 liquidity disclosure, 1019–1020 principles, 1117, 1197, 1199 transparency and disclosure, 563, 1015 distinguishing features, 85 ownership structure [BankDebtTransRisk] (-)-Banks– Maturity Transformation of Bank Debt–Effects of risk-taking, 808 [BankLiqRisk] (-)-Banks-Continuous Liquidity Requirement-Effects of Risk-taking, 808 governance structure and government bail-out, 808 ‘maturity transformation’ of bank debt and a continuous supply of liquidity, 808 risk [BankDebtTransRisk] (-)-Banks– Maturity Transformation of Bank Debt–Effects of risk-taking, 808 [BankLiqRisk] (-), 93, 808 [BankLiqRisk] (-)-Banks-Continuous Liquidity Requirement-Effects of Risk-taking, 808 continuous access/requirement, 86, 808 cut-off/shortness of, 86, 808 liquidity, 77, 79, 85, 86, 187, 234, 355, 526, 581, 582, 584, 592–593, 601, 602, 609, 676, 808, 1018–1020, 1036, 1085, 1117, 1133, 1135, 1138, 1197, 1199, 1259 ‘maturity transformation’ of bank debt and a continuous supply of liquidity, 808

1347 Long-term efficiency, see Agency costs; Efficiency M Management, 4, 28, 38, 54, 64, 72, 86, 95, 104, 116, 513, 532, 596, 616, 629, 642, 664, 669, 678, 688, 714, 736, 748, 758, 765, 797, 806, 818, 864, 894, 928, 933, 945, 969, 1007, 1024, 1046, 1064, 1096, 1106, 1126, 1154, 1172, 1248, 1249, 1255, 1263, 1275 consequences, 13, 18, 20, 108, 123, 125, 277–280, 340, 427–430, 462, 503, 581, 584, 616–621, 635–639, 709, 711, 721, 872, 887, 1052, 1111, 1221, 1242, 1244, 1270, 1283 Governance factors (see Shareholder-­ Primacy Interrelationship Scheme Figure 3.1) Compensation-Board, CEO and Management Compensation and Incentives, vi, 28, 33, 34, 39, 54, 64, 969 No. 3Alignment-Alignment of Management and Shareholder Interests, v, 28, 33, 34, 39, 54, 64, 516, 534, 535, 969 No. 5Risk Management, Monitoring & Audit-Risk Management and Internal and External/Audit Monitoring Quality, 28, 33, 55, 64 No. 7Decision-making-Quality of Board, CEO and Management Decision-making, vi, 28, 33, 55, 64 Mapping Governance and management structures, of, 8 NAB customer experience board (CXB), 873 ELT risk committees, 873 executive risk committees, 873 Group Risk Return Management Committee (GRRMC), 271, 275, 306–313, 867, 873–880, 1049 NAB First Line risk and control ownership, 1266–1268 NAB RMF, 1028, 1264 NAB Second Line Compliance function, 1269 NAB Second Line Conduct Risk, 1270 NAB Second Line Operational Risk, 1271

1348 Management (cont.) NAB Second Line risk management and risk reporting, 1269 NAB self-assessment 2018, xi, vii, 11, 13, 18, 106, 108, 120, 123, 539–553, 613–625, 737, 826, 837, 839, 851–856, 863–891, 894, 895, 963, 964, 975, 976, 984, 986, 988, 991, 1046, 1047, 1053, 1054, 1137–1146, 1264, 1266, 1269–1272 remuneration and consequence management, 108, 872, 1111, 1221 reporting to the board, 18, 108, 123, 865–870, 1091, 1248 role of senior management, 108, 864 role of the board, 108, 848, 864 senior leadership oversight, 108, 873–880 Technology and Operations Risk Management Committee, 313, 874 Value Chain Risk Management Committees, 314, 874, 880, 1267 See also Risks NABCompConseqMan NAB consequence management for variable remuneration, 18, 123 NABCompConseqMan (see Incentives) NABRedFlag NAB board oversight of risk management in relation to failure to escalate problems or ‘red flags, 18, 123 NABRedFlagComplyBr NAB board oversight of risk management in relation to compliance breach assessment and reporting, 19, 123 NABRedFlagCustComplain NAB board oversight of risk management in relation to capture and reporting of customer complaints, 19, 123 NABRedFlagOpRisk NAB Operational Risk Management Policy, 1047–1049 NABRiskMan NAB risk management and compliance, 19, 123 NAB Self-Assessment 2018 Consequence management for variable remuneration, 18, 123, 277–280, 616–620 NABCompConseqMan, 18, 123, 277–280, 616–620

Index Remuneration, 106, 539–554, 613–625, 872 NFRMan APRA’s Non-Financial Risk Management-­Failings in Non-­ Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks, 19, 124 Non-executive directors (NEDs), 61, 62, 108, 109, 527, 541, 736–738, 740, 741, 744, 745, 750, 751, 754, 755, 759, 760, 767–769, 772, 774, 782, 821, 822, 825, 935, 937, 942, 986, 1027, 1145, 1154, 1161, 1166, 1240 Board Risk Committee (BRC) Independence, 1129, 1131, 1154, 1155, 1161 [BRCIndFreq] (+)-Board Risk Committee-Independence in combination with Frequency of Meeting-Enhancement in Risk Management and Internal Monitoring, 1131 expertise, 336, 735, 750, 932–944, 1122 See also Non-executive directors (NEDs) risks Bank-specific variables exhibiting deficiency in banking industry knowledge and competence, 1122 communication, 1028, 1172, 1177, 1190, 1196, 1201–1209, 1211, 1212, 1216, 1281 Complex and opaque nature of securitised/financial products, 1123 Credit rating deficiency variables, 1121 expertise, 1024, 1031, 1041, 1187 failings, 1023–1044, 1172, 1176, 1182, 1183, 1193, 1199, 1203, 1211, 1213, 1217, 1222, 1227, 1231, 1235, 1241–1245, 1256, 1264, 1267–1276 Failure of information flow on risks in CDOs and other financial products, 1027, 1039, 1123 Governance variables for complexity of financial products, 1121–1123 Inadequate oversight, risk management and complexity of financial products, 110, 1118–1120 Inadequate risk management and internal controls, 109, 737, 933–935, 1027, 1122

Index management function or second line, 1028, 1204, 1211–1212 non-financial risks, 4, 7, 14, 73, 678, 681, 682, 715, 739, 751, 860, 861, 874, 876–878, 880, 884, 913, 914, 998, 1057, 1059, 1061, 1062, 1089, 1111, 1143 risk management framework (RMF), 20, 110, 125, 252, 259, 266, 276, 330, 332, 434, 442–446, 450, 454, 455, 468, 481, 554, 619, 669, 715, 726–729, 739, 742, 750, 785, 888, 930, 973, 975, 1025, 1028, 1036, 1082, 1093, 1106, 1127–1129, 1139, 1143, 1155, 1173, 1194, 1256–1261, 1263–1273, 1279 risk management strategy (RMS), 20, 110, 125, 259, 266, 440–442, 446, 837, 888, 1025, 1027, 1029, 1030, 1035, 1063, 1081–1094, 1130, 1139, 1142, 1257, 1260 risk management systems, 13, 77, 79, 145, 521, 787, 1029, 1032, 1034, 1078, 1115, 1120, 1216 risk modelling deficiency variables, 1121 SecLine, viii, 19, 124 SManRedFlag Risk management-failure by senior management to escalate problems or ‘red flags, 19, 124 three lines of defence model, 259, 888 Mapping Accountability Accountability Map, 16, 58, 99, 104, 107, 155, 700–702 Accountability (see Bank Executive Accountability Regime (BEAR)) Accountability Statement (see Bank Executive Accountability Regime (BEAR)) Governance and management structures, of, 8 mapping the bank negative variables, 60, 66 positive variables, 59–60 Step 1-build the existing map of the bank, 58, 127 Step 2-compare the existing bank map to the list of Stage 2 variables, 59, 127 Step 3-add variables that are missing, 59, 127

1349 Step 4-check examination and evaluation points, 59, 127 Market for corporate control control, 96–97, 642, 1007 ‘Substitution effect’ of governance variables, 96 Weaker, 96–97 Material risk-takers (MRTs), 35, 1024, 1031, 1044 disclosed, 35, 1031 ranked in order of importance, 35, 1024, 1031, 1044 risks failings, 1024, 1031, 1044 Failure in transparency and understandability of material risk factors ranked in order of importance, 1024, 1044 management, 35, 1024, 1031, 1044 See also Incentives; Risks Maturity transformation borrowing short, 35, 85, 227, 1031, 1042 Debt, of, 85, 86, 93, 141, 808 Lending long, 35, 85, 227, 1031, 1042 ownership structure [BankDebtTransRisk] (-)-Banks-­ Maturity Transformation of Bank Debt--Effects of risk-taking, 808 [BankLiqRisk] (-)-Banks-Continuous Liquidity Requirement-Effects of Risk-taking, 808 ‘Maturity transformation’ of bank debt and a continuous supply of liquidity, 808 risks [BankDebtTransRisk] (-)-Banks-­ Maturity Transformation of Bank Debt--Effects of risk-taking, 808 [BankLiqRisk] (-)-Banks-Continuous Liquidity Requirement-Effects of Risk-taking, 808 ‘Maturity transformation’ of bank debt and a continuous supply of liquidity, 808 Misconduct, see Conduct Monitoring board, 736, 777 [BrdIndMon] (+) Board Independent Director: Executive Director Proportion-Monitoring Effect, 7, 42, 57, 61, 65, 116, 171, 517, 775, 782, 784, 798, 800, 802, 807, 814, 821, 940, 1065, 1086, 1100, 1282

1350 Monitoring (cont.) Key/Core variable, 65 culture, 737–746, 818–825, 827–831, 833–844, 846–860, 865–871, 873–891, 894–930, 1064–1077, 1079–1082, 1084–1094 effect, 7, 41, 57, 65, 108, 116, 517, 535, 598, 664, 689, 736, 754, 759, 767, 772, 798, 807, 818, 895, 928, 934, 946, 959, 969, 1018, 1026, 1046, 1065, 1096, 1108, 1126, 1157, 1173, 1250, 1282 governance factors No. 5Risk Management, Monitoring & Audit-Risk Management and Internal and External/Audit Monitoring Quality, 33, 55, 64 governance variables, 41–44, 46–50, 116, 117, 128–145, 157–171, 173, 177–184, 192, 196–219, 225–232, 235–246, 249, 250, 252–255, 257–278, 283, 287–339, 342–350, 352–386, 389–392, 395–402, 409–427, 430–452, 464–478, 480–484, 488–507, 1250–1253, 1255–1260, 1275–1286 Key/Core governance variables from Stage 1 [BrdIndMon] (+)-Board Independent Director: Executive Director Proportion-Monitoring Effect, 116 Non-executive directors (NEDs), 19, 108, 124, 527, 649, 661, 727, 736, 750, 757, 766, 773, 797, 807, 818, 894, 932, 946, 957, 968, 1008, 1027, 1060, 1064, 1100, 1121, 1129, 1154 [AudIndMon] (+)-Audit Committee-­ Independence-­Monitoring Effect, 41, 137, 517, 775, 814, 821, 939, 968 Board Risk Committee (BRC) Independence, 1129, 1131, 1154, 1161 [BRCIndFreq] (+)-Board Risk Committee-Independence in combination with Frequency of Meeting-Enhancement in Risk Management and Internal Monitoring, 941, 1131 [BRCIndInfo] (-)-Board Risk Committee-­Independence-­ Information Flow and Decision Quality ‘Trade-off, 940, 1131

Index [BRCIndMon] (+)-Board Risk Committee-Independence-­ Enhancement in Monitoring Effect, 938, 1131 [BrdIndMon] (+)-Board Independent Director: Executive Director Proportion-Monitoring Effect, 7, 42, 48, 50, 57, 61, 65, 116, 171, 517, 535, 572, 607, 664, 690, 709, 775, 782, 784, 798, 800, 802, 807, 814, 821, 940, 946, 970, 1026, 1033, 1065, 1086, 1100, 1203, 1242, 1282 [BrdIndMon] (+)-Board Independent Director: Executive Director Proportion-Monitoring Effect, 7, 42, 48, 50, 57, 61, 65, 116, 171, 517, 535, 572, 607, 664, 690, 709, 774, 782, 784, 798, 800, 802, 807, 814, 821, 940, 946, 970, 1026, 1033, 1065, 1086, 1100, 1203, 1242, 1282 deficiency, 336, 337, 777, 778, 797, 800, 802, 932–934, 957, 1009–1011, 1017, 1121–1123 existing governance variables based on independence ingredient, 775 Governance variables recommended by OECD, 782, 792 Greater challenge, debate and testing, 820–822 Independence, 754, 755, 759, 938–941, 1131, 1133, 1161 ‘Key’ or ‘Core’ governance variable, 7 [NEDBankSecurznInfo] (-)-Banks-­ Non-­Executive Directors-­ Deficiency in Knowledge of Securitization Process of Bank Financial Products-Reduction in Decision-making Quality, 337, 771 [NEDBankSkillsMon] (+) variable-­ banks-­non-executive directors-­ policies and standards on bank-specific competencies, skills and professional qualities-­ enhancement of monitoring and skills effect, 781, 782 [NEDBankWorksInfo] (-)-Banks-­ Non-­Executive Directors-­ Deficiency in Knowledge of Internal Workings of Banks-­ Reduction in Decision-making Quality, 337, 777, 778, 932, 1009, 1122

Index [NEDFit&ProperTest] (+) variable-­ banks-­non-executive directors-­ supervisory authority policies and standards on ‘fit and proper person’ test-enhancement of monitoring and skills effects, 783 OECD findings on independence and competence, 744, 779–783 relational effect path, 46–48, 754, 759–760, 807, 810, 939–941 reporting, 237, 840, 1025, 1036, 1258 risks failures, 761 Internal controls, 34, 1247 management, 23, 28, 46, 55, 64, 108, 134, 523, 607, 664, 690, 736, 755, 767, 782, 797, 807, 827, 865, 894, 928, 935, 959, 969, 1012, 1025, 1064, 1103, 1110, 1126, 1157, 1173, 1249, 1255, 1265, 1275 Management function or Second Line, viii, 20, 125, 333, 334, 431–435, 490, 491, 600, 1028, 1193, 1204, 1211–1212, 1269–1273, 1276–1281 metrics, 377, 1029, 1089–1091, 1178, 1186 monitoring variables, 738, 741, 742, 748, 1175, 1177, 1179, 1180 risk appetite, 8, 34, 61, 76, 89, 101, 105, 119, 519, 526, 599, 619, 630, 644, 662, 669, 679, 739, 750, 826, 869, 920, 929, 1019, 1024, 1052, 1064, 1095, 1106, 1127, 1159, 1174, 1257, 1264, 1276 SecLine, viii, 8, 19, 124 second line of defence, 110, 1027, 1028, 1106, 1156, 1172–1194, 1199, 1205, 1212, 1238, 1239 strategy, 100, 144, 165, 369, 383, 390, 753, 754, 793, 822, 942, 1018, 1019, 1078, 1079, 1132, 1136, 1167, 1189, 1211 Westpac second line monitoring variables, 1180 Three Relational Axes of Good Governance Objectives Axis No.1, 31 Moral hazard, see Distinguishing features; Incentives; Risks N NAB accountability, 89, 886, 890

1351 board, 18, 19, 123, 620–621, 870–872, 963 committees, 18, 123 cultural inhibitors to targeted culture failure of collective intensity or individual resolve to fix complex issues, 291–294, 895, 902–904 failure to listen and learn from customers, regulators and employees, 295–297, 895, 905–906 NABCultInhib, 18, 123 other priorities put before commitment to customers, 297–300, 895, 907–909 over-reliance on people for deficiencies in systems and processes, 901 rigour and discipline, 287–290, 895, 899–901 cultural ‘levers’ NABCultLever, 18, 123, 300, 301 culture, 894–926 cultural inhibitors, 18, 123, 895, 899–908 cultural ‘levers,’ 896–897 customer outcomes NABPriorityDecisionCust (–), 855 ELT Risk Committees Customer Experience Board (CXB), 306, 873 Group Risk Return Management Committee (GRRMC), 306–313, 873, 875–879 Technology and Operations Risk Management Committee, 313, 874 Value Chain Risk Management Committees, 314, 874, 880 financial objectives and prioritisation NABPriority, 18, 123 growth fund and annual group budget NABPriorityLTGrowth, 853–854 issue escalation, 1046–1062 identification, 1046–1062 resolution, 1046–1062 measuring risk culture NABCultMeas, 18, 123, 301 NAB Risk Management Framework (RMF) NAB first line risk and control ownership, 1266–1268 NAB second line compliance function, 1269–1270 NAB second line conduct risk, 1270 NAB second line operational risk, 1271–1273

1352 NAB (cont.) NAB second line risk management and risk reporting, 1269 NAB Self-Assessment 2018 accountability, 613, 864–891 challenge, 870 closure of issues, 870–872 Executive Risk Committees, 873 further variables for non-financial risk reporting, 869–870 governance, 613, 864–891 NAB compliance and regulatory matters, 868–869 NAB customer impact and outcomes, 866–867 NAB non-financial risk reporting, 867–868 NAB operational and technology risks, 868–869 NAB reporting from third line internal audit, 867 NAB second line risk reporting, 866–867 operation of the board and committees, 864–865 Operation of Executive Leadership Team (ELT) and GRRMC NABELT, 875–880 priorities, 18, 123, 315–321, 851–855 reporting to the board, 18, 123, 865–870 risks, 18, 19, 123, 837, 1028, 1264, 1267 senior leadership oversight, 873–880 strategic planning and performance objectives NABPriorityLTStrat, 852–853 trade-offs in decision-making NABPriorityDecision, 854–855 See also Accountabilities; Board; Culture; Incentives; NAB Self-Assessment 2018; Risks; Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications; Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications NABAcc NAB board accountability, 18, 126 NABAudCom NAB Audit Committee, 18, 123 NABBRC

Index NAB Board Risk Committee, 18, 123 NABBrdAgenda NAB board agenda-setting function, 18, 123 NABBrdChall NAB board challenge and closure of issues, 18, 123, 870–871 NABBrdCm NAB Board and Committees, 18, 123 NABBrdOseeRem NAB board oversight of remuneration policies and practices, 18, 123, 620–621 NABBrdRep NAB reporting to the board generally, 18, 123 NABCC and NABComp NAB Compensation/Remuneration Committee, 18, 123, 276, 277, 554 NABCodesNEDCust NAB Codes Customer Outcomes Committee, 18, 123 NABCompConseqMan NAB consequence management for variable remuneration, 18, 123 See also Incentives NABCompRemConseq NAB application of remuneration consequence, 18, 123, 624–625 See also Incentives NABCompRisk&Cond NAB risk and conduct within the remuneration framework, 18, 123 See also Incentives NABCultInhib NAB cultural inhibitors to targeted culture, 18, 123 NABCultLever NAB cultural levers for desired culture, 18, 123 NABCultMeas NAB measuring risk culture, 18, 123, 897–898 NABCultTone NAB board role-modelling of tone-from-­ the-top, 18, 123 NABCultValues&Behav NAB values and behaviours, 18, 123, 896–897 NABELT NAB Oversight of Executive Leadership Team (ELT), 18, 123 NABNomGov

Index NAB Nomination and Governance Committee, 18, 123 NABPriority NAB financial objectives and prioritisation, 18, 123 NABRedFlag NAB board oversight of risk management in relation to failure to escalate problems or ‘red flags’, 18, 123 NABRedFlagComplyBr NAB board oversight of risk management in relation to compliance breach assessment and reporting, 19, 123 NABRedFlagCustComplain NAB board oversight of risk management in relation to capture and reporting of customer complaints, 19, 123 NABRedFlagOpRisk NAB board oversight of risk management in relation to operational risk management policy, 19, 123 NABRiskMan NAB risk management and compliance, 19, 123 NAB Self-Assessment 2018 accountability NABAcc, 18, 123, 259 board challenge and closure of issues NABBrdChall, 18, 123, 268, 269 board oversight of remuneration practices NABCompBoard, 277, 620 clarity of accountability NABAccClarify, 261, 262 consequence management for variable remuneration NABCompConseqMan, 18, 123 cultural inhibitors to targeted culture failure of collective intensity or individual resolve to fix complex issues, 291–294, 895, 902–905 failure to listen and learn from customers, regulators and employees, 295–297, 895, 905–907 NABCultInhib, 18, 123 other priorities put before commitment to customers, 297–300, 895, 907–909 over-reliance on people for deficiencies in systems and processes, 901 rigour and discipline, 287–290, 895, 899–901 cultural ‘levers’ NABCultLever, 18, 123 customer outcomes

1353 NABPriorityDecisionCust (–), 855 effectiveness of accountability NAB accountabilities for resolving ‘complex’ issues, 890 NAB accountabilities in performance and remuneration, 891 ELT Risk Committees Customer Experience Board (CXB), 873 Group Risk Return Management Committee (GRRMC), 275, 306–313, 867, 873–879 Technology and Operations Risk Management Committee, 874 Value Chain Risk Management Committees, 314, 874, 880, 1267 Executive Risk Committees, 873 financial objectives and priorities, 851–856 financial objectives and prioritisation NABPriority, 18, 123, 321 growth fund and annual group budget NABPriorityLTGrowth, 853 measuring risk culture NABCultMeas, 18, 123, 897, 898 Operation of Executive Leadership Team (ELT) and GRRMC NABELT, 875 remuneration, 613–625 remuneration consequence NABCompRemConseq, 18, 123, 635, 636, 6367 remuneration framework-fixed and variable remuneration NABComp, 614–616 remuneration governance model NABCompRem, 621–622 risk and conduct within the remuneration framework NABCompRisk&Cond, 18, 123, 622–624 senior leadership oversight, 873–880 strategic planning and performance objectives NABPriorityLTStrat, 852 trade-offs in decision-making NABPriorityDecision, 854, 855 See also Accountability; Board; Culture; Incentives; NAB; NAB-prefix Key Groupings; Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications

1354 NEChair Non-executive Chairperson, 19, 124 NEDDiv Non-executive directors-diversity, 19, 124, 338 NEDs challenging and testing risk by NEDs [BankNEDTestRisk] (+), 144, 759–760, 822 challenging and testing strategy by NEDs [BankNEDTestStrat] (+), 145, 759, 822 failures in risk modelling of securitised products for NEDs [NEDRiskModelInfo] (-), 339, 797, 1121 NED development programs [BankNEDDevelopProg] (+) variable-banks-development programs for non-executive directors-enhancement of monitoring effect, 143, 754, 792, 821, 942 NED financial industry awareness [BankNEDFinAwareProg] (+) variable-banks-development programs for financial industry awareness of non-executive directors on risk strategy and management-enhancement of monitoring effect, 144, 754, 793, 822, 942 NED induction [BankNEDInduct] (+) variable-banks-­ induction of non-executive directors-enhancement of monitoring effect, 144, 754, 792, 821, 942 NED support [BankNEDSupport] (+) variable-­ banks-‘dedicated support’ for non-executive directors for information and advice in addition to the normal board process-­ enhancement of monitoring effect, 144, 754, 792, 821, 942 NED training [BankNEDTrain] (+) variable-banks-­ training of non-executive directors-­ enhancement of monitoring effect, 145, 754, 792, 821, 942 proportion of executive and non-executive directors, 109, 737, 955–957

Index rating securitised products for NEDs, 108, 736 risk modelling, 108, 339, 797, 1121 senior independent director, 144, 336, 737, 931, 943, 952 time commitment [BankNEDTime] (+), 145, 755 variables based on credit ratings of securitised products [NEDRatingsInfo] (-), 799, 800, 1121 Non-executive directors generally, 19, 124 See also Non-executive directors (NEDs) Negative governance variables See also Bank Combined Coverage and Relational Proximity Table 10.2; Direction; Governance variables; Relational proximity rating NFRAccFail APRA’s Improvements for non-financial risk accountabilities not being clear, cascaded and enforced, 19, 124, 709–712 NFRCm APRA’s Non-Financial Risk Committee, 19, 124 NFRMan APRA’s Non-Financial Risk Management-­ Failings in Non-Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks, 19, 124 NFRWeak APRA’s Non-Financial Risk Weaknesses– Failings in Non-Financial Risks, 19, 124, 348–350 No. 1 Reporting-Transparency, Timing and Integrity of Financial and Other Reports shareholder-primacy interrelationship scheme figure 3.1, 33, 34, 38–39, 54–55, 64 See also Governance factors No. 2 Compliance-Corporate Governance and Legal Compliance shareholder-primacy interrelationship scheme figure 3.1, 33, 54–55, 64 See also Governance factors No. 3 Alignment-Alignment of Management and Shareholder Interests shareholder-primacy interrelationship scheme figure 3.1, 33, 54–55, 64 See also Governance factors

Index No. 4 Compensation-Board, CEO and Management Compensation and Incentives shareholder-primacy interrelationship scheme figure 3.1, 33, 34, 54–55, 64 See also Governance factors No. 5 Risk Management, Monitoring & Audit-Risk Management and Internal and External/Audit Monitoring Quality shareholder-primacy interrelationship scheme figure 3.1, 33, 34, 54–55, 64 See also Governance factors No. 6 Stakeholders-Identification, Participation and Protection of Stakeholder Interests shareholder-primacy interrelationship scheme figure 3.1, 33, 54–55, 64 See also Governance factors No. 7 Decision-making-Quality of Board, CEO and Management Decision-making shareholder-primacy interrelationship scheme figure 3.1, 33, 54–55, 64 See also Governance factors No. 8 Responsibility-Delineation and Disclosure of Powers, Duties and Lines of Responsibility shareholder-primacy interrelationship scheme figure 3.1, 33, 34, 54–55, 64 See also Governance factors Non-executive directors (NEDs) APRA Prudential Standard CPS 510 Governance 510Compose, 451, 818, 819 ASX diversity policy 2019ASXDiversity, 21, 126, 492, 493, 769 board composition, independence proportion and representation, 818 Board Risk Committee (BRC) Independence [BRCIndFreq] (+)-Board Risk Committee-Independence in combination with Frequency of Meeting-Enhancement in Risk Management and Internal Monitoring, 941, 1131 [BRCIndInfo] (-)-Board Risk Committee-­Independence-­ Information Flow and Decision Quality ‘Trade-off, 940, 1131

1355 [BRCIndMon] (+)-Board Risk Committee-Independence-­ Enhancement in Monitoring Effect, 940, 1131 [BrdIndMon] (+)-Board Independent Director: Executive Director Proportion-Monitoring Effect, 7, 57, 116, 171, 517, 775, 782, 807, 814, 821, 940, 1065, 1086, 1100, 1282 changing board culture and ‘tone at the top’ variables CultNED, 832 codes of conduct and ethics CodesNED (–), 829 conflicts of interest policy [CodesNEDConflicts*] (+), 831 Culture, 737, 822, 825 deficiency [NEDBankSecurznInfo] (-)-Banks-­ Non-­Executive Directors-­ Deficiency in Knowledge of Securitization Process of Bank Financial Products-Reduction in Decision-making Quality, 337, 777, 778, 932, 1009, 1011, 1122 [NEDBankWorksInfo] (-)-Banks-­ Non-­Executive Directors-­ Deficiency in Knowledge of Internal Workings of Banks-­ Reduction in Decision-making Quality, 777, 778, 932, 1009, 1011, 1122 diversity EC Green Paper 2010, 337, 338, 767 EC Second Green Paper 2011, 337, 338, 766, 767 effect, 828 existing governance variables based on independence ingredient [AudIndInfo] (-)-Audit Committee-­ Independence-­Information Flow and Decision Quality ‘Trade-off, 200, 775, 814, 821, 939, 968 [AudIndMon] (+)-Audit Committee-­ Independence-­Monitoring Effect, 200, 517, 775, 814, 821, 939, 940, 969 [BrdIndInfo] (-)-Board Independent Director: Executive Director Proportion-Information Flow and Decision Quality ‘Trade-off, 7, 42, 57, 65, 116, 138, 170, 200, 336, 775, 814, 821, 940, 1282

1356 Non-executive directors (NEDs)  (cont.) [BrdIndMon] (+)-Board Independent Director: Executive Director Proportion-Monitoring Effect, 7, 57, 61, 65, 108, 116, 171, 517, 745–746, 755, 772, 773, 775, 782, 784, 798, 802, 807, 814, 818, 821, 940, 946, 1100, 1282 [OutBrdPos] (-)-Outside Board Positions of Independent Directors, 351, 775, 814, 821, 940, 950 expertise banking industry specific knowledge, skills/competencies and professional qualities, 782, 934 deficiencies in bank-specific knowledge or expertise, 777–779 deficiencies in knowledge of securitization process, 777 development, training and support of NEDs and NED mentoring by senior executives, 737, 941–943 financial industry expertise and independence trade-off, 937–938 inadequate risk management and internal controls, 109, 933–935, 1027, 1122 lack of financial expertise predictive of bank failure, 932, 933 senior independent director, 943–944 governance variables recommended by OECD [NEDBankSkillsMon] (+) variable-­ banks-­non-executive directors-­ policies and standards on bank-specific competencies, skills and professional qualities-­ enhancement of monitoring and skills effect, 782, 934 [NEDFit&ProperTest] (+) variable-­ banks-­non-executive directors-­ supervisory authority policies and standards on ‘fit and proper person’ test-enhancement of monitoring and skills effects, 783 greater challenge, debate and testing bank-specific competencies, skills and professional qualities, 822 challenge and testing variables for strategy and risk issues, 822 existing variables for NED oversight, monitoring and evaluation, 821 independence

Index banking industry knowledge and competence, 777 independence test APRA Prudential Standard CPS 510 Governance, 772, 1129 OECD findings on independence and competence, 779–783 interim variables for board diversity, 767–770 key/core variable [BrdIndMon] (+)-Board Independent Director: Executive Director Proportion-Monitoring Effect, 7, 42, 57, 61, 65, 108, 116, 517, 535, 736, 745–746, 755, 772, 773, 782, 784, 798, 800, 802, 807, 814, 818, 821, 940, 1065, 1086, 1100, 1282 mix of financial and non-financial industry knowledge for effective challenge board selection process, 936 composition of board and relevant expertise, 936 determining the balance for effective challenge, testing and debate, 935 NED variables for diversity NEDDiv, 19, 124 NED variables for gender diversity [NEDDivGender*] (+), 337, 768 number and time commitment of NEDs for audit, remuneration and risk committees number and time commitment for compensation/remuneration and risk committees-relational effect paths, 940 Non-financial risks APRA’s improvements for non-financial risks, 19, 124, 709–712 See also Committees; FSRC Final Report; Non-financial risks in Risks; Risks; Westpac Reassessment; Westpac Review Team Notification APRA RMF 220RMF, 20, 125, 443–446 APRA Prudential Standard CPS 220 Risk Management, 1024–1025 material risks, 1258–1259 review of the risk management function, 1259–1260 BEAR, 17, 122 obligations, 17, 58, 122, 155–157, 688, 700–703

Index risk management declaration and notification requirements, 1260–1261 Risk Management Framework (RMF), 445, 1260 risks, 1260 See also BEAR; Risks O Objectives Axis No. 1 monitoring, 31 owners, 31 performance assessment and reporting, 31, 32 profit-maximising, 32 Three Relational Axes of Good Governance, 31, 32 value enhancement, 32 Obligations accountability, 17, 99, 122, 146–149, 688, 692–695, 697–699, 703, 706 ADI, 17, 146–148, 153, 689–692, 694, 703, 708 ASX continuous disclosure, 1012 BEAR, 17, 99, 106, 122 incentives BEAR, 17, 99, 122, 146–149, 154–157, 688, 692–698, 701, 703, 706, 708 key personnel, 17, 122, 154, 155, 168, 695, 696 notification, 17, 58, 122, 155–157, 688, 700–703 OECD bank-specific OECD findings on independence and competence, 779–783 board governance variables recommended by OECD, 782, 783 independence, 78, 776, 777, 781, 783, 806, 813, 814, 939, 953 [NEDBankSkillsMon] (+) variable-­ banks-­non-executive directors-­ policies and standards on bank-specific competencies, skills and professional qualities-­ enhancement of monitoring and skills effect, 782 [NEDFit&ProperTest] (+) variable-­ banks-­non-executive directors-­ supervisory authority policies and

1357 standards on ‘fit and proper person’ test-enhancement of monitoring and skills effects, 783 OECD findings on independence and competence, 744, 779–783 Grant Kirkpatrick, author for, xi, vii, 9, 74, 118, 559, 643, 799, 933, 1015, 1030, 1155, 1194, 1293 incentives CC, 17, 122, 456, 540, 547, 864 OECD 2010 Conclusions and Practices, xi, 10, 118, 140, 161, 162, 190, 200, 336, 337, 525, 531, 558, 589, 590, 598, 650, 780–782, 939, 947, 948, 950, 958, 1008, 1162, 1201 OECD Key Findings 2009, xi, 4, 9, 35, 62, 79, 118, 183, 192–194, 199, 225, 337, 339, 525, 529–531, 536, 537, 555–557, 560, 571, 574, 587, 597, 598, 600, 603, 649, 650, 655, 779, 780, 783, 947, 979, 1030–1034, 1037–1040, 1043, 1046, 1058, 1079, 1118, 1146, 1193, 1210 non-executive directors governance variables recommended by OECD, 782 OECD findings on independence and competence, 744, 779–783 steering group, xi, vii, 4, 9, 10, 35, 74, 78, 79, 118, 529, 531, 559, 643, 650, 799, 780, 933, 939, 947, 958, 1008, 1015, 1030, 1155, 1162, 1193, 1194, 1201 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications Off-balance sheet entities, see Complexity; Risks Operating performance, see Proxies Operational APRA, 19, 110, 547, 600, 714, 717, 762, 861, 967, 973, 978, 993, 996–1002, 1035, 1073, 1146, 1176, 1183–1253, 1259 board, 19, 28, 34, 42, 57, 78, 108, 123, 124, 691, 778, 853, 854, 868, 963, 969, 993, 997–1002, 1007, 1035, 1047, 1049, 1061, 1126, 1129, 1131, 1142, 1147, 1173 legal risk, 15 NFRMan

1358 Operational (cont.) APRA’s Non-Financial Risk Management-­Failings in Non-­ Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks, 19, 124 NFRWeak APRA’s Non-Financial Risk Management-­Failings in Non-­ Financial Risk Management of Operational, Compliance and Conduct Risk Frameworks, 19, 24 parts, 16, 26–36 Risk Management Framework (RMF), 20, 110, 125, 252, 259, 262, 276, 330, 332, 434, 442–446, 468, 481, 554, 619, 669, 715, 727, 728, 750, 785, 888, 930, 973, 975, 1025, 1026, 1028, 1036, 1106, 1127, 1128, 1139, 1143, 1155, 1194, 1255–1260, 1263–1286 risks APRA failings in operational and compliance risk policies, frameworks and management, 1183 APRA’s improvements in non-financial risk management (NFRMan), 998–1002 failure, of, 673, 1029 Management function or Second Line, 110, 125, 333, 334, 431–435, 490, 491, 600, 1028, 1211, 1212, 1269–1273, 1276–1281 non-financial risk, 19, 124, 344–348, 999–1002 operational risk, 13, 15, 19, 110, 123, 163, 307–310, 312, 327–329, 333, 334, 342, 364, 381, 417, 423, 424, 437, 668, 738, 742, 748, 761, 763, 857, 859, 874, 877–880, 883, 914, 916, 998, 1007, 1045, 1047–1049, 1135, 1179, 1184, 1185, 1188, 1191, 1219, 1230, 1259, 1265, 1269–1272, 1276 risk identification variables, 1175 Second Line of Defence, 1172, 1174, 1205, 1212 ‘Outsiders’ insiders, distinguished from, 30–32, 116, 538, 656 Three Relational Axes of Good Governance Positional Conflict Axis No. 3, 26, 31, 32, 89

Index Ownership structure [BankSizeRisk] (-)-banks-increases in bank size-effects of risk-taking, 810 controlling shareholder [BankControlRisk] (-)-banks-level of owner-control (high)-effects of risk-taking, 810 predictive of greater risk and bailout, 810–811 Country-level governance La Porta, et al, 815 [NationGov*] (+) variable-National Governance/Shareholder Protection Regime, 653, 816 Effect on risk-taking (see Incentives) governance structure and government bail-out [BankConnect] (-)-Banks-Level of Interconnectedness of Banks (High)-Effects of Risk-taking, 808, 809 [BankControlRisk] (-)-banks-level of owner-control (high)-effects of risk-taking, 810 [BankDebtTransRisk] (-)-Banks-­ Maturity Transformation of Bank Debt--Effects of risk-taking, 808 [BankHighLevRisk] (-)-banks-level of leverage (high)-effects of risk-­ taking, 806–808 Bank size and leverage related to probability of bailout, 806 [BankLiqRisk] (-)-Banks-Continuous Liquidity Requirement-Effects of Risk-taking, 808 [BankSizeRisk] (-)-banks-increases in bank size-effects of risk-taking, 810 [BankSystRisk] (-)-banks-level of systemic risk-effects of risk-­ taking, 809 controlling shareholder, 810 interconnectedness of banks, 808, 809 ‘maturity transformation’ of bank debt and a continuous supply of liquidity, 808 predictive of greater risk and bailout, 810 size, 806, 810, 813 strategic, 12, 736, 739, 744, 751, 1035, 1087, 1115 systemic risk, 809 independent boards with high institutional ownership

Index [BankInstitRisk*] (-)-banks-­ institutional ownership (high)effects of risk-taking, 815 existing board independence variables, 814 performed worse in the GFC, 644 interconnectedness of banks [BankConnect] (-)-Banks-Level of Interconnectedness of Banks (High)-Effects of Risk-taking, 808, 809 ‘maturity transformation’ of bank debt and a continuous supply of liquidity [BankDebtTransRisk] (-)-Banks-­ Maturity Transformation of Bank Debt--Effects of risk-taking, 808 [BankLiqRisk] (-)-Banks-Continuous Liquidity Requirement-Effects of Risk-taking, 808 Relationship between stronger governance, Market Valuation and Performance [BankGovPerform] (+) variable-­ banks-­level of bank governance (high)-effects of risk-taking on firm performance (non-crisis periods), 812 [BankGovValue] (+) variable-banks-­ level of bank governance (high)effects of risk-taking on firm value (non-crisis periods), 812 P Positional Conflict Axis No. 3 board, 31, 32 CEO, 32 employees, 32 executives, 31 external stakeholders, 32 insiders, 30–32 internal stakeholders, 32, 89 investors, 31 lenders, 32 management, 32 outsiders, 30 regulators, 32 shareholders, 32 social interests, 32 stakeholders, 31, 32 suppliers, 32 Three Relational Axes of Good Governance, 32, 89 Positive governance variables, see Bank Combined Coverage and Relational

1359 Proximity Table 10.2; Direction; Governance variables; Relational proximity rating Prediction effect of governance variables on governance variables, 67 See also Hypothesised Priorities, see APRA Final Report; Board; Culture; FSRC Final Report; FSRCPriority; NAB; NAB Self-Assessment 2018; Westpac Review Team2018 Profit centres risks management, 35, 230, 1024, 1031, 1043 separate risk management from control from profit centres, 230, 1024, 1043 Proxies earnings manipulation or ‘management, 39, 67, 97 firm cost of capital, 5, 67 firm operating performance/profit, v, 5, 67, 97 firm value/share price, v, 5, 67, 97 Shareholder Wealth-maximisation Principle, 97 Prudential Inquiry APRA Final Report, ix, 5, 6, 119, 512, 526, 679, 751, 758, 862, 1026, 1066, 1106, 1157, 1176, 1249 Commonwealth Bank of Australia, ix, 5, 6, 119, 512, 526, 679, 751, 758, 862, 978, 1026, 1066, 1106, 1146, 1157, 1176, 1249 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications Prudential regulation prudential regulation, necessity for [BankPrudReg] (+), 91 See also Distinguishing features, Risk Prudential Standards APRA Prudential Standard CPS 520 Fit and Proper, viii, 12, 120, 783 Prudential Standard CPS 510 Governance, ix, viii, 6, 11, 107, 120, 121, 546, 676, 714, 726, 741, 747, 772, 783, 818, 957, 972, 978, 1024, 1125, 1128, 1170, 1173, 1256

1360 Prudential Standards  (cont.) Prudential Standard CPS 220 Risk Management, vi, 11, 109, 120, 1024, 1029, 1081, 1093, 1256 Revised Draft Prudential Standard CPS 511 Remuneration, 546, 713–731 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications Punishment, of directors, CEO and management governance variables functions, 591, 963 Q Quarterly results, see Incentives; Shareholder primacy; Shareholders Quick-Reference Guide, 22, 30, 32, 51, 63–67 R RAS Risk Appetite Statement (RAS), 8, 19, 20, 109, 110, 124–126, 164, 250, 352–356, 377, 440, 443, 475–478, 602, 631, 669, 743, 744, 832, 1025, 1026, 1029, 1030, 1035, 1064–1096, 1097, 1138, 1176, 1186, 1257, 1263 Rating non-executive directors [NEDRatingsInfo] (-), 799, 800, 1121 rating securitised products for NEDs, 108, 736, 796 variables based on credit ratings of securitised products, 799–801 ratings agencies, 77, 79, 80, 219, 339, 799, 800, 1121 relational proximity rating, 8, 26, 37, 55, 67, 104, 116, 957, 1026 risks [EDRatingsGrade] (-), 800, 801 [NEDRatingsInfo] (-), 799, 800 rating securitised products, 108, 736, 796 variables based on credit ratings of securitised products, 799–801 See also Risks; Securitised mortgage products; Securitised products Ratings agencies excessive reliance, on, 77, 80

Index modelling [EDRiskModelPrice] (-), 798–802 failures in risk modelling of securitised products, 795–803 [NEDRiskModelInfo] (-), 797, 798 rating securitised products [EDRatingsGrade] (-), 800, 801 [NEDRatingsInfo] (-), 800–802 variables based on credit ratings of securitised products, 799–801 Reliance on ratings agencies Risk management (see Risks) Risk Modelling (see Risks) Risks (see Risks) reliance on ratings agencies reporting, 77, 80 Real-time Escalation of risks (see Escalation) information on risks, 35, 1031 risks escalation of risks, 110, 841, 1173, 1208, 1209 information on risks, 35, 1031 real-time, 35, 1031 See also Risks Reasonable steps, see BEAR Recurring theme, see Governance factors RedAud red audit reports, 19, 124, 356, 357, 978–980 Regulation regulatory reports, ix risk, 518 sanctions, 15 self-regulatory rules encouraged excessive leverage, 80 Regulation accounting and disclosure standards and regulatory rules, 77 leverage, 77, 80, 85, 86, 90, 92 measurement of economic profit and loss, 77 National Shareholder Protection Regime [NationGov*] (+) variable-National Governance/Shareholder Protection Regime, 653, 816 prudential regulation, necessity for [BankPrudReg] (+)91–93 Regulators APRA, 1172, 1231 ASIC, 12 ASX, 12 government, 9, 57, 66, 104

Index Three Relational Axes of Good Governance Positional Conflict Axis No. 3, 31 Relational Corporate Governance Approach and Model Overview of Stage 2, 103 relational effect path, 40 relational proximity rating, 126, 127 Shareholder-Primacy Interrelationship Scheme Figure 3.1, 38–40 Stage 2, 7–9, 115–507 Relational effect path Bank Combined Coverage and Relational Proximity Table 10.2, 22, 126–507 [BrdIndMon] (+) Board Independent Director: Executive Director Proportion-Monitoring Effect variable, review of, 7, 57, 61, 65, 116, 517, 775, 814, 821, 940, 1282 [BrdSkills] (+) Board-Skills Mix variable, review off, 47 comparator variable, 45–48 Key/Core variables from Stage 1 [AudCom] (+)-Audit Committee-­ Presence, Operation and Frequency, 7, 57, 65, 116, 968, 1281 [BrdIndInfo] (-)-Board Independent Director: Executive Director Proportion-Information Flow and Decision Quality ‘Trade-off,’ 7, 57, 65, 116, 775, 814, 821, 939, 1282 [BrdIndMon] (+)-Board Independent Director: Executive Director Proportion-Monitoring Effect, 7, 57, 61, 65, 116, 517, 775, 814, 821, 940, 1282 [BrdSkills] (+)-Board-Director Skills ‘Mix, 7, 57, 60, 65, 117, 1282 [EqOptIncent] (+)-Equity/Option Plans and Holdings of Directors/ Executives-Incentive/’Alignment’ Effect (excludes short-term options), 8, 57, 61, 65, 117, 517, 588, 1282 [TransTimeMon] (+)-Transparency and Timing of Reporting-­ Monitoring Effect, 8, 48, 49, 57, 62, 65, 117, 1282 Revised Stage 1 Combined Coverage and Relational Proximity Table 3.1, 29, 44 Shareholder-Primacy Interrelationship Scheme Figure 3.1, 38, 39 spine, 45–48

1361 [TransTimeMon] (+) Transparency and Timing of Reporting-Monitoring Effect variable, review of, 8, 48, 49, 57, 62, 65, 117, 1282 Relational proximity rating Bank Combined Coverage and Relational Proximity Table 10.2, 22, 126 calculation for, 565 coverage, and, 8, 41–44, 116, 126, 127 dual-directional (+/-), vi, 66, 67 Negative (-), 67 Positive (+), vi, 67, 539, 577, 651, 865, 873, 875, 881, 984, 1035, 1227 relative measure or strength, 45 Revised Stage 1 Combined Coverage and Relational Proximity Table 3.1, 29, 44 rprox, vi, 30, 39, 45, 67, 125 target or hypothesised coverage/rating, 8, 22, 33, 51, 53, 56, 58–60, 64, 67, 104, 115, 116, 126, 127 Remed remediation of risk APRA commentary on remediation attributes, 1249 APRA variables, 21, 125, 718, 719, 721–725 risks accountability, 19, 124, 339–342, 688–712, 1272 additional successful remediation recommendations, 1252 APRA commentary on remediation attributes, 1249 APRA variables, 21, 125, 718, 719, 721–725 ‘CORE’ Remediation Program, 1028, 1281–1286 culture, 89, 109, 579, 1063–1094 from customers, 620 escalate problems or ‘red flags,’ 18, 19, 62, 123, 124, 979, 1023, 1038, 1046, 1058, 1078, 1146, 1175, 1210 governance, 89, 134, 141, 383, 832, 833, 880, 976, 978, 989, 1064, 1068, 1082, 1105, 1106, 1115, 1155, 1159, 1160, 1174, 1178, 1247, 1264, 1265 Management function or Second Line, viii, 20, 125, 333, 334, 431–435, 490, 491, 600, 1028, 1173, 1193, 1204, 1211, 1212, 1269–1273, 1276–1281

1362 Remed (cont.) remediation, 19, 124, 358–360, 1250–1253 Second Line of Defence, 110, 1027, 1028, 1106, 1156, 1172–117, 1177, 1180–1181, 1183, 1185, 1187, 1189, 1191, 1194, 1205, 1212, 1238, 1239 from staff, 1213 success factors for remediation, 1250 Westpac Reassessment, 12, 14, 21, 22, 108–111, 121, 126, 826, 863–891, 925, 1028, 1105, 1115, 1181, 1275–1286 Remuneration, see Compensation; Equity/ Option holdings and plans; Incentives Re-naming, see Governance factors; No. 5 Risk Management, Monitoring & Audit; Risk Management, Monitoring & Audit Factor No. 5 Reporting APRA Final Report board failings, 761–762 reporting to the board, 762–763 board challenge, debate and testing, 108, 737, 825, 826, 832, 1064 enhancing RISKCO reporting, 884 functioning of Westpac RISKCO, 882 gaps in reporting and metrics, 139, 751, 758, 761, 820 NAB Reporting to the board, 18, 123, 865–870 reporting, 833, 865 Senior Leadership Oversight, 108, 873–881 committees audit committee, 980–983 Audit Committee reporting from Group Audit, 982–983 Board Risk Committee (BRC), 17–19, 21, 89, 110, 122–126, 157–165, 183, 189, 195, 226, 266, 398–400, 449, 452, 472, 473, 480, 481, 527, 528, 532, 537, 550, 579, 582, 583, 593, 594, 601, 661, 662, 721, 742, 755, 766, 864, 865, 938, 940, 941, 983, 1019, 1027, 1043, 1102, 1125–1151, 1155–1261 enhancing RISKCO reporting, 884 Functioning of Executive Team and RISKCO, 881–886

Index ‘red’ audit report failings in audit committee practice, 978 reporting to the board, 18, 19, 108, 123, 124, 131, 166, 271, 272, 275, 276, 401, 762–763, 866–867, 869, 870, 884, 928, 1088, 1091, 1149–1151, 1156, 1222–1224, 1248 reporting weaknesses, 980 RISKCO, 884 shortcomings in operation, 978–982 technology committee, 865 complexity principles, 1006, 1016 transparency and disclosure, 1015–1017 compliance compliance breach assessment and reporting, 19, 123, 150, 322, 323, 1049 failures, 311, 878 issue, 308, 401, 422, 856, 870, 879 reporting to the board, 19, 124, 1223, 1224 culture, 302 disclosure and transparency structured products, 109, 737, 1012–1017 escalation of information or ‘red flags,’ 1173, 1210, 1211 Factor No. 1 (see Governance factors) failures and failings, 77, 761–763 incentives, 513, 520–522 Key/Core variable [TransTimeMon] (+)-Transparency and Timing of Reporting-­ Monitoring Effect, 8, 48, 49, 57, 62, 65, 117, 1282 lines, 16, 160, 173, 176, 202, 447, 448, 702, 780, 880, 1027, 1155, 1157, 1209, 1210, 1268 management, 23, 1058, 1059, 1092, 1271 monitoring, 237, 840, 1025, 1036, 1258 NAB Self-Assessment 2018, 539, 554 opaque corporate reporting, 80 quarterly, 100, 1123 risks APRA’s improvements in non-financial risk management (NFRMan), 998–1002 communication, 110, 1099, 1172, 1201–1209, 1212 data management, measuring and reporting, 995, 1102, 1237

Index escalate problems or ‘red flags,’ 1173, 1210, 1211 Management function or Second Line, viii, 20, 125, 333, 334, 431–435, 490, 491, 600, 1028, 1173, 1193, 1204, 1211, 1212, 1269–1273, 1276–1281 non-financial risk, 19, 124, 344–348, 999–1002 Reporting Lines of the CRO, 1154, 1157, 1173, 1209, 1210 Risk Management Framework (RMF), 20, 110, 125, 252, 259, 262, 276, 330, 332, 434, 442–446, 468, 481, 554, 619, 669, 715, 727, 728, 750, 785, 888, 930, 973, 975, 1025, 1026, 1028, 1036, 1106, 1127, 1128, 1139, 1143, 1155, 1194, 1255–1260, 1263–1286 Risk reporting of Second Line, 1193 Second Line of Defence, 110, 1027, 1028, 1106, 1156, 1172–1194, 1205, 1212, 1238, 1239 Shareholder-Primacy Interrelationship Scheme Figure 3.1, 38–40 Three Lines of Defence Model NAB Risk Management Framework (RMF), 1264 NAB RMF, 259, 888 NAB Second Line risk management and risk reporting, 110 transparency and timing failures in, 803, 1017, 1018 monitoring effect, 8, 44, 48–50, 57, 62, 65, 117, 392, 556, 571, 607, 689, 693, 695, 701, 706, 708, 709, 1018, 1033–1035, 1058, 1067, 1120, 1187, 1189, 1199, 1202, 1203, 1210, 1243, 1282 Reputation, see Risks Responsibility accountability blurred, 13, 208, 505, 1073, 1183 See also Accountability factor No. 8 (see Governance factors) roles, and, 13, 91, 129, 130, 197, 202, 246, 249, 250, 277–279, 332, 344, 371, 383, 385, 401, 402, 434, 448, 480–484, 488, 491–494, 496, 500, 505, 541, 589, 618–620, 635, 638, 669, 738–741, 748, 769, 770, 833, 836, 961, 970–973, 976, 984, 990, 996, 999, 1082, 1098–1100, 1107,

1363 1111, 1112, 1127, 1133, 1154, 1157, 1159, 1173, 1179–1181, 1243, 1244, 1267, 1279, 1284 Shareholder-Primacy Interrelationship Scheme Figure 3.1, 38, 39 Risks activity or business unit based rather than across entire organisation, 77 assessment, 34, 163, 164, 216, 217, 580, 712, 796, 1052, 1064, 1065, 1095, 1201, 1202, 1236, 1271 Board Risk Committee (BRC) (see Committees) CFO (Chief Risk Officer (CFO)) classes, 15–16, 398, 399, 880, 1102 Committee (see Committees) communication at board level reporting to shareholders and external market/stakeholders, 1173, 1207 at customer level, 1173, 1204 disclosure, 110, 1201–1203 escalation, 110, 670, 841, 1172, 1203 at First Line of defence business unit level, 1173, 1204 identification, 110, 670, 841, 1172, 1190, 1202, 1203 principles, 110, 1202, 1212 principles for identification, escalation/ communication and disclosure of risk, 110, 1202–1208 at Second Line risk management function level, 433, 1173, 1212, 1281 at whistleblower level, 1173, 1207 communication Escalation upwards through ‘red flags (see Risk Management Failings (below)) Compensation (see Incentives) complex and opaque bank structures off-balance sheet entities, 84, 108, 142, 391 complex and opaque bank structures See also Complexity control, 153, 232, 233, 505, 599, 689, 691 controlling shareholder predictive of greater risk and bailout, 810, 811 controlling shareholder [BankControlRisk] (-)–banks–level of owner-control (high)–effects of risk-taking, 810, 811

1364 Risks (cont.) counterparty, 86, 158, 353, 797, 808, 1007, 1083, 1086, 1121, 1134, 1138 country-level governance, [NationGov*] (+) variable–National Governance/ Shareholder Protection Regime La Porta, R., et al, 815 culture (see Culture) deposit insurance, effect of, 87, 92, 513, 518–519, 522, 523, 653–655 environmental and social risks ASX, 110, 1272 escalation upwards (see Communication/ escalation above) expertise deficiencies in bank-specific knowledge or expertise, 108 deficiencies in knowledge of securitised products, 108, 736, 795, 796, 800 resulting in inadequate risk management and internal controls, 78, 79, 109, 737, 933–935, 972, 1027, 1105, 1122, 1162 exposures, 35, 62, 87, 158, 182, 247, 609, 1011, 1019, 1088, 1089, 1098, 1109, 1132, 1136, 1168, 1175, 1197, 1199, 1201, 1270 foreseeable risks, 77 free-riding, effect of, 87, 88, 92 FSB effective Risk Appetite Framework, vii, x, 10, 17, 110, 122, 1095–1103 principles for an Effective Risk Appetite Framework (FSBRAF), vii, x, 10, 17, 117, 119, 122, 249, 250, 1095–1100 risk Appetite Statement (RAS), 250, 602, 669, 832, 1096–1097 risk Limits, 244, 250, 835, 1096–1099 roles and Responsibilities for an effective RAF, 1098–1101 FSB See also FSBRAF government bailout, effect of [BankGovBail] (-), 92, 519, 522, 655 high risk strategies and (improper) delegation of oversight, 110, 1027, 1117–1119 identification, 13, 23, 36, 77, 79, 347, 504, 1000, 1027, 1098, 1172, 1175, 1200–1201, 1267, 1284 ignorance of Board, 1030 inadequate oversight, risk management and complexity of financial products

Index governance variables for complexity of financial products, 1121–1123 inadequate risk management and internal controls, 109, 737, 931–933, 1027, 1122 risk modelling deficiency variables, 1121 inadequate oversight, risk management and complexity of financial products bank-specific variables exhibiting deficiency in banking industry knowledge and competence, 777, 1122 inadequate oversight, risk management and complexity of financial products complex and opaque nature of securitised/financial products, 1123 inadequate oversight, risk management and complexity of financial products credit rating deficiency variables, 1121 inadequate oversight, risk management and complexity of financial productsfailure of information flow on risks in CDOs and other financial products, 1023, 1024, 1039, 1123 incentives encouraging excessive/high risk, 78, 110, 375, 654, 1027, 1117–1119 independent boards with high institutional ownership [BankInstitRisk*] (-)–banks– institutional ownership (high)– effects of risk-taking, 143, 815 existing board independence variables, 814 performed worse in the GFC, 779, 813 ‘Inside debt’ compensation (see Incentives) interconnectedness of banks [BankConnect] (-)-Banks–Level of Interconnectedness of Banks (High)–Effects of risk-taking, 93, 808–809 internal controls, 34, 77–79, 109–111, 389, 521, 672, 737, 972, 976, 1027, 1078, 1080, 1115, 1122–1123, 1162, 1200–1201, 1212 issue identification, escalation and resolution (see Failures and failings) leverage [BankHiddenLev] (-), 802, 1197 [BankHighLevRisk] (-), 93, 140, 141, 143, 145, 146, 806–811, 815 excess of, 77, 79, 80, 656

Index factors contributing to short-term emphasis and acceptance of increased leverage, 1027 ‘Hidden leverage,’ 142, 736, 802 high, 86, 806, 808 [TransTimeHideLev] (-), 1197 leverage APRA’s Prudential Standard CPS 220 Risk Management (see APRA) liquidity [BankLiqRisk] (-), 93, 808 continuous access or requirement, 86, 808 cut-off/shortness of, 86, 808 management, 1154, 1157, 1209, 1210 additional requirements on Head of a Group, 1036–1037 align corporate strategy, risk appetite and the internal risk management structure, 35, 225, 1024, 1031, 1042, 1120 approach to modelling governance variables, 1033–1034 APRA, 1024 APRA issue identification, escalation and resolution, 1213 APRA Prudential Standard CPS 220 Risk Management, 1024 APRA requirements, 1081 APRA RMF, 20, 110, 125, 1256–1261 ASIC Governance Taskforce 2019 on the RAS, 1057–1062 for the Board, 738, 1222, 1223, 1225, 1226 board attention to long-standing issues, 1215 board responsibilities, 109, 1029–1032 board responsibilities and failings of board oversight in risk management, 1029–1032 Chief Risk Officer (CRO), 35, 202, 203, 1024, 1031, 1043, 1130, 1131, 1133, 1155, 1157, 1158, 1209 clear lines of accountability/ responsibility, 56, 128–130, 226, 230, 979–982, 1030, 1037, 1039–1041, 1043, 1047, 1079, 1108, 1118, 1146, 1176, 1241, 1243–1245 continuously review internal structure of bank, 1040 customer complaint reporting, 417, 1224, 1228, 1229

1365 customer complaints, 123, 125, 166–169, 179, 206, 213, 214, 271, 295, 324, 325, 400, 401, 417, 418, 505, 866, 884, 905, 1051, 1056, 1204, 1222–1230, 1285 from Customers, 169, 271, 295–297, 300, 808, 866, 895, 905, 906, 908, 1222 deficiencies in the flow of information upward through the bank to senior management and to the board, 1038, 1046, 1210 deficiency in information flow from management to the risk manger, 979, 981, 982, 990, 992, 993, 996, 998, 1002, 1079, 1147, 1176 developing a risk appetite is a responsibility of the board, 1080–1081 devote sufficient management time to management of risks, 227, 1024, 1042 effective Risk Appetite Framework, 10, 17, 110, 119, 122, 1027, 1095–, vii, x escalate information rapidly upward in the bank, 1041–1042 escalate problems or ‘red flags,’ 18, 19, 62, 123, 124, 184, 226, 228, 325, 327, 381–383, 389, 390, 979, 981, 982, 989, 992, 993, 995, 997, 998, 1002, 1030, 1038, 1046, 1047, 1078–1080, 1146, 1176, 1207, 1210–1212 escalation of customer complaints, 1230 excessive focus on short-term, aggregate view of customer satisfaction, 1222 for the Executive Committee, 1223, 1224 expertise or experience of risk management employees in entire range of risks, 1024, 1041 failings, 6, 19, 35, 79, 109, 124, 215, 218, 291–294, 331, 333, 334, 342–350, 435, 506, 752, 761–762, 902–904, 996–1004, 1023–1044, 1079, 1182, 1203, 1256, 1264, 1267–1272, 1276 failings of board oversight in risk management, internal monitoring and decision-quality, 1029–1034

1366 Risks (cont.) as failure in Board’s oversight of risk management, 1210 failure in transparency and understandability of material risk factors ranked in order of importance, 1044 failure of CRO to report directly to the Board and Board Risk Committee (BRC) in addition to CEO, 226, 1024, 1043 failure to understand and compare bank‘s risk position relative to risk appetite, 230, 1040 flow of information about risks, 1040 FSB Principles for an Effective Risk Appetite Framework (RAF), vii, 10, 17, 119, 122, 1096 FSRC Final Report, 677, 680, 847, 849 GFC, 35, 36, 79, 109 governance variables, 89, 134, 242, 343, 832, 833, 880, 976, 978, 989, 1064, 1068, 1082, 1106, 1115, 1155, 1159, 1178, 1264, 1265 governance variables for board responsibilities in CPS 220 Risk Management, 1035–1034 government and market participant reports on the RAS, 512, 532, 1193 identification of systemic customer complaints, 1228 identification of vulnerable customers, 419, 1230 identify risks on organisation-wide basis rather than by business unit or activity, 1037 information flow due to conducting stress tests with past information, 230, 1039 information flow on identifying risks, 1038 information flow on leverage and risks, 227, 1038, 1118 information flow on risks in CDOs and other financial products, 1027, 1039, 1123 information flow to senior management due to ‘silo structures,’ 227, 1039 issue escalation, 160, 424, 1148, 1219 issue identification, 424, 425, 427, 1025, 1213, 1217, 1218 issue resolution and closure, 397, 399, 400, 425, 426, 1141, 1220, 1221

Index issues and incidents identified by Westpac employees, 1217 issues escalated from regulators, 1231, 1232 issues identified by whistleblowers, 20, 125, 438–440, 1233, 1234 key/core governance variable, 48 limited systemic issue identification across the bank, 1213 link between risk management and governance, 109, 1026, 1028–1029 material risk factors, 35, 1024, 1031, 1044 material risks, 35, 260, 262, 307, 332, 364, 378, 379, 420, 441, 443–446, 458, 473, 513, 526, 548, 575, 587, 609, 621, 672, 722–725, 788, 872, 876, 883, 887, 890, 974, 1007, 1016, 1024, 1025, 1030, 1035, 1036, 1044, 1059, 1082, 1093, 1097, 1098, 1141–1145, 1173, 1175, 1176, 1178, 1256–1258, 1261, 1264, 1265 monitor changes in risks in real time, 228, 1041–1042 NAB First Line risk and control ownership, 1266–1268 NABRiskMan, 19, 123, 330–334, 1264–1272 NAB RMF, 1028, 1264 NAB Second Line Compliance function, 1269 NAB Second Line Conduct Risk, 1270 NAB Second Line Operational Risk, 1271 NAB Second Line risk management and risk reporting, 1269–1273 over-reliance on regulatory capital ratios and rates of return on equity, 227, 1038, 1118 policies and procedures, 20, 125, 376, 442, 443, 974, 1057, 1063, 1082, 1093, 1094, 1183, 1195, 1257 practices, 79, 86, 209, 211, 532, 538, 751, 808, 1028, 1072, 1073, 1162, 1164, 1265, 1286 PRA requirements, 1081–1082 project execution capabilities, 352, 1216 from regulators and whistleblowers, 1231–1234 relationship with governance, 1082 remediation of audit issues, 1214

Index

1367 remediation of issues raised by staff, 1216 reporting/escalation of high-rated issues to RISKCO and BRC, 1219 review of the risk management function, 1259 risk appetite, 111 risk appetite statement (RAS), vii, 8, 19–21, 109, 124–126, 164, 250, 352–356, 377, 440, 443, 475–478, 602, 631, 669, 743, 744, 832, 1025, 1026, 1029, 1030, 1035, 1063–1094, 1096–1097, 1138, 1176, 1186, 1257, 1265 risk culture, 4, 51, 73, 89, 107, 119, 569, 617, 737, 758, 826, 894, 927, 993, 1024, 1064, 1096, 1159, 1174, 1267, 1282 risk limits, 178, 244, 250, 382, 383, 390, 743, 744, 826, 834, 835, 1078, 1080, 1082, 1084, 1096–1100, 1109, 1174, 1175, 1178, 1212, 1265 risk management declaration and notification requirements, 1260 risk management framework (RMF), 20, 110, 125, 175, 252, 259, 276, 330, 332, 434, 442–446, 468, 481, 554, 619, 664, 727, 728, 739, 742, 750, 785, 888, 930, 973, 975, 1025, 1028, 1036, 1106, 1127, 1128, 1139, 1142, 1155, 1194, 1256–1261, 1263–1286 risk management strategy (RMS), 20, 125, 259, 440, 446, 837, 1019, 1025, 1029, 1035, 1081–1092, 1130, 1139, 1142, 1257 risk management systems, 13, 77, 79, 145, 521, 787, 1029, 1032, 1078, 1115, 1120, 1216 risk model assumptions, 1040 220RMF, 20, 125, 443–446, 1256–1260 roles and responsibilities for an effective RAF, 1098–1101 separate risk management from control from profit centres, 230, 1024, 1043 separation and low status of risk managers, 227, 600, 1037 from Staff, 1213 Step 2–Second Line principles for communication of risk (above), 1212 Step 1–Second Line ‘red flag’ functions, 1211

systemic issue identification, 425, 1213, 1218 time, 35, 227, 1024, 1031, 1042 training employees responsible for distributing risk products, 1024, 1041 [TransTimeMon] (+) in the negative (-) direction, 128–138, 141, 142, 145, 166, 167, 169, 178–182, 196, 197, 202, 213, 215, 218, 225–231, 302, 307–314, 325–327, 331–334, 339–352, 356, 357, 362, 363, 374–376, 380–383, 389, 390, 400, 401, 418, 421, 424–426, 431, 433–437, 474, 475 upgrade IT tools for complex and opaque bank structures, 231, 1024, 1042 variables, 1026, 1118 weaknesses in remediating issues (generally), 1214 weak proactive identification and remediation of systemic customer issues, 1225 westpac monitoring of risk appetite, 165, 373, 383, 384, 398, 399, 750, 1099, 1101–1103, 1132, 1133, 1136, 1178, 1196, 1209 Westpac Review Team 2018, 1275–1286 management Prioritisation (see Board) management function/second Line accountability failings in AML-CTF compliance, 1244 APRA, 20, 110, 125 APRA failings in accountability and responsibility, 110, 1028, 1075, 1242, 1243, 1270 APRA failings in operational and compliance risk policies, frameworks and management, 1183 APRA requirements for second line risk management function, 1081–1082 authority, of, 365, 367, 600, 1155, 1187, 1240 bank compliance function, 1187 bank control environment, 1185 bcbs principle 9, 1238 common risk and control language, 437, 1190, 1191 complexity excuse used to diffuse accountability, 128, 1244

1368 Risks (cont.) compliance function, 110, 333, 364–368, 423, 447, 600, 833, 1114–1115, 1172, 1174, 1184, 1187, 1188, 1238–1240 conduct risk, 333, 431, 432, 1270, 1277, 1278 consequences of the federated organisational structure, 1243 controls, 32, 236, 606, 1119 ‘core’ remediation program, 1281–1286 divisional approaches to manage risk and compliance, 111, 1279–1281 divisional approaches to managing risk and compliance, 1280–1281 effectiveness of compliance function, 1240 embedding group-wide policies, 1280–1281 enterprise risk management (ERM) framework, 1027, 1193–1199 experience, of, 226, 758, 760, 951, 960, 1024, 1041 expertise, of, 373, 1100, 1187 failure, of, 35, 672, 1023, 1031, 1040 first Line accountability not consistently applied, 1245 frameworks, controls and standards, 1281 governance variables, viii, 979, 1078, 1115, 1126, 1132, 1194, 1196, 1239, 1240 governance variables for failings in accountability and responsibility, 1241, 1242 independence, 735–746 internal controls, 382, 1027, 1200–1201 introduction, 1193, 1201–1208 lack of accountability for risk systems, 1245 limited appetite to apply consequence management, 1244 line 2’s assurance responsibilities, 1184 management of conduct and reputation risks, 1277–1279 managing operational and compliance risks, 1183 monitoring variables, 1175, 1177, 1179, 1180 new, emerging and heightened risks, 1192

Index non-financial risk appetite, 506, 1182, 1276 operational and compliance risk metrics in the group ras, 377, 1176, 1186 operational and compliance risk policies and frameworks, 1183 other functions and responsibilities, 1174–1193 pillar 3–accountable and empowered people, 1285 pillar 2–clear risk boundaries for decision-making, 1284 pillar 1–direction and tone set by board and group executive, 1282–1283 powers, of, 480, 487, 541, 1127 process to regularly review, assess and test controls, 436, 1191–1192 recommendations for accountability, 1172, 1245 resources for risk management, 1199–1200 resourcing and capability of the operational risk and compliance functions, 1184 risk control, 153, 232, 505, 599, 689, 691, 1010, 1080, 1120, 1127, 1285 risk identification, 13, 23, 35, 77, 79, 347, 504, 1000, 1027, 1098, 1175, 1200–1201, 1267, 1284 risk identification variables, 1175 risk management and compliance, 110, 125, 333, 334, 431–435, 491, 1114–1115, 11269–1273, 1276–1281 risk metrics, 377, 1176, 1186 risk monitoring, 381, 383, 384, 1178, 1185 risk reporting of second line, 1193 Secline, 334, 437, 447 220SecLine, 20, 125, 446, 447, 1173, 1174 SecLineComply-prefix variables, 110, 1028 SecLineERM, 371–373, 1194–1196 second line of defence, 110, 1027, 1028, 1106, 1156, 1172, 1174–1193, 1205, 1212, 1239 shortcomings in ERM practice, 1196–1199 skills, capabilities and stature, 1180 status, of, 368, 1155, 1240 trust and over-consulting, 1243 unclear roles and responsibilities used to diffuse accountability, 1244

Index Wbcsecline, 20, 22, 125, 435–438, 505–507, 1180–1183, 1190–1192 westpac reassessment, 22, 110, 126, 1181, 1281–1286 westpac review team 2018, 110, 1172, 1276, 1278, 1279 westpac second line monitoring variables, 1180 westpac second line skills, capabilities and stature, 1180 management function/Second Line Compliance Factor No.2 (see Governance factors) material risk-takers (MRTs) (see Incentives) ‘maturity transformation’ of bank debt and a continuous supply of liquidity [BankDebtTransRisk] (-)-Banks-­ Maturity Transformation of Bank Debt--Effects of risk-taking, 808 [BankLiqRisk] (-)-Banks-Continuous Liquidity Requirement-Effects of Risk-taking, 808 modelling [EDRiskModelPrice] (-), 798–900, 1121, 1196 failures in risk modelling of securitised products, 795–803 [NEDRiskModelInfo] (-), 797, 798, 1121, 1196 monitoring metrics, 1002, 1164, 1165 strategy, 77, 79 moral hazard, 87, 105, 513, 518, 519, 522, 524, 576, 649, 1119 Non-financial risk Appetite, 111, 477, 478, 506, 1088, 1103, 1182, 1275, 1276 APRA Information Paper 2019, 709–711, 999–1004 non-financial risk APRA’s acknowledged weaknesses are already known, 1002–1004 APRA’s Improvements for non-­ financial risk accountabilities, 19, 124, 709–712 APRA’s improvements in non-financial risk management (NFRMan), 998–1002 blurring of responsibilities, 332, 1267 board and executive oversight of non-financial risk, 14, 863, 884 board and RISKCO, 863, 884

1369 complex systems and processes, 907, 1000 compliance risks, 15, 997, 998, 1088 conduct and reputation risks, 111 conduct risk management, 431, 432, 1270, 1277, 1278 conduct risks, 15, 19, 877, 880, 998–1000, 1276 data management, measuring and reporting, 995, 1102 ECmFail, 17, 122 failings in senior executive leadership, 995–998 fSRC Final Report recommendations and commentary, 861 gaps and control weaknesses, 347, 1000 Giving rise to Non-financial Risk Committee, 995 ineffective solutions, 1003 insufficient information and challenge, 1002, 1004 NFRAccFail, 19, 104, 709 NFRCmFail, 342, 343 NFRWeak, 19, 124, 1002 Non-financial Risk Committee, viii, 18, 19, 124, 342, 343, 350, 861, 995, 997, 998, 1004, 1188 operational risk, 15, 859, 874, 878, 879, 1276 organisational status and influence of risk and compliance functions, 999 reputational risk management, 1147 2020WBCNFR, 22, 126, 884–886 WBCRiskMan, 1276, 1280 westpac non-financial risk appetite, 1275 Westpac Reassessment, 884–886, 1275–1277 Westpac Review Team 2018, 15, 857, 867–870, 876–880, 884, 1275, 1286 off-balance sheet entities, 84, 108, 142, 391, 737, 802, 1015, 1106 operational risk, 13, 15, 19, 110, 123, 163, 307–310, 312, 327–329, 333, 334, 342, 364, 381, 417, 423, 424, 435, 437, 668, 742, 748, 761, 763, 857, 859, 874, 877–880, 883, 914, 916, 998, 1007, 1047–1049, 1135, 1179, 1184, 1185, 1188, 1191, 1230, 1259, 1265, 1271, 1272, 1276 oversight failures, 88, 90, 526 improper delegation of risk oversight, 110, 225, 1027, 1105, 1117–1119

1370 Risks (cont.) Ownership structure (see Ownership structure) preference divergent interests of bank management and shareholders, 654 products complexity of financial products, 110, 1027, 1118–1123 prudential regulation, necessity for [BankPrudReg] (+), 91–93 [NationGov*] (+), 49, 92, 145, 653 quality and status of those managing risk, 77 rating securitised products [EDRatingsGrade] (-), 800–802, 1122, 1196 [NEDRatingsInfo] (-), 799, 800, 1122, 1196 Variables based on credit ratings of securitised products, 799–801 real-time escalation of risks, 110, 841, 1208–1210 information on risks, 35, 228, 231, 1019, 1031, 1041, 1042, 1197 regulatory, 320, 345, 853, 1001 regulatory sanctions, 15 relationship between stronger governance, market valuation and performance [BankGovPerform] (+) variable– banks–level of bank governance (high)–effects of risk-taking on firm performance (non-crisis periods), 812 [BankGovValue] (+) variable-banks– level of bank governance (high)– effects of risk-taking on firm value (non-crisis periods), 812, 813 remediation accountability, 19, 124, 339–342, 687–712, 1272 additional successful remediation recommendations, 1252 apra commentary on remediation attributes, 1249–1256 APRA variables, 718–720 culture, viii, xi, 12, 21, 121, 126, 253, 359, 846, 865, 925, 1112, 1181, 1281 governance, 89, 134, 242, 283, 832, 833, 880, 976, 978, 989, 1064, 1068, 1082, 1115, 1155, 1159, 1160, 1174, 1178, 1264, 1265

Index Remed, 358, 1250 success factors for remediation, 1250 remuneration, 63, 117, 556, 677 reporting complexity and opaqueness, 77, 1009–1011, 1017 reputational risk, 15, 85, 86, 164, 234, 355, 601, 602, 1083, 1085, 1134, 1136, 1229 Risk appetite Adjustment to variable remuneration (see Incentives) risk appetite statements (RAS), viii, 8, 9, 19–21, 109, 110, 124–126, 164, 250, 302, 352–356, 377, 433, 440, 475–478, 631, 743, 744, 832, 1025, 1026, 1029, 1030, 1035, 1063–1094, 1096–1097, 1138, 1176, 1186 risk culture elements of sound risk culture, 109, 1066–1068 risk-taking deposit insurance, effect of, 87–90, 92, 105, 141, 513, 518–519, 522, 523, 653, 654 free-riding, effect of, 87, 88, 92 government bailout, effect of, 87, 89, 90, 92, 142, 519, 522, 523, 655, 776, 806–807, 810–816 material risk-takers (MRTs), 260, 271, 282, 458, 513, 526, 548, 575, 587, 621, 672, 722–725, 872, 887 second line risk management, viii, 20, 110, 125, 333, 334, 431–435, 471, 490, 600, 1028, 1193, 1204, 1211–1212, 1269–1273, 1276–1281 securitised products deficiencies in knowledge, 78, 79, 108, 240, 243, 245, 290, 391, 796, 797, 800, 834, 837, 843, 895, 901, 946, 1027, 1100, 1121, 1210 failures in rating, 108, 796, 813 size [BankSizeRisk] (-)-banks–increases in bank size–effects of risk-taking, 810 strategic, 12, 15, 279, 282, 287, 306, 316, 317, 319–321, 348, 350, 441–442, 542, 551, 618, 620, 622, 650, 736, 739, 744, 750–752, 820, 832, 852–854, 864, 899, 936, 958, 1000, 1003, 1025, 1030, 1035, 1081–1083, 1087, 1167, 1196, 1259, 1265 strategies

Index high risk strategies, 110, 1027, 1117–1119 systemic risk [BankSystRisk] (-)–banks–level of systemic risk–effects of risk-­ taking, 809 consequences, 350, 1004 ec’s ‘domino effect,’ 89 meaning, 1087, 1156, 1158 volatility, 35, 227, 1031, 1042 whole-of-enterprise approach, 35, 1031 Risk appetite Adjustment to variable remuneration (see Incentives) see Risks Risk Appetite Statements (RAS), see Risks Risk culture, see Culture; Risks Risk management, see Management; Risks Risk Management Framework (RMF), see Risks Risk Management, Monitoring & Audit Factor No 5, see Governance factors; Re-naming; Shareholder-Primacy Interrelationship Scheme Figure 3.1 Risk Management Strategy (RMS), see Risks Royal Commission Banking, Superannuation and Financial Services Industry, 3–23, 1023–1044 FSRC, x, 5, 6, 11, 18, 106, 120, 122, 668, 675 FSRC Final Report, x, 5, 18, 120, 675, 844 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications Rules of thumb, see User guide S Sahlman, William key questions, 72–73 systems, 72, 521 SecLine 2nd line risk management function, 19, 124 Second Line, see Compliance; Management; Management function or Second Line in Risks; Management in Risks; Risk in Conduct; Risks; Risks in Control; Second Line of Defence in Compliance; WBCRiskMan and WBCSecLine-­ Westpac Risk Management and Compliance-Second Line Risk Management Function

1371 Securitised mortgage products, disclosure and transparency complexity, 77 derivatives products, 77 disclosure and transparency structured products, 109, 737, 1012–1018 excessive reliance on ratings agencies, 77 failures in rating, 77 valuation, 77 Securitised mortgage products See also Risks Sedg Retail Banking Remuneration Review Report of 2017 by Stephen Sedgwick, 19, 124, 682 sedgwick Review, xi, 11, 106, 119, 279, 283, 388, 404, 515, 618, 620, 624, 635, 682–686 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications Shareholder Primacy, model Interrelationship Scheme Figure 3.1 affects, 25, 29, 30, 40, 55, 67 arrows, 39 direction of effect, 29, 30, 39, 55 dual direction (+/-), 67, 189, 590, 662 governance factors, 27, 29, 30, 38, 47, 55, 67, 535, 970 influences, 29, 30, 39, 55 negative direction (-), 67 one-way, 34 positive direction (+), 850 reflexive relationship, 47, 535, 970 switches-on, 39 two-way, 39 model shareholders are only residual claimants, 97, 98 Shareholder Primacy proxies (see Proxies) shareholder wealth-maximisation principle (see Incentives) shareholder wealth-maximisation principle (see Shareholder value maximisation in banks) shareholder wealth-maximisation principle (see Shareholders) Shareholders exercise of shareholder rights, 77 major, 4, 141, 652, 758, 957, 962–963 residual claimants, 97, 98

1372 Shareholders (cont.) shareholder wealth-maximisation principle conservative risk strategies, and, 100 externalities, 98 firm operating performance/profit, 97 firm value/share price, 97 likelihood of earnings manipulation/‘management,’ 97 proxies, 67, 97 quarterly results, and, 100 relationship between short-term interests of shareholders and long-term sustainability of firm, 98 severity of Global Financial Crisis, and, 99–101 systemic risk, and, 88, 92, 98 Shareholders shareholder wealth-maximisation principle incentives, and (see Incentives) risk-taking, and (see Incentives) short-term share price, and (see Incentives) Welfare (see Proxies) See also Incentives; Shareholder value maximisation in banks Shareholder value maximisation in banks Traditional governance variables maximise the share price alignment, 641, 647 cashing-out equity and options, 645, 647 [CCCashOutLimit] (+), 647 [CCCashOutRisk] (-), 647 [CCSTIncentRisk] (-), 644, 645, 647 compensation, 196, 556, 641, 656–658 [EquityHigherLvlMan] (+/-), 651, 655 [EquityLowerLvlMan] (-), 650, 651, 655 equity ownership not aligned where holding positions are short-­ term, 656 existing [NationGov*] (+) variable, 659 incentive equity holdings/plans of directors and officers, 648 incentives and risk-taking, 645 incentives, governance variables and shareholder wealth-maximisation, 513, 642 incentives tied to short term share price, 644 ‘inside debt’ compensation reduces risk-taking, 514

Index long-term stockholding and capping the ratio of variable to fixed, 196, 556, 641, 656–658 National governance/shareholder protection regime, 659 owner-control, 513 [OwnerControlRisk] (-), 653 predict bank failure, 513, 648–651 predicts bank failure, 513, 651–654 problems with long-term stockholding, 643 risk preference of bank managers and shareholders may diverge, 654–655 shareholdings of higher-level management, 649, 651, 655 shareholdings of lower-level management, 513, 648–650 Shareholder Wealth-maximisation principle, see Incentives; Shareholder primacy; Shareholders; Shareholder value maximisation in banks SMan senior management generally, 19, 124 SManRedFlag risk management–failure by senior management to escalate problems/‘red flags,’ 19, 124, 389, 390, 1079, 1080 Social interests ASX environmental and social risks, 1272 positional Conflict Axis No. 3, 31 three Relational Axes of Good Governance, 31, 32 Social interests, see Stakeholder Model; Stakeholders SSRN SSRN platform, 28 Stage 1, see Coverage; Coverage Table; Governance factors; Key/Core governance variables; Key Fields; Relational Proximity Rating; Shareholder-Primacy Interrelationship Scheme Figure 3.1; Weighing mechanism Stakeholder Model Interrelationship Scheme, 27, 29 Stakeholders conduct risk, 15 depositors BCBS, 88, 1015 interests, 83, 86–88, 90, 644, 704, 1095 risk preference, 83, 90, 91 positional Conflict Axis No. 3, 31, 32

Index shareholder-Primacy Interrelationship Scheme Figure 3.1, 38–39 shareholders, stakeholders Factor No. 6 (see Governance factors) risk preference, 34, 83, 90, 92, 654, 655 social interests, 31, 32 stakeholders Factor No. 6, 39 taxpayers, 89 three Relational Axes of Good Governance, 27, 31–32, 89 Status, see Committees; CRO; Information; Management function/Second Line in Risks; Management in Risks; Risks; Three Lines of Defence Strategic boards priorities, 321, 817 decision-making, 12, 43, 213, 287, 306, 316–321, 348, 350, 441, 442, 817, 852–856, 873, 899, 951, 1000, 1003, 1035, 1083, 1093, 1115 failures and failings, 348, 350, 736, 1000, 1003 planning, 852, 936, 1029, 1115 risks, 95, 100, 101, 110, 144, 165, 369, 383, 390, 753, 754, 793, 940, 1018, 1019, 1027, 1034, 1038, 1039, 1067, 1078, 1089, 1105, 1117–1119, 1211 Supervisors APRA, 512, 526, 680, 681, ix Australian Prudential Regulation Authority, ix regulators, vi, ix–xi, 9, 66, 83, 87, 88, 91, 92, 105, 115, 145, 512, 526, 608, 678, 736, 752, 1020, 1025, 1026 Suppliers external Stakeholders, 31, 32 stakeholders, 31, 32 three Relational Axes of Good Governance Positional Conflict Axis No. 3, 31, 32 Survival agency costs, reduction of, v, 3, 25, 27, 29, 51 distinguished from bank failure, 60 long-term efficiency, v, 3, 5, 9, 25, 27, 29, 39, 59, 60, 66, 67, 81, 515, 1007 proxies, v, 3, 5, 9, 39, 67 stage 1, v, 3, 5, 9, 39 survival/sustainability of the bank, 67 Sustainability agency costs, reduction of, v, 3, 25, 27, 29, 515

1373 distinguished from bank failure, 60 long-term efficiency, v, 3, 5, 9, 25, 27, 29, 31, 39, 59, 60, 66, 67, 81, 515, 1007 proxies, v, 3, 5, 9, 67 stage 1, v, viii, 3–5, 9, 26, 38, 39, 54, 72, 85, 96, 116, 512, 529, 597, 611, 628, 642, 664, 668, 677, 689, 715, 736, 748, 759, 767, 772, 797, 807, 818, 865, 894, 927, 928, 932, 946, 956, 968, 1006, 1025, 1046, 1066, 1095, 1108, 1126, 1157, 1173, 1250, 1255, 1263, 1275, 1276 survival/sustainability of the bank, 10, 25, 26, 29, 60, 62, 66, 67, 744, 1007 Switched-on shareholder-Primacy Interrelationship Scheme Figure 3.1, 40 See also Governance factors Systemic Risk, see Distinguishing features; Risks T Table bank Combined Coverage and Relational Proximity Table 10.2, 22, 126–507 coverage, 27, 33, 40–44, 48, 50, 91, 92, 126–507, 535–537, 654, 745, 969, 1033 key Groupings Table 10.1, 16–22, 56, 66, 104, 115, 121–127 principal reports and pronouncements appear in the Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications, ix–xi relational proximity rating, 8, 29, 30, 40–45, 56, 67, 104, 115, 126–507 revised Stage 1 Combined Coverage and Relational Proximity Table 3.1, 29, 37, 44 rprox, 7, 8, 41–44, 59, 67, 126–507 Table of Stage 2 Government, Supervisory/ Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications, ix Target bank Combined Coverage and Relational Proximity Table, 8, 33, 64, 67, 126–507 coverage, 8, 22, 33, 51, 56, 58–60, 64, 67, 104, 115, 126–507

1374 Target (cont.) culture, 131, 930 fixed, 203, 585 relational proximity rating, 8, 56, 104, 115, 126–507 rprox, 56, 58–60, 67, 104, 115, 126–507, 616, 632, 907, 930 table 10.2, 8, 33, 56, 59, 64, 67, 104, 115, 126–507 Target/hypothesised coverage/rating of a governance variable, 8, 33, 58, 59, 67, 104, 115, 127 Technology board, 865 committees, 865 control, 72, 76, 313, 331, 689, 874, 1268, 1271 control and information technology, 76 failures and inadequacies in computer risk modelling, 76 management, 162, 169, 274, 313, 318, 320, 331, 689, 692, 851, 868, 874, 880, 936, 1137, 1227, 1269, 1271 NAB, 313, 318, 320, 863, 868, 1268 reporting, 152, 274, 692, 868, 880, 935 Themes aims, and, v, 28 core, 12–14, 864 emerging, 12–14 interrelationship, v, 28, 30, 33, 38, 46, 1007 underpinning/overarching, 25, 28, 30, 33, 512, 1028 Theoretical parts, three Relational Axes of Good Governance governance factors, 25, 30, 516 key Fields, 25, 30, 96, 516 shareholder-Primacy Interrelationship Scheme Figure 3.1, 38–39 three Relational Axes of Good Governance Behaviours Axis No. 2, 31, 32 Objectives Axis No. 1, 31, 32 Positional Conflict Axis No. 3, 31, 32 Weighing mechanism, 30, 31 Three Lines of Defence Model APRA, 208, 259, 888, 1075, 1115 BCBS, 1115 building Line 1 risk and control capability, 110, 1113 business Units/First Line BU, 1115 Westpac Reassessment, 14, 110, 1113 Corporate Defence Management (CDM) extends the Three Lines, 1115–1116

Index high risk strategies and (improper) delegation of oversight (see Risks) inadequate oversight, risk management and complexity of financial product (see Risks) Internal audit, 259 Line 1 ownership and capability to manage risk Line 1 function, 110 Line 1 skills, capabilities and stature, 110, 1112 WBCBU, 1112 WBCBUFail, 1112 2020WBCLine1, 11112 Westpac Review Team 2018, 110 NAB Risk Management Framework (RMF), NAB Second Line Operational Risk (see Risks) NAB First Line risk and control ownership, 1263, 1266–1268 NAB Second Line Compliance function, 1269 NAB Second Line Conduct Risk, 1270 NAB Second Line risk management and risk reporting, 1263, 1269–1276 risk management function/Second Line compliance function, 333, 364–368, 447, 600, 1115, 1174, 1184, 1187, 1188, 1239 independence (see Risks) SecLineComply-prefix variables, 365–368, 600, 1187, 1188, 1239, 1240 Westpac Reassessment building Line 1 risk and control capability, 110, 1105, 1113 line 1 ownership and capability to manage risk, 14, 110, 1105, 1112 2020WBCLine1, 21, 126, 499–501, 1112–1114 Westpac Review Team 2018 divisional approaches to managing risk and compliance, 111, 1275, 1280–1281 embedding group-wide policies, 111, 1280–1281 management of conduct and reputation risks, 111, 1277–1279 non-financial risk appetite, 111, 506, 1088, 1089, 1275–1277 risk Management and Compliance, 20, 110, 111, 125, 405, 431–435, 629, 671, 1028, 1105, 1275–1281

Index See also Business Units or First Line; Compliance; Management; Management function or Second Line in Risks; Management in Risks; Risks Three Relational Axes of Good Governance behaviours Axis No. 2, 31, 32 objectives Axis No. 1, 31, 32 positional Conflict Axis No. 3, 31, 32 set of scales, 25, 30, 32 theoretical parts, 25, 27, 28, 30–32 weighing mechanism, 25, 27, 28, 30, 31 Transparency complexity, 737, 1005–1020, 1031 disclosure, 34, 391, 525, 563, 574, 689, 737, 1005, 1007, 1010–1018, 1031, 1203 key/Core governance variables, 48 reporting, v, 8, 19, 28, 34, 44, 47–50, 57, 62, 64, 65, 117, 124, 391, 392, 395, 556, 571, 607, 664, 689, 695, 701, 706, 708, 709, 803, 1005, 1017–1018, 1026, 1033–1035, 1046, 1069, 1173, 1187, 1189, 1194, 1199, 1202, 1203, 1210, 1241, 1282 risks failure in transparency and understandability of material risk factors ranked in order of importance, 1024, 1044 material risk factors, 1024, 1044 securitised mortgage products, 1017 timing and, v, 28, 33, 34, 49, 54, 64, 572, 969, 1108, 1173, 1194, 1239 [TransTimeMon] (+) transparency and Timing of Reporting– Monitoring Effect, 8, 44, 48–50, 57, 65, 117, 392, 556, 571, 607, 689, 693, 695, 701, 706, 708, 1018, 1033–1035, 1046, 1058, 1069, 1118, 1187, 1189, 1199, 1202, 1203, 1241, 1282 See also Key/Core governance variables TransTime transparency and timing of reporting, 8, 19, 44, 48–50, 57, 62, 65, 117, 124, 391, 392, 395, 607, 664, 689, 803, 1017, 1018, 1026, 1033, 1202, 1241, 1282 [TransTimeMon] (+) transparency and Timing of Reporting– Monitoring Effect, 8, 19, 44, 48–50,

1375 57, 62, 65, 117, 124, 392, 1018, 1282 [TransTimeMon] (+) See also Key/Core governance variables U Underlying theme, see Governance factors; Themes User Guide, 22, 30, 32, 51, 53–62 W Walker Review 2009 David Walker, xi, 9, 89, 118, 513, 527, 655, 661, 750, 757, 820, 935, 947, 955, 1011, 1032, 1119, 1131, 1154 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications WBCAllocateInvest Westpac financial prioritisation–investment allocation decisions, 19, 124, 395 WBCAudFail Westpac audit committee and board oversight of risk management– reporting from Group Audit, 19, 124 WBCBRC Westpac Board Risk Committee, 19, 124 WBCBrdCust Westpac customer complaint reporting to the Board, 19, 124 WBCBrdRep Westpac reporting to the Board, 124 WBCBU Westpac business units–operation of Line 1, 19, 124 WBCComp Westpac Compensation/Remuneration Committee, 19, 124 See also Incentives WBCCultCare Westpac culture–caring culture, 19, 124 WBCCultCollab Westpac culture–collaboration, 19, 124 WBCCultComplete Westpac culture– completeness/“maximalism” in approach to work, 20, 124 WBCCultConcept Westpac culture–conceptualising, 20, 124

1376 WBCCultLearn Westpac culture–institutional learning and reflection, 20, 124 WBCCultNFR Westpac culture–non-financial risk, 20, 124 WBCCultNoChall Westpac culture–challenge culture/ environment failure, 20, 124 WBCCultOwn Westpac culture–personal ownership, 20, 124 WBCCultPriority Westpac culture–prioritising, making decisions and saying “no”, 20, 124 WBCCultRelation Westpac culture–relationships integral to risk matters, 20, 124 WBCCultTopClear Westpac culture–vision, values and strategy at top are clear, 20, 125 WBCCustRedFlag Westpac customer complaints, 20, 125, 1172, 1227 WBCETRISKCO Westpac oversight of Executive Team– oversight of group-wide risk through RISKCO, 20, 125 WBCExecTeam Westpac oversight of Executive Team, 20, 125 WBCFailAllocateInvest Westpac financial prioritisation–investment allocation decisions–Enterprise Investment Pool (EIP), 20, 125 WBCFailInvest Westpac financial prioritisation, 20, 125 WBCFinPriority Westpac financial prioritisation–financial prioritisation over risk, 20, 125 WBCIssueMan Westpac financial prioritisation–financial prioritisation over risk, 20, 125 WBCNonRem Westpac non-remuneration consequence management, 20, 125 WBCProjectDel Westpac Financial Prioritisation–Project Delivery, 20, 125 WBCRiskMan and WBCSecLine Westpac Risk Management and Compliance–Second Line Risk Management Function, 20, 125

Index WBCWhistleRedFlag Westpac Issues Identified by Whistleblowers, 20, 125, 1233 Weighing mechanism governance factors, 25, 27, 28, 30 interrelationship schemes, 25, 27, 28, 30 relational effect path, 25, 28, 30 results, 25, 27, 30 Shareholder-Primacy Interrelationship Scheme Figure 3.1, 27 theoretical parts, 25, 30, 31 three relational axes of good governance, 25, 27, 28, 30–32 Westpac (Westpac Banking Corporation) 2020WBC-prefix Key Groupings, 21, 126 Table 10.1, 126 accountability, xi, 11, 12, 106, 120, 121, 627, 637–639, 737, 826, 864, 865, 909, 925, 982, 1101, 1110, 1112, 1140, 1154, 1180, 1181, 1276, 1281 board, 1282 committees, 989 conduct, 1277 consequences, 635–636 control, 1173 core, 910–912, 1281 culture findings and commentary on culture 1–9, 893, 909–910 failures and failings, 35, 109 functioning of Executive Team and RISKCO functioning of Westpac Executive Team, 881 functioning of Westpac RISKCO, 382 enhancing Executive Team functions, 863, 884 enhancing RISKCO reporting, 863, 884 WBCETRISKCO, 882, 883 WBCExecTeam, 20, 881, 882 incentives, 407 key ‘key areas’ identified by Westpac for shortcomings, 14 Westpac Reassessment, 21, 22, 126 monitoring, 1101–1103 non-financial risks, 15, 20–22, 124, 126 priorities, 914 prioritisation decisions in Westpac Review Team 2018 case studies, 850

Index four factors contributing to prioritisation of financial considerations, 817, 858–861 investment allocation decisions, 856, 857, 870 Project delivery, 857, 858, 860 WBCFailAllocateInvest, 856 WBCFailInvest, 856 WBCFinPriority, 859, 860 WBCProject, 857, 858 recommendations and commentary on remuneration in Westpac Review Team 2018 accountability frameworks and policies, 637, 638 adjustments for short-term variable reward, 630–633 Bank Executive Accountability Regime (BEAR), 638 deferral of variable reward, 634–635 diffusion of accountability, 638 factors that inform accountability outcomes, 637–639 implementation of Sedgwick recommendations, 635 navigation and consistency of frameworks and policies, 633 non-remuneration components of consequence management, 635–636 remuneration approach–fixed and variable remuneration, 628–639 risk gates for Short-term variable reward, 629–630 use of malus provisions, 634 WBCComp, 628–635 WBCCompDeferral, 634 WBCCompMalus, 634 WBCCompMulti, 633 WBCCompSedgwick, 635 WBCCompSTVR, 628–633 WBCCompSTVRRiskAdjust, 629 WBCNonRemConseqMan, 635 WBCNonRemConseqManBEARAcc, 639 See also Incentives Remed, 124 reporting, 980–981 review, vii, 11, 15, 106, 108–111, 120, 627–639, 737, 826, 856–861, 863–889, 909, 910, 982, 989, 1028, 1101, 1102, 1110–1112, 1139–1146, 1149, 1154, 1172,

1377 1180, 1190–1192, 1213–1233, 1275–1286 risks failings, 35, 109 management, 20, 125 management function/second line, viii, 20, 125 non-financial risks, 15, 20–22, 124, 126 second line of defence, 1180 three lines of defence model, 14 WBC-prefix key groupings Table 10.1, 16, 17, 56, 121–126 Westpac Reassessment 2020WBC, 21, 116, 126 2020WBCCultNFR, 21, 126 2020WBCLine1, 21, 126 2020WBCNFR, 22, 126 2020WBCPillar1, 22, 126 2020WBCPillar2, 22, 126 2020WBCPillar3, 22, 126 2020WBCSecLine, 22, 126 ‘CORE’–Customer Outcomes & Risk Excellence, 14, 111, 1281 ‘key areas’ identified by Westpac for shortcomings, 14 non-financial risk, 15, 20–22, 124, 126 shortcomings in relation to five root causes, 14 Westpac Reassessment Business Units–Operation of Line 1, 21, 126 Westpac Reassessment CORE Program Pillar 1, 22, 126 Westpac Reassessment CORE Program Pillar 2, 22, 126 Westpac Reassessment CORE Program Pillar 3, 22, 126 Westpac Reassessment Culture for Non-Financial Risk, 21, 126 Westpac Reassessment Oversight of Non-Financial Risk, 22, 126 Westpac Reassessment 2nd Line Risk Management Function, 22, 126 Westpac’s Reassessment of the Culture, Governance and Accountability Remediation Plan of June 2020, viii, 12, 121 Westpac Review Team 2018 accountability, xi, 11, 12, 106, 120, 121, 627, 637–639, 737, 826, 864, 865, 909, 925, 982, 1101, 1110, 1112, 1139, 1154, 1180, 1181, 1276, 1281 challenge, 108

1378 Westpac (Westpac Banking Corporation) (cont.) closure of issues, 870–872 culture, 909 findings and commentary on culture 1–9, 909 governance, xi, 11, 12, 106, 120, 121, 627, 637–639, 737, 826, 864, 865, 909, 925, 982, 1101, 1110, 1112, 1139, 1154, 1180, 1181, 1276, 1281 operation of the board and committees, 963–965 remuneration and consequence management, 872 reporting to the board, 865–870 role of senior management, 108, 864 role of the board, 108, 864

Index senior leadership oversight, 108, 873–880 See also Table of Stage 2 Government, Supervisory/Regulatory, Major Bank and Industry Body Reports, Codes, Rules and Publications Westpac Reassessment in Westpac, xi, 12, 14, 21, 22, 108–111, 121, 126, 826, 863–891, 893, 925–926, 1028, 1105, 1112, 1113, 1173, 1181, 1275–1286 Z Zone, range/area of operation/effect, see Coverage