Risk & Compliance
The Royal Commission: What’s Next For Your Risk & Compliance Function?
9 months ago by Charlotte Fairbrother / Back to all blogs
Is your Risk & Compliance team big enough, talented enough, qualified enough and tough to manage the Royal Commission fallout?
As the dust settles on the concluded hearings of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, those involved in their organisation’s Risk, Compliance and Governance function need to be prepared for further turmoil when Commissioner Kenneth Hayne delivers his final report on 1st February 2019.
Every one of the Banking Royal Commission’s seven hearings held between March and November 2018 contained dire warnings of upheaval in Risk and Compliance affecting all corners of the financial services sector. In particular, the revelations in Round 2 (fees for no service, investment platform fees, inappropriate financial advice and improper conduct by financial advisers, ASIC and professional bodies’ disciplinary regime) and Round 7 (questioning of senior executives and board directors of key financial institutions and disciplinary bodies) have sent shockwaves through the Risk and Compliance community.
Not only was there heightened public attention and scrutiny, corporate reputations were also marred (with prolonged downward impact on share prices) while personal reputations were severely compromised, leading to a number of resignations and even the threat of litigation.
There is also the promise of new and more intense regulatory focus. During Round 7 hearings, APRA chairman Wayne Byres stated that he was ready to ‘ratchet up the mongrel’ at the banking regulator, and let its supervisory team off the leash. APRA has subsequently followed through on his threat issuing licensing restrictions and disqualifications against senior management of IOOF, one of Australia’s largest financial planning companies.
However, it’s not just the big end of town that needs to sit up and take notice. After all this publicity, ignorance and lack of resources will not be an excuse even in smaller businesses, and retribution is likely to be even more severe in future.
There has never been a more urgent need for senior managers responsible for Risk, Compliance and Governance – whether specialist heads of this function, CFOs or even CEOs – to ensure that they have the correct talent on board, and in sufficient numbers, to face the challenges ahead. But securing that talent could present yet another headache.
Risk, Compliance and Governance talent shortage adds to the problem
Risk, Compliance and Governance departments are facing a talent shortage crisis. Recent data published by online employment marketplace SEEK reveals that adverts for Risk and Compliance job roles in banking and finance have increased by 122% in the last five years, including a striking 48% increase in the last year alone. 13.5% of banking and finance roles advertised on SEEK in October 2018 were in Risk and Compliance.
Kendra Banks, SEEK’s Managing Director, Australia and New Zealand, says that, “Compliance and risk job roles require an extremely niche skill set which can vary across different industries. Therefore, it can be hard for recruiters to find the right person for the role, or for candidates to even know that these roles exist outside of Finance and Banking institutions.”
There can be no doubt that the Banking Royal Commission is responsible for the surge in advertisements. At the same time, there is a lack of skilled candidates to fill the openings, since the 48% increase in Risk and Compliance roles advertised at SEEK was matched by a lift of only 13% in candidates searching for this kind of job.
And the skill shortage is not confined to Australia. So Risk, Compliance and Governance managers will find themselves competing for talent with overseas employers keen to attract Australians with the appropriate abilities and experience.
While this is a challenge, many other countries have made better progress than Australia with their Risk and Compliance regulatory framework, with the result that they have a larger pool of professionals proficient in this area. Ethos BeathChapman, with its specialist team, can help assist employers as they expand and upgrade their teams.
The Banking Royal Commission intensifies urgent Risk, Compliance and Governance challenges for Australian businesses
Even before the Banking Royal Commission began, Risk, Compliance and Governance were already major challenges for businesses in Australia, especially those involved in the areas of banking and finance. Now the heat has been turned up even further.
Nevertheless, a fully-staffed and multi-talented Risk, Compliance and Governance function should be able to come to grips with all these threats and respond effectively. Managers of the function will need to consider each one of the following challenges and consider whether they are applicable to their own organisation, and if so, whether they are equipped to deal with them based on their current team’s human resources.
Challenge 1: Putting the customer first
The ‘fees for no service’, and ‘fees charged to clients no longer living’ scandals exposed by the Banking Royal Commission were aspects attracting the highest level of both media attention and public condemnation. This was only one of many examples of putting profit, greed, and the interests of shareholders first and foremost, with the needs and welfare of clients and other stakeholders trailing far behind.
Other serious shortcomings included a failure, where financial advice was actually given, for that advice to be in the customer’s best interest e.g. rolling over existing super accounts into a new account on which the adviser could earn income, meanwhile triggering enormous fees for the client.
In one bank, staff were falsely witnessing thousands of customer signatures.
How Risk, Compliance and Governance teams can address the ‘customer first’ challenge
Your Risk, Compliance and Governance staff will need to be able to monitor, detect and take action against this kind of activity, and turn it around so that the interests of all stakeholders – not just shareholders, employees and agents – are considered. If you don’t already have the necessary procedures in place, they will need to be capable of designing and implementing them.
Restructuring remuneration and incentives to put quality advice ahead of fees earned and improving training of senior managers outside Risk and Compliance so that they have a greater understanding of laws affecting their industry will be an important step towards addressing the challenge of putting the customer first.
If you feel you need to lift the quality or size of your existing Risk, Compliance and Governance team, organise a confidential chat as we can help you find and attract great team members here.
Challenge 2: Restructuring of misaligned incentives and remuneration
Many of the remuneration structures in place in the financial services sector have caused misalignment and are inherently conflicted. Historically, some employees have been rewarded for volume sales, churning, and trailing commissions, at the expense of quality advice. This is often referred to as ‘conflicted remuneration’. The scope of this problem is broad, impacting everyone in the industry including tellers, advisors, brokers, executives and the entire staff of any financial institution.
Reserve Bank governor Dr Phillip Lowe, during a House of Representatives economic committee hearing, commented that “We've seen remuneration structures that have driven quite poor behaviour. We need to rebuild trust, we need to have a very strong focus on service rather than sales”.
The challenge here will be to find a way to motivate and reward staff that does not depend on chasing volume and turnover, and does not encourage unprincipled conduct, but instead promotes sales of financial services as a result of the high quality delivered.
How Risk, Compliance and Governance teams can address the ‘misaligned incentives’ challenge
A possible obstacle to reform will be the ‘grandfathering’ provisions which allow for the continuation of incentive agreements which existed before conflicted remuneration was banned by 2013’s Future of Financial Advice (FOFA) legislation. ASIC has advised that grandfathering of commissions should end as soon as reasonably possible.
Meanwhile, Risk, Compliance and Governance teams can start becoming familiar with the FOFA legislation and examining any remaining grandfathered remuneration and incentive arrangements, deciding whether they need to be abolished, and how this could be done within your company. Additionally, clients should also be fully informed about any fees they are being charged for advice.
Misaligned incentives can also be targeted by investigating existing remuneration structures for all staff and agents involved in selling or promoting products and services or fronting customers, and devising an entirely new remuneration and adviser fee system, one which rewards quality advice and service rather than sales volume.
Considering the Interim Report’s incentive and bonus structure suggestion:
“. . . the simplest and most comprehensive severance may be the adoption of a flat share of a variable pay pool that varies with overall entity performance.”
Challenge 3: Conflicts of interest resulting from vertical integration and cross-selling
Although this challenge has some themes in common with the ‘Putting the customer first’ in Challenge 1, it warrants examination in more detail.
Vertical integration of financial service products and their distribution may occur when the product manufacturer also owns its distribution system. For example, when a financial advisor steers a customer through a bank-owned platform, to invest in a bank-owned product.
There is an inherent conflict of interest in this situation, since financial advisers in the distribution system have a vested interest in promoting and recommending products which may not be suitable for their clients, or which involve fees above the market rates, or are otherwise uncompetitive and would not have been recommended in an ethical ‘arm’s length’ situation.
How Risk, Compliance and Governance teams can address the ‘vertical integration’ challenge
Both ASIC and the federal Treasury believe that it’s possible to adequately manage these conflicts, and so they are not currently recommending disintegration of these vertically-aligned groups. However, this may add to the burden of oversight for the Risk, Compliance and Governance function, in order to ensure that this effective management does occur, and that customers are not disadvantaged by the structure.
Risk, Compliance and Governance teams should be thoroughly familiar with conflict management provisions contained in current legislation and make sure that they are adhered to throughout the organisation, including by its affiliated advisers. Going one step further, teams can proactively set up systems and procedures to ensure that customers are not disadvantaged and for larger entities, assessing whether the company’s selling platform continues to present a risk of being in breach of legislative provisions, and possibly recommending to the board a program for divesting their financial advisory and wealth management assets.
Challenge 4: Accountability and shared responsibility for compliance
One of the most notable features of the Banking Royal Commission Round 7 has been the sight of the country’s most senior finance executives standing before the Commissioner, his assistants, the media, and the nation as a whole, and saying “Sorry”. A few major scalps were claimed in the process.
This was in clear contrast to the stance adopted by the banks in earlier rounds of hearings, succinctly summed up by Alan Kirkland, CEO of CHOICE:
“The original bank submissions to the Royal Commission tell a sad story of ‘it’s everyone else’s fault’. Not one major bank took responsibility for their behaviour and the harm they’ve caused. Their public relations may have gotten better since, but have they really changed their ways? These early submissions paint an ugly picture of the attitude behind closed doors. It’s hard to believe they’ve really changed since.”
The Commission has highlighted the fact that although the main burden of responsibility for past compliance failings and future improvement lies with an organisation’s leaders, to some extent it ought to be a collective one, with individual employees and licensees also being accountable for their own conduct.
Evidence was also presented to the Commission of lengthy delays and even deception when it came to the handling of regulatory breaches, informing customers and customer remediation. It also appeared that significant breaches committed by an individual employee or licensee were usually not treated as meaningful in the context of the whole organisation.
The concept of shared accountability also raises the question of whether company directors will be in breach of corporations laws requiring them to consider only the interests of their shareholders, if they now also need to take into account the interests of clients.
How Risk, Compliance and Governance teams can address the ‘accountability’ challenge
Risk, Compliance and Governance teams can start to set up a clear framework for detection of breaches and timely reporting, informing customers, and customer remediation and ensuring that written agreements between financial advisers and clients do not seek to absolve the organisation from responsibility for the actions of its representatives.
It is also important that teams train all line staff and licensees in their responsibilities regarding adhering to regulations and reporting breaches.
If you feel you need to lift the quality or size of your existing Risk, Compliance and Governance team, organise a confidential chat about we can help you find and attract great team members here.
Challenge 5: Modifying corporate culture
One of the major keys to mitigating risk and ensuring compliance is a change to corporate culture: a definite movement away from dishonesty, corruption, greed, unwillingness to accept blame and overall toxicity, towards an organisational philosophy and outlook where service, honesty and personal responsibility can thrive. In some cases it was apparent that junior staff had a greater awareness of, and antipathy to, non-compliant and generally bad behaviour, than their bosses.
How Risk and Compliance teams can address the ‘corporate culture’ challenge
For prudentially-regulated entities (ADIs – authorised deposit-taking institutions) the Banking Executive Accountability Regime (BEAR) includes provisions that will make executives responsible for building a sustainable and healthy corporate culture. Risk, Compliance and Governance teams in these institutions should become familiar with the provisions as they are rolled out, and put procedures and audits in place to ensure compliance.
For other businesses (e.g. financial advisers), also staying up-to-date with BEAR is important, since it’s possible that similar rules may be extended to non-ADIs in the future.
All Risk, Compliance and Governance teams can meet this challenge by starting at the top and demonstrating to senior managers and the board of directors that they must lead by example with good governance, openness and honesty. Afterall, the broader company culture inevitably reflects the attitudes of its leaders.
Liaising with HR and Finance functions to construct financial and non-financial incentives to support the enhanced corporate culture and values, and promoting learning and motivating over blaming and punishing is essential.
Assessing Risk, Compliance and Governance talent needs in your organisation
No two organisations are the same. Some Risk, Compliance and Governance teams may simply be lacking in the required number of people to face the magnitude of the task. Others may be adequately staffed by way of numbers, but with serious gaps in expertise, experience or specialisation.
At all costs, it will be vital to avoid the kind of complacency that former ACCC Chairman Professor Graeme Samuel was referring to when he said:
“History has shown that lessons — even as harsh as the global financial crisis — have a short memory time span and complacency sets in very quickly. We will and should see a spurt of cultural and governance reform over the next couple of years, but then there will be a gradual lapse back into the course of misconduct we are now seeing in the royal commission.”
So it’s imperative to take a critical look at your current Risk, Compliance and Governance team. Is it big enough, talented enough, qualified enough and tough enough for the arduous tasks which lie ahead?
If your answer lies anywhere on the curve from “Not sure” to a definite “No”, then Ethos BeathChapman can help you. Your competitors are scrambling to fill a vast quantity of new positions from a limited talent pool. Contact Ethos BeathChapman today to organise a confidential chat about we can help you find and attract great team members here.