In 2018, the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, a.k.a the Hayne Royal Commission, outlined significant operational process and compliance failures in many institutions in Australia, and thereby highlighted the need for firms to improve their processes and even their understanding of those processes. Nicole Salimbeni, Partner, PwC Australia, now outlines the questions that executives need to ask themselves in order to shape up and be ready for the regulatory challenges of tomorrow.
The Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry in Australia has had a very large impact in relation to the management of risk not just for financial services organisations but its effect has been even more far-reaching as other organisations look to learn from and avoid the past failings of financial services organisations.
The Royal Commission has definitely focused the mind of board members and senior executives in Australia firmly on what good risk management means. Many of the issues highlighted by the Royal Commission were discovered in full by executives as they prepared witness statements and/or for their appearance in front of the commission. This in itself has led to questions. Executives want to know if all their banks’ risks are really being managed. They are asking themselves what level of reporting will give them a level of comfort. In addition, they need to know if people are telling them what they need to know. This brings up the question of their leadership skills and how to model the behaviour that reinforces that risk management issues are important and need to be dealt with, just as urgently as other business issues.
More broadly, in large and complex Australian organisations, where investment in core IT systems to manage risk has been patchy at best, many executives are asking 5 key questions:
- What role does automation of controls play at the line 1 level?
- How can I quickly remove so much reliance on manual controls?
- When I am relying on a manual control, how can I get comfortable that this manual control is working?
- How do I get a complete view of all my manual controls? When I am reducing headcount in a cost focused environment, I inadvertently remove a role which has been performing those manual controls?
- Do I need more people focused on the management of risk?
These questions then lead to more questions about ever growing focus on the three lines of defence model and in particular the role of the 2nd line. The types of questions that are being asked are:
- What capabilities do I need in line 2 to effectively oversee line 1?
- Are there enough people with the right capabilities in the market right now to help us do what needs to be done?
- What are the right technical capabilities but also leadership capabilities?
- Do we need more line 2 resources or is that creating a lack of accountability and clarity in roles within both line 2 but also line 1?
So without a doubt the Royal Commission has focused the minds of our most senior executives in Australia. As many in Australia are saying “Risk is the new black”. Most risk professionals will have an informed view on the answers to these questions that are being asked. Here’s our opportunity to help these executives drive change within their organisations and ensure that the issues found through the Royal Commission are remedied and don’t happen again.