Shipton didn’t think it was a risk, as long as his commissioners exercised judgement. Orr disagreed and pointed out the flaws in holding such meetings: they lacked transparency, there was no formal record, no minutes taken, and no policy governing the types of topics that could be discussed at the meetings. ‘So I assume you don’t have a policy governing the involvement of commissioners in making enforcement decisions about entities that they’re attending meetings with?’ Orr asked.
‘Not to that precision,’ said Shipton.
Sticking with transparency, Orr moved on to specific examples to highlight her point that a regulator can be too cosy or too soft on those it regulates. One ASIC report into claims handling in life insurance released in October 2016, following my CommInsure investigation, identified fifteen insurers and set out case studies but did not identify the insurer. Another report on the selling of direct insurance, released in August 2018, also opted not to name the companies involved but just outline cases.
‘Why not [name the companies]?’ Orr asked. It was a simple question that brought a range of excuses.
‘There are sometimes statistical reasons that it cannot be done,’ Shipton said. ‘Either these statistics are good or they are poor,’ he continued.
Orr wasn’t convinced. ‘You’ve chosen to publish them so you have some degree of confidence in them. Why not identify the firms to which they relate?’
Shipton didn’t have an answer, except to say they were moving towards naming companies. He agreed that publicly identifying companies would provide a strong incentive for them to improve their practices. He went on to say, ‘I believe that the suggestion that you are making [to name and shame organisations] is a good one. I would also quickly add that what we are doing is at a journey.’
Orr then cited a case made public in December 2016, which involved breaches of the law in NAB’s foreign exchange division. Between 2008 and 2013, some NAB employees had been caught sharing confidential information, including client names and details of pending client orders, and then using the information to enter prices into the trading platforms to set currency exchanges. In response, ASIC said it was concerned NAB wasn’t ensuring that its systems, controls and supervision were adequate to prevent, detect and respond to such conduct, and it issued an enforceable undertaking with the bank.
Orr produced an email written by ASIC commissioner Cathie Armour, then chair of ASIC’s enforcement committee, and circulated to her colleagues in August 2016, before the enforceable undertaking had been announced. The email discussed a settlement deal with NAB’s then chief risk officer David Gall. Armour, who had joined ASIC in 2013 after working as Macquarie Group’s general legal counsel for more than a decade, wrote in the email, ‘I did say to [Gall] that, given the relatively early stage of the investigation, we would be willing to consider a proposal that did not involve a court outcome if [the proposal] otherwise met our key regulatory outcomes.’ She had also told Gall that ‘the longer investigations go, the more prospect of us developing case theories . . . which would limit our flexibility on outcomes’.
Orr said to Shipton, ‘Can I ask you to reflect on whether anything about that response by Ms Armour, a commissioner of ASIC, to Mr Gall, is problematic beyond a lack of professionalism?’
Shipton defended his commissioner: ‘I just want to be absolutely clear that I firmly believe in Ms Armour’s professionalism at all times and that shouldn’t be in any doubt in this case study.’
Commissioner Hayne told him to answer the question. His response was ‘No.’
Orr suggested that a more appropriate way for a regulator to have handled this situation would have been to complete the investigation, form its views, then negotiate armed with information on how serious the misconduct was and how many civil or criminal breaches had occurred. Instead, ASIC had preferred to take the softer, less combative option, and do deals before they had all the facts to hand. Orr felt that automatically reduced the regulator’s bargaining power because it didn’t have the full picture of what had gone on. She was of the view that a regulator should start by asking, ‘Why not litigate?’, then work backwards, instead of the other way around. Until it did that, it would never be an effective regulator.
The royal commission then heard that by the end of March 2018 – more than fifteen months after ASIC had initiated the enforceable undertaking against NAB – the bank still hadn’t developed a remediation program. In other words, it had failed to comply with its enforceable undertaking. Instead of penalising NAB, ASIC gave the bank a three-month extension.
Shipton’s response to that was that he didn’t think it had been unreasonable to vary the enforceable undertaking. ‘This was a difficult regulatory choice. Our resources are not limitless.’ But the message was clear: ASIC needed to grow a spine, and Shipton would need to come down harder on staff agreeing to soft options before investigations were completed.
Orr cited numerous other cases where ASIC had been too accommodating when it came to negotiated settlements. She presented a September 2017 email from ASIC’s Tim Mullaly, a senior executive leader of financial services enforcement, to colleague Michael Saadat, saying, ‘We either resolve by way of an enforceable agreement with a community benefit payment of $250,000 or we push for . . . $300,000.’ Saadat replies that they should start with $300,000. Mullaly then responds: ‘As you will recall, James Myerscough [CBA’s risk officer] was concerned that by just paying a community benefit payment and not having any regulatory outcome, it looks like they [CBA] are paying off ASIC to avoid action.’ The community benefit payment Mullaly was referring to was the penalty ASIC wanted to impose on CBA in relation to the series of misleading and deceptive life insurance ads covering heart attacks and cancer, which Helen Troup had been quizzed about in the royal commission back in September. CBA was worried that a donation of $300,000, instead of a fine in the vicinity of $8 million, might attract unwanted attention.
Mullaly’s email continued, ‘He [Myerscough] was hoping to see something from us about how this would be messaged.’
Orr asked Shipton, ‘How do you respond to a concern expressed by one of your regulated population [CBA] that by making a community benefit payment, CBA would look as though it was paying off ASIC to avoid action?’
Shipton said it was ‘extremely concerning’.
But it was much worse than that. It showed how choreographed the entire process of ASIC negotiating penalties with the banks had become. In late 2017 – two weeks after the royal commission had been called – CBA was weighing up the appearance of the suggested donation.
It went to the heart of what was wrong with ASIC. Since its inception as the Australian Securities Commission, it had been a light-touch regulator. It had also been accused of being captive to the organisations it regulated, not least because of the constant movement of staff between ASIC and the banks. ASIC media advisers had moved to banks, commissioners had moved from banks to ASIC, and lawyers had moved between the two.
Over decades, millions of Australians had been ripped off by the banks. Instead of being the tough cop on the beat and taking legal action on their behalf, ASIC preferred negotiated outcomes with the offenders. Remediation had been slow – if it had occurred at all.
As noted, ASIC had even shied away from naming and shaming wrongdoers. In a series of industry reports over many years listing a litany of sins on the part of institutions generally, it had failed to name the ones involved. It was, as Orr pointed out, a practice that had continued under Shipton.
Shipton conceded it was a good point and promised that in future ASIC would be a tougher regulator: it would be ‘more adventurous in pushing points of law’, take more risks and use the courts more, including taking criminal actions against financial institutions for misconduct. To prove this, Shipton told the commission that ASIC had launched an investigation into CBA’s mis-selling of consumer credit insurance (CCI) products to more than 156,000 people.
But this failed to impress Orr, given ASIC
had only decided to launch the investigation two weeks earlier, despite having known about CBA’s mis-selling of CCI for two and a half years. And in any case, as Orr pointed out, ASIC was only investigating whether it should pursue enforcement.
Orr asked, ‘Do you agree that the matters that you referred to, the fact that this was an industry-wide challenge, the fact that 156,000 customers were out of pocket, the fact that this was a systemic issue, were all matters that reinforced the need for you to take strong action and commence an investigation?’
Shipton replied, ‘You should have confidence that it’s different today, because we now have issued guidance that would mean that a decision like the one in CCI . . . would have a very different starting point . . . The starting point today would be to ask the question and turn our minds to why not litigate this demonstrable breach.’
‘And that’s as of a few weeks ago?’ Orr asked.
‘That is of two or three weeks ago, yes,’ Shipton replied.
It all seemed ad hoc and panicked. Shipton had squandered an ideal opportunity to paint ASIC in a new light.
*
Peter Kell, the former deputy chairman of ASIC who had overseen the regulator’s investigation into fees for no service and a number of other investigations, later told me that in the wash-up of the royal commission it was clear the finance sector couldn’t fix itself. Kell was in a good position to make some observations after leaving the corporate regulator in December 2018.
‘This isn’t an issue with just one bank or insurer, it’s a market-wide problem,’ he said. ‘And you’re dreaming if you think that the fundamental problems with competition in the finance sector will disappear in the short to medium term.’
Kell believes a greater level of intervention is required from government. Having said this, he pointed out that the key issues were not new and had been talked about for a long time. He thinks it is more a matter of commitment, and that if a few key reform areas were seriously and promptly addressed it would make a very big difference. They include:
•the removal of structural conflicts of interest in remuneration and product manufacture and distribution;
•the introduction of laws and powers enabling individual financial-sector managers and executives to be held accountable more readily for conduct and consumer protection failures;
•increasing the powers, penalties and resources available to regulators, which would in turn have a positive impact on regulator culture and facilitate more impactful enforcement;
•meaningful and sustained government support for organisations that represent and assist consumers, such as financial counsellors, consumer legal centres and even new advice services.
Kell also believes whistleblowers need greater protection and support, and that there needs to be an increase in public reporting on bank ‘outcomes’ or ‘performance’ that impacts consumers, for example public cross-industry comparative data on the numbers and causes of complaints, disciplinary and enforcement actions, or insurance claims outcomes. The big question for Kell is whether governments have the will and capacity to get these reforms over the line. ‘When it comes to consumer protection,’ he pointed out, ‘the history of finance sector reform is not a happy one. Industry lobbying has too often won out over consumer interests. The response to this lobbying in the future will determine whether we do see meaningful change.’
*
The chairman of APRA, Wayne Byres, was visibly uncomfortable when he entered the witness box later in the hearings. His half-hearted smile and awkwardness were a dead giveaway for those who knew him well. Ahead of his appearance, the Morrison government had decided to renew Byres’ term as chairman of APRA for another five years, which at least gave him some confidence that his appearance wouldn’t cost him his job.
Until the royal commission, most of the criticism of poor regulation had been aimed at ASIC, while APRA had been given a relatively easy time. And unlike ASIC, APRA had never been subject to a capability review into its structure and performance. But during the various royal commission hearings, the failure of APRA to hold institutions to account had been revealed time and time again. In particular, while overseeing Australia’s $2.7 trillion superannuation system, APRA had allowed companies to operate with little transparency and accountability, to the detriment of the retirement savings of millions of Australians.
Now APRA would be placed under the spotlight. Byres would be taken through various scandals and how APRA had reacted to them. For example, APRA had allowed CBA to get away with scandal after scandal for years before finally bowing to pressure to conduct its prudential inquiry into the bank in August 2017. The final report, released on 1 May 2018 and discussed during round seven of the commission, had been damning of CBA’s culture, compliance, systems, management and board, showing that CBA had made at least 15,000 criminal breaches in relation to not moving some customers to MySuper products.1 Yet APRA had failed to take any action or impose any fines.
In his interim report, Hayne noted that banks have a special position in the economy and that it is APRA’s job to regulate the banks to ensure the proper functioning of the banking system and to avoid failure of individual entities. ‘If competitive pressures are absent, if there is little or no threat of enterprise failure, and if banks can and do mitigate the consequences of customers failing to meet obligations, only the regulator can mark and enforce those bounds,’ he said. ‘But neither ASIC nor APRA has done that in a way that has prevented the conduct described in this report.’
As the prudential regulator, APRA’s key focus is governance and risk culture. The legislation that governs APRA says the regulator must promote financial system stability in performing its duties. Or, as Hayne put it, ‘APRA is obliged to look at issues of governance and risk culture through the lens of financial system stability.’
Where APRA had failed was in not paying enough attention to governance and risk culture, fearing it would upset the stability of the financial system. This ‘hear no evil, see no evil’ type of regulation allowed insurers to behave badly, banks to run rampant with irresponsible lending, and super funds to operate in the dark. Remuneration was another issue that concerned APRA, and Michael Hodge used dealings with CBA to illustrate its shortcomings. The rules for remuneration are set out in APRA’s Prudential Standard CPS 510 Governance, which covers a number of issues including that performance-linked remuneration, including targets and bonuses, don’t undermine the long-term financial soundness of the institution. Referring to APRA’s notes of a meeting with the CBA board in December 2016, which Byres had attended, Hodge commented, ‘There doesn’t seem to have been a discussion or an issue raised as to what exactly had happened with CBA’s 2016 executive remuneration.’
Byres nodded sheepishly. By August 2016 CBA had been drowning in scandals – which APRA had been aware of – and CBA’s operational risk management framework was not identifying, escalating or addressing significant operational risks. Despite this, Ian Narev had been granted a 108 per cent bonus on his short-term performance. Hodge wanted to know why APRA hadn’t discussed CBA’s 2016 remuneration at the December meeting, given that it was required to do so under CPS 510. Byres said the discussion had been dominated by the results of a historic shareholder protest vote against the remuneration package at the AGM and how the bank planned to respond.
Hodge turned to a report prepared by an internal staffer at APRA which said, ‘APRA could and should have called out inadequate remuneration practices earlier (at least by late 2016).’ The point was that remuneration was in APRA’s remit and CBA was battling scandals, but APRA had failed to challenge the bank. It hadn’t even worked out what constituted a desirable remuneration framework, which was an alarming revelation.
Hodge asked Byres if APRA had ever taken action against a financial institution for not complying with the remuneration rules under Prudential Standard CPS 510. Byres responded with another sheepish no, but said that in 2019 APRA would release a new model for executive rem
uneration and rewrite its prudential standards.
Hodge then quoted an internal APRA board paper dated 19 June 2018, which had been prepared in response to the APRA-commissioned report into CBA. He drew attention to the heading ‘Supervision Mongrel’, the name for a new attitude – ‘to get tough’ – that APRA wanted to promote, which entailed, among other things, ‘stronger support of supervisory gut feel, together with strengthened supervisor tenacity’.
As the paper noted, ‘Senior leadership in APRA would need to set the tone on how this supervision mongrel would operate in practice.’ People who knew Byres were sceptical he could ‘ratchet up the mongrel’ at APRA. He was perceived as a nice person whose natural disposition was not to offend people. Academic Pat McConnell wrote, ‘It is hard to believe that after many years of being rolled over and tickled on the tummy by the banks, APRA will turn from a sycophantic shiatzu to a regulatory rottweiler any time soon.’2
The next interchange epitomised the problem of a light-touch, trusting and forgiving regulator. Hodge asked Byres, ‘Do you have any view as to what the extent of the problem tells you about the adequacy of APRA’s supervision?’
Byres responded, ‘It says that there are limits to supervision . . . We don’t audit accounts. To some extent, we are dependent on institutions bringing issues to our attention when we’re talking about those sorts of matters of detail.’ The best Byres would concede was that APRA didn’t go deep enough on some of the issues: ‘My general lesson . . . is [APRA has] to think more about how do we get deeper, potentially doing more transaction testing or other things, or asking other people to do it on our behalf [to] help us more readily identify these issues earlier.’
In other words, APRA still hadn’t figured out what to do.
It was a sad indictment of the regulator. Its cosy, behind-closed-doors supervision hadn’t worked. If Byres had hoped to instil confidence that APRA was doing a good job, he’d failed dismally.
Banking Bad Page 29