Ongoing issues regarding NAB’s compliance with anti-money-laundering and counter-terrorism finance (AML/CTF) laws were also exposed by the leaked documents. In March 2018 NAB had uncovered and reported a fresh breach of AML/CTF laws after finding a ‘subset of customers’ in its financial planning businesses – Antares Capital Partners and MLC Investments – had not been screened or risk rated. It said it had so far identified one thousand impacted customers and remedial actions were still under discussion. I found that astonishing in light of CBA’s AUSTRAC scandal and statements NAB had previously made about AUSTRAC. A few months after the CBA scandal erupted in August 2017, a senior executive at NAB had told the media, ‘The main point is that we are very confident we’ve got the monitoring, the oversight, the supervision we need. All our dealings with AUSTRAC are professional and open and transparent, and we’re meeting all our obligations.’1
A separate internal document prepared in April 2018 revealed that NAB had breached its AML/CTF ‘know your customer’ obligations, which require banks to collect and verify certain information about their customers’ identities to deter terrorists and criminals. The breaches dated back as far as 2016, and the bank still hadn’t fixed them. The document deemed NAB’s practices in this regard ‘ineffective’ in business and private banking, in consumer banking and in its wealth business.
There were also still problems in NAB Wealth’s risk and controls systems relating to the detection of financial advice breaches – problems that had been identified as far back as October 2014 – including forgery, fraud and misconduct among financial planners. ‘NAB had always cut close to the bone when it came to investing in systems and culling risk staff,’ the whistleblower said. ‘They’re obsessed with keeping as many full-time staff off the balance sheet as possible in order to keep the banking analysts happy and the share price buoyant at the expense of its risk profile and control posture. Exit stage left: full-time employees. Enter stage right: consultants.’
Keeping a lid on costs was at the heart of one of Andrew Thorburn’s signature strategies: in November 2017, six thousand jobs were cut – one in every five members of NAB’s workforce – to reduce costs by $1 billion, boost profits and replace staff with automated systems. Sadly, the impact of cost-cutting hadn’t featured prominently during the royal commission.
Ironically, the leaked documents showed that as Thorburn was publicly spruiking technology as the answer, the bank had serious issues in that area. As an example, a letter from APRA to Thorburn on 4 October 2017 summarised an IT risk review, outlining four broad areas of ‘fundamental weaknesses’: systems health, systems recovery, information security, and board and executive oversight.
In other words, just about everything.
*
Reading the many internal reports, it appeared that virtually no part of the bank was functioning properly. Even a core area like conduct risk was rated internally as ‘unsatisfactory’ – and poor conduct risk can result in regulatory fines, remediation costs, reputational damage and litigation costs. It became clear to me that many of these serious inefficiencies were the result not just of the negligence of senior executives but of the failure of the supposedly independent review processes NAB is obliged to set up, including regular financial audits conducted to show customers and shareholders that the company’s accounts are in order, and APRA-supervised reviews of risk management to ensure they have effective systems in place to monitor misconduct. And at the heart of it all was a disturbingly close relationship between the bank and its theoretically impartial auditors, Ernst & Young.
Conflicts of interest in the roles of external auditors was something that especially troubled the whistleblower. At the same time as they carry out audits, so-called independent consultants – including the big four global accounting firms, KPMG, Deloitte, Ernst & Young and PwC – are often pitching for high-fee-paying consulting and advisory services to the same financial institutions. The whistleblower felt this issue of conflicts hadn’t been properly investigated by the royal commission. It had emerged briefly when AMP’s senior management and board were shown to have directed law firm Clayton Utz to revise numerous drafts of a report to ASIC on its behalf, but the commission hadn’t dug any deeper to examine other organisations to find out if this was common practice. None of the major accounting firms had been called to give evidence at the royal commission, as they were not included in its terms of reference. That was despite the fact that the practice of combining auditing and consulting services was of widespread concern. Weeks before stepping down from his role in November 2017, ASIC’s chairman, Greg Medcraft, had warned that ‘declining audit quality was a sleeper’ issue in Australia and could lead to an Enron-style corporate collapse.2 In April 2019, similar concerns were raised by the UK Competition and Markets Authority, which recommended that the audit and consulting arms of the big four global accounting firms be split into separate operating units to reduce the influence of the consulting practices upon the smaller auditing divisions and avoid conflicts of interest.3
NAB’s latest annual report showed that it had paid Ernst & Young more than $21 million for audit and non-audit work in 2018, plus another $3.9 million for its work on non-consolidated trusts. It also revealed that Ernst & Young had been allowed to carry out NAB’s vital risk assessment review.
Every three years APRA requires all banks to organise a review of their risk management framework (RMF). The requirement is known as Prudential Standard CPS 220, and it states that the review must be conducted by ‘operationally independent, appropriately trained and competent’ people.4 In a letter to NAB pitching to win the job, Ernst & Young spruiked the fact that it had been the bank’s auditor for thirteen years and therefore had a deep understanding and knowledge of the company. While that should have rung alarm bells, APRA decided Ernst & Young was sufficiently independent.
Ernst & Young’s proposal for the review, sent to NAB in 2018, outlined the rules of engagement, including that both NAB and Ernst & Young would together identify or agree on key people to interview and discuss interim findings, and that Ernst & Young would prepare a draft report with recommendations and send it to NAB management for review. Ernst & Young also offered to provide proactive end-to-end stakeholder management and early communication of findings based on a ‘no surprises approach’.
Once NAB had reviewed the draft report, the letter said, Ernst & Young would ‘socialise with key management’. A revised report would then be presented (along with the draft report) to NAB’s board risk committee and/or the board audit committee. Finally, a working group of NAB and Ernst & Young staff would amend the document, which would then be presented to NAB’s group chief risk officer.
The proposal letter was co-signed by one of the executives who signed off NAB’s accounts after Ernst & Young had audited them. Another document listed the Ernst & Young staff assigned to work on the project; it included a partner who played a role in the external auditing of NAB’s accounts.
Even more intriguing and alarming were the documents generated during the review, notably the draft report prepared for APRA, collections of minutes containing comments from dozens of NAB executives and directors, including Andrew Thorburn, Ken Henry and Phil Chronican, and a log of confidential notes compiled by Ernst & Young. In particular, the contrast between the language of Ernst & Young’s draft report and that of its ‘telling it how it is’ confidential notes was stark and shocking.
Whereas the report to APRA was written in a neutral, passive style, laden with jargon which had the effect of downplaying some of the challenges NAB faced, the private observations were much more frank. For example, the draft report rated NAB’s RMF design as ‘adequate and appropriate’, assessed its application of the RMF as ‘partially effective’, concluded that overall NAB ‘largely’ met APRA’s regulatory requirements, and noted approvingly that ‘NAB has made significant improvements’. In contrast, the confidential notes stated that when issues were identified internally by NAB or raised
by the regulator there seemed ‘to be inadequate analysis [by NAB] of the root cause of these identified weaknesses’, despite the fact that proper analysis would have allowed NAB to put in ‘place a suitable long-term plan that would help close these issues’. Even more damningly, the notes concluded: ‘The bank focuses only on addressing the issues through Band-Aid fixes rather than investing in long-term solutions.’
Likewise, the draft report praised the introduction of ‘divisional-value chain-risk management committees’, which were set up to break down divisional silos, provide oversight of risk management and improve customer experience, saying, ‘The benefits and intents of these committees are clear, and we consider NAB more advanced than [its] peers in the design of these arrangements.’ But the Ernst & Young internal notes observed more pessimistically, ‘Feedback has been mixed around the effectiveness of these committees . . . the mapping causes some ambiguity in terms of tracing information through to its source and may risk some information being lost,’ and the committees ‘seem to be causing more confusion than clarity’.
Similarly illuminating were the minutes from the interviews with senior NAB officials. NAB’s general manager of consumer risk admitted that there were inconsistencies in the risk dashboards, or indicators, being produced by different divisions at NAB. In his interview, the chairman, Ken Henry, said he didn’t feel exposed around credit risk but said he did feel exposed around operational risk and compliance, but that was partly because financial institutions were going through an ‘unprecedented time’. Essentially, he was blaming the royal commission for making him feel that way.
Henry also confessed in his interview that he wasn’t sure if NAB was better or worse in relation to compliance than when he joined the board. He acknowledged too that NAB was selling products that it would ‘need to remediate in the future’ and gave the example of self-managed super funds that borrowed to invest in managed funds. On risk appetite, he questioned the usefulness of risk limits, saying ‘the value is really in the discussion rather than the limits themselves’. The minutes also included a statement from Henry that ‘some odd appetites have been given to the board’, including an appetite for some level of non-compliance, which he saw as nonsensical. ‘When [is it] sometimes okay [to] break the law?’ he asked. These were extraordinary statements from the chairman of a big four bank.
In his comments to the consultants, Phil Chronican, a NAB director and chairman of the board’s risk committee, expressed concerns about the long delays in addressing the bank’s red and amber compliance ratings. He was also frustrated that the money-laundering issues had been allowed to ‘get to that point’ and that the initial remediation had been insufficient. ‘Had they embarked on more comprehensive plans two to three years ago, they would not have spent as much today,’ he said. Clearly he understood the depth of NAB’s problems.
When I read the interview the consultant had conducted with Andrew Thorburn in June 2018, I didn’t know whether to laugh or cry. Thorburn’s main concern was ‘around risk culture and the bank becoming too risk averse’ and [he] saw this as the biggest emerging risk the bank faced going forward. He also saw ‘reputation risk as a major emerging risk’. When asked how he would like to see NAB’s risk governance structure develop over the next three years, he said he thought the only improvement the various risk committees could make was to set aside more time for reflection. At every fourth committee meeting, he suggested, committee members could allocate one hour, without paperwork, just to ‘sit on the couch and think through which risks they had not considered yet’.
Given what we had learned at the royal commission and the sanctimonius promises we’d heard from NAB executives in recent months, these revelations were truly staggering. Clearly the royal commission had left regulators and politicians with a lot of work to do in terms of highlighting negligence and, especially, ongoing conflicts of interest in the banking sector. As the whistleblower told me despairingly, ‘The royal commission gave the banks’ auditors and consultants a free pass. It was a shortcoming that needs to be addressed. They are the random variable in the equation. Politicians need to shed further light into their opaque world to improve certainty and confidence. If not, little will change.’
Chapter 29
A waiting game
Sweating on the verdict
THE SUMMER OF 2018–19 was heavy with portent for executives and boards of financial institutions. After a long and turbulent year of royal commission scrutiny, the bank chiefs and chairpersons, still bruised by the misconduct revelations, planned their annual Christmas holidays. For most, the break would be overshadowed by the impending release of the final report of the royal commission on 1 February 2019.
As well as the bank CEOs having copped flak in the final round of the royal commission, three of the big four banks – ANZ, Westpac and NAB – had taken a walloping from shareholders at their annual general meetings in December. (CBA’s AGM had been held in September.) NAB’s chief executive, Andrew Thorburn, was battling the scandal surrounding his former chief of staff, Rosemary Rogers, as well as allegations that he’d taken a luxury holiday to the exclusive Fiji island resort of Laucala that had been arranged through and partly paid for by the Human Group and Rogers, and received gifts from them. But instead of staying around to deal with this latest scandal, Thorburn told the NAB board he needed a break and would return to work for Hayne’s final report, before taking another break until March 2019. It was an inexplicable decision that drew heavy criticism from everyone except NAB’s board of directors, who acquiesced.
What Thorburn and NAB’s chairman, Ken Henry, didn’t realise was that Henry’s disdainful attitude during the final round of hearings had profoundly angered the royal commissioner. Hayne set great store by the idea that the tone of an organisation is set at the top, and Henry’s and Thorburn’s performances during their testimonies had reminded him of the importance of this principle. Henry had received extensive feedback about his performance in front of Hayne and had been advised to apologise publicly, but he blithely ignored the warnings and went off on his break too.
With both men out of the media glare, Hayne was working out the most effective way to deal with Henry and Thorburn, particularly after reading a media report which quoted a leaked internal NAB email urging staff to flog more home loans before ‘the Xmas lull to fill our funnel’. The email went on to say, ‘The banker that can land 5 apps [applications] first this week with 1 refi app [refinance application] included in that will earn 2500 NAB recognise points.’1 Hayne was not impressed. He and his senior counsel assisting had spent the last twelve months hammering home the message that this type of bank conduct was unacceptable. It must have seemed to him that NAB and its leadership team were either slow learners or simply unwilling to change.
*
Unlike Thorburn and Henry, senior executives at ASIC didn’t want to leave anything to chance before Hayne released his final report. Aware that ASIC needed to be tougher, ASIC’s deputy chairman, Daniel Crennan QC – who had joined the regulator in June 2018 – decided to be proactive.
The son of former High Court judge Susan Crennan, Daniel Crennan had accepted his role at ASIC with the aim of making it a feared and respected regulator. He had got to know Hayne during his previous life as a barrister, and wanted to demonstrate to him that concrete changes were taking place at ASIC. So, after a series of discussions with ASIC’s chair, James Shipton, he decided to show Hayne a copy of a report on an internal ASIC review he had led into the regulator’s enforcement processes.
Crennan met Hayne on 21 December and handed him a 120-page draft containing a set of recommendations and a hefty appendix with links and references. He also briefed him directly on the report’s key recommendations including the creation of a separate new ‘Office of Enforcement’ inside ASIC to investigate contraventions and take enforcement actions against them.
In fact, Hayne had already been made aware that ASIC was in the process of transforming. Alongside Cr
ennan, Karen Chester had been appointed ASIC’s second deputy chair. A former Treasury economist and more recently deputy chair of the Productivity Commission, Chester had co-authored the capability review into ASIC in 2015, which had been scathing of the regulator and provided a set of recommendations, many of which had been effectively ignored by ASIC’s former chairman, Greg Medcraft. Chester was a force to be reckoned with. She had become well known to the commission after conducting a series of briefings to royal commission staff, including one to Michael Hodge in relation to superannuation, trustees and potential conflicts of interest. Chester was seen as an expert on superannuation, having written a groundbreaking report into the performance of superannuation in May 2018 while she was still at the Productivity Commission. That report had exposed deep flaws, including poor governance, conflicts and underperformance.
While ASIC had been heeding lessons since the final round of hearings, a number of economists from Treasury were pushing the view in submissions and briefings to the royal commission that any radical changes to vertical integration, small-business lending or responsible lending laws would have unintended consequences and could trigger a credit crunch that would have devastating effects on the country. The banks had already put a brake on lending and it was starting to hurt. On the eve of the final report, Prime Minister Scott Morrison echoed these views in an interview with The Age and the Sydney Morning Herald, saying, ‘It will be a question of what suggestions or measures [the royal commission puts] on the table but I will be very mindful that I want to see the oil that lubricates our financial system – which is access to credit – continues to flow, otherwise the consequences would be quite significant. Any major reduction in lending would hurt the economy and damage small businesses.’2
Banking Bad Page 32