The Financial Services Royal Commission interim report was published on 28 September.

The 3 volume interim report contains the Commissioner’s findings in respect of the first four rounds of hearing held in Melbourne, Brisbane and Darwin between March and July 2018 which covered:

• Consumer lending;
• Financial advice to retail customers;
• Loans to small and medium enterprises; and
• Experiences with financial services entities in regional and remote communities.

Those first four rounds of hearings also looked at issues arising from the use of intermediaries between borrowers and lenders, responsible lending, and regulation and the regulators.

Additional topics, including superannuation and insurance, considered in hearings held in August and September 2018, will be covered in the final report due by 1 February 2019.

The interim report identifies the issues, the causes and the responses to requests for information.

It asks: Why did it happen? What can be done to avoid it happening again?

The Interim Report gathers together the questions that have come out of the Commission’s work so far.

The next and final round of hearings for the Royal Commission to be held in Sydney (19-23 November 2018) and Melbourne (26-30 November 2018) will consider these questions that must be dealt with in the Commission’s Final Report.

Too big to comply?

In respect of the responses to requests for information the Commissioner observes:

“CBA and NAB found it difficult to comply with the requests that I made. Each explained the difficulty by pointing to the need to assemble information from many separate sources. NAB said that, to make its response to the 15 December requests, it had examined ‘NAB’s significant litigation reports, reported Australian court judgments, NAB’s breach registers and underlying reports to ASIC, APRA and AUSTRAC, adverse FOS determinations relating to “systemic issues”, significant breaches of the Code of Banking Practice reported in NAB’s Annual Statements of Compliance, and reports to the Australian Information Commissioner’. NAB said that to provide details of misconduct that had occurred over the preceding five years it would have to look at, among other things, the Annual Compliance Statements it had made under the Code of Banking Practice (which recorded 1,914 breaches of the Code in the last five full financial years), 300 events reported as significant breaches to ASIC or APRA occurring during that period, 370 FOS determinations, 375 determinations by the Credit and Investments Ombudsman, 246 significant litigation matters and five different databases recording customer complaints.

Taken together, the course of events and the explanations proffered can lead only to the conclusion that neither CBA nor NAB could readily identify how, or to what extent, the entity as a whole was failing to comply with the law. And if that is right, neither the senior management nor the board of the entity could be given any single coherent picture of the nature or extent of failures of compliance; they could be given only a disjointed series of bits of information framed by reference to particular events. Information presented in that way points too easily towards explaining what has happened as ‘a small number of people choosing to behave unethically’ or as the product of ‘people, policies and processes that existed with a pocket of poor culture in that area at that time’.”

The Financial Services Royal Commission has revealed that the major banks still rely heavily on manual procedures and legacy systems which are continually patched (and occasionally break down).

Evidence frequently revealed banks’ failure to monitor and supervise their staff and representatives.

The Commission has asked a key question arising from the evidence heard this year:
“Should there be greater consequences for financial services entities that fail to design, maintain and resource their compliance systems in a way that ensures they are effective in:
• preventing breaches of financial services laws and other regulatory obligations; and
• ensuring that any breaches that do occur are remedied in a timely fashion?”

APRA Chair Wayne Byres recently said: “A ‘fit for the future’ bank … would have long ago built the systems and have high quality data readily to hand for its own purposes. As things stand, significant investment will be needed to meet the new obligations.”

In his evidence at the Commission CBA’s Chief Risk Officer conceded:
“ the state of our systems that recorded and aggregated instances of misconduct … were not particularly advanced. They were not particularly well connected. The difficulty that the bank experienced was that various incidents of misconduct were recorded on different systems in different business units, without necessarily being all encompassed in a single business unit.”

Is the problem the systems or the approach to management or both?

In “Team of Teams” (2015, Penguin) US General Stanley McChrystal discusses the changes he made to the Task Force in Iraq in 2004 to fight Al Qaeda.

He had to adapt a large, institutionalised, disciplined military machine (a “leviathan”) into a more effective team capable of improvising against a smaller, networked, adaptable group of terrorists.
He said the Army had good systems and was efficient but refers to Peter Drucker’s saying that “Efficiency is doing things right. Effectiveness is doing the right thing.”

In analysing the Army’s failings he says that it had an attachment to procedure instead of purpose and lacked co-operation across silos. In other words, “the larger an organisation gets, the harder it is for it to think and act as one”.

A commitment to compliance could mean both systems change and management change to ensure that the systems work across divisions to achieve an organisation-wide change.

We will know the Commissioner’s final recommendations soon.