Banks in Australia must prepare to navigate an increasingly challenging landscape as non-financial risks come in for more scrutiny.

Introduction

Following publication of the Hayne Royal Commission report on financial services misconduct, ahead of implementation of the Banking Code of Practice and ongoing implementation of the domestic banking executive accountability regime (BEAR), and as moves to address climate risk gain momentum, Australian banks have a window of opportunity to get their houses in order and to demonstrate this to regulators – or face potentially harsh penalties.

Royal Commission signals sea change

When Commissioner Kenneth Hayne published in February 2019 the final report of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, he flagged governance, culture and remuneration as specific weak spots for the sector. With regards to governance, he criticised a range of failures that included Australian banks placing a higher priority on financial risks than on non-financial risks related to operations, compliance, conduct and regulations.

While Hayne laid out six "very simple" conduct norms that he said should form the foundation for a healthy culture at any financial services provider – obey the law, do not mislead or deceive, be fair, provide services that are fit for purpose, deliver services with reasonable care and skill, and when acting for others do so in their best interests – he recommended that banks should constantly assess their culture as well as their internal governance systems. Managing culture, he said, is not a one-off event but a continuous effort that has to be integrated into day-to-day business operations.

Although it will take time for the regulatory and legislative response to the Hayne report to take full shape, the Australian government has confirmed it will take action on all his recommendations. His findings should have a major impact on the way financial services providers operate and how they will be supervised especially in their attitude to the management of non-financial risk, according to Phil Charlton, Senior Advisor for Norton Rose Fulbright Australia's Risk Advisory business.

For starters, Hayne's charge that the primary responsibility for any misconduct by financial services providers lies with the entities concerned as well as the boards and senior management that control them could soon be better policed, with the ongoing introduction of BEAR across the banking sector. Closely modelled on the UK's Senior Manager and Certification Regime, BEAR will require banks to register senior staff with regulators, clearly prescribe their responsibilities, on top of imposing accountability obligations on senior officers. The aim is to make accountability real and effective for senior executives within banks.

Regulators too are toughening up following Hayne's report, which directed some stinging criticism at the Australian Securities and Investment Commission (ASIC), labelling its enforcement culture ineffective and calling on it to use its teeth. ASIC has taken the recommendations on board with a new litigation campaign and beefed up penalty powers.

"Banks and financial services entities are entering a much more challenging environment, with the intensity of supervision and enforcement rising significantly," says Charlton. "They've got to think about compliance, they've got to think about non-financial risk and they've got to demonstrate to regulators that they're taking effective steps, or face sanctions. Added to that, Hayne calls for a constant assessment of culture and governance. This is a task that is ongoing.

Banks' new guiding principles

Signatories to a new Banking Code of Practice, meanwhile, had until 1 July 2019 to meet all its requirements.

The legally enforceable code focuses on retail banking and is framed around 16 principles that guide how banks, their staff and their representatives deal with individual and business customers and their guarantors. Banks need to demonstrate that they have embedded the principles – which are based on trust, confidence, integrity, service, transparency and accountability (chiming with the Hayne recommendations) – across their organisation and that they give them due consideration in all decision-making.

While the code is officially voluntary, the Australian Banking Association has for the first time ever made signing up to it a condition of membership. The vast majority of banks active in Australia therefore had just weeks to ensure their operations are code-compliant and that their internal structures reflect that – a process through which Norton Rose Fulbright is actively guiding a number of clients, says Charlton.

Climate risk: the next frontier

In addition to improving the management of more conventional non-financial risks, the prudential regulator, APRA, has recently called for integration of climate risk into the risk management frameworks of Australian banks. APRA has signalled that it expects to see banks moving from awareness to action in this space.

APRA emphasised that it would be imprudent for banks to ignore such risks because of uncertainty about the policy outlook on climate change. In what is fresh territory for many, banks will need to actively monitor how climate change impacts their own bottom lines and how investor alertness to climate risk will impact banks' disclosure approaches and resulting reporting requirements.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.