With other regulators around the region also focusing on improving conduct and reforming culture, EY professionals consider what lessons Asia’s financial services executives can learn from what’s happening in Australia.

Doug Nixon 192By Doug Nixon, Financial Services Advisory, EY Oceania

The year 2019 marks 11 years since the global financial crisis erupted. The subsequent reforms reshaped much of the financial services industry but did little to dissuade the growing public malaise towards the sector. If Australia’s Financial Services Royal Commission into misconduct was born from this sentiment, the Royal Commission’s final report should be regarded as the prevailing winds for institutions across the region.

The Royal Commission’s final report centers around six underlying principles: obey the law; do not mislead or deceive; act fairly; provide services that are fit for purpose; deliver services with reasonable care and skill; and, when acting for another, act in their best interests.

The report did not espouse a new wave of regulation, rather provided recommendations to ensure Australian institutions to adhere to the existing laws and requirements – and instructing Australian regulators to intensify oversight of industry practices. In this environment, local financial institutions are discovering that many traditional practices will have to change.

Drive Behavior Through Culture – Not Rules

In the past, financial services organizations have relied heavily on rules and systems to influence employee behavior, in many cases, these systems did not have adequate measures to calibrate for unacceptable behaviors (e.g., the wayward rainmaker) or poor risk outcomes.

The Australian experience demonstrates clearly that the recognition and reward systems driving behavior need to be married with a strong, ethical culture and aligned to purpose, with boards and senior management setting the tone from the top.

This means institutions need to demonstrate consequence management for poor behaviors, improve senior accountability, and develop tools and systems to monitor and assess organizational culture – and make them available to the most senior stakeholders in the group. Directors and executives without a good grasp of the organization’s culture will be poorly placed in this new environment.

Use Internal Audit & Customer Complaints to Gauge Culture

Given its independence and access, the internal audit will be vital to giving boardroom assurance that good conduct is actually being translated into everyday behaviors – and to identify where it is not. Some institutions will choose to incorporate culture into internal audit investigations simply by adding standardized questioning to each meeting. A dozen simple questions, such as «Is it safe to speak up?», «Are you able to escalate cultural issues?», «Do you believe action has been taken to address your concerns?» and «Do you think good behaviors are rewarded?», while seemingly benign in concept, can provide a rich trove of information in aggregate when assessed across thousands of employees.

Likewise, institutions should be making meaningful investments to better analyze customer complaints, such as using analytics to assess tail risk across individual cases. The Royal Commission has shown that, while aggregate volumes may present a positive trend, the media headlines can originate from outlier cases.

Strengthen Approach to Non-Financial Risk Management

One of the Royal Commission’s major findings was that, all too often, boards did not get the right information about emerging non-financial risks: conduct risk, regulatory risk, operational risk, and reputational risk.

To build this capability, the region’s institutions will need to continue to enhance non-financial risk management frameworks, develop new techniques to model and prepare for operational risk events, and make significant advancements in measurement and reporting. Institutions around the globe are finding this particularly vexing. Developing systems that provide the business, not just risk management, with real-time, meaningful insight into non-financial risks is in the strategy of many financial institutions.

Improving Compliance Management

We consistently hear of compliance functions that are unable to identify the full suite of products, locations, licenses and, ultimately, compliance obligations that an institute is subject to. For those obligations that have been identified, can they:

  • Identify who is accountable for each obligation
  • Identify the controls in place to ensure that obligations are met
  • Report on deficiencies in the control environment
  • Demonstrate meaningful progress in remediation of those deficiencies

In Australia, financial institutions are finding that to achieve these objectives, compliance functions require a fundamental rethink. Do we have the right level of support? Is our existing toolset enabling us to effectively manage compliance obligations and risk? Are we able to quickly identify our collective compliance position and identify where we are exposed? We are seeing increasing levels of resources committed to solving these issues.

Get Ahead of the Curve

The region’s financial institutions are well advised to consider these issues now. By adapting early and in their own time, rather than having change imposed to a regulator’s timetable, the transition will be far less painful than the enforced transformations currently being rushed through down under.

The views reflected in this article are the views of the author and do not necessarily reflect the views of the global EY organization or its member firms.