Australian regulator slams “immature and reactive” Westpac for persistent risk failures

Australia’s prudential regulator has threatened the country’s third-largest lender Westpac with court action if it does not address its “immature and reactive” risk culture and unclear accountability framework, days after ordering the bank to raise its cash reserves in light of a failure to meet prudential requirements.

The Australian Prudential Regulation Authority (APRA) entered into a court enforceable undertaking (CEU) with Westpac on 3 December, almost a year after it began a full-scale investigation into the bank over allegations it failed to properly investigate transactions related to possible money-laundering and child exploitation.

The regulator criticised the bank’s lack of progress in remediating weaknesses that include an “immature and reactive” risk culture, unclear accountability frameworks, capability shortfalls, and inadequate oversight.

APRA said Westpac’s customer outcomes and risk excellence (CORE) program was not “sufficiently far-reaching” to effectively address wide-ranging risk governance gaps and carries “high execution risk.”

APRA deputy chair John Lonsdale said that, as one of the country’s largest and most important financial institutions, Westpac “should be a leader in risk management.”

“Although the bank has made progress in some areas over the past year, it is not good enough,” he said. “We continue to observe new prudential issues arising while long-standing weaknesses persist, and we believe Westpac’s governance, culture and accountability frameworks and practices are still in need of a substantial uplift.”  

Lonsdale added that entering into a CEU “indicates the severity of the situation”.

The undertaking requires Westpac to develop an “integrated plan” within the next 90 days, incorporating all its major risk governance remediation programs and covering both financial and non-financial risks. The bank must then obtain independent assurance over the implementation of the plan with direct reporting to APRA, and assign accountabilities for the plan’s delivery to named executives and board members, incorporating outcomes into remuneration decisions.

The CEU also stipulates that an independent reviewer will be appointed to update APRA on the effectiveness of the plan each quarter, until the regulator agrees the necessary changes have been made.

Westpac’s chief executive officer Peter King said in a statement his top priority was to “ensure the bank’s risk culture and management of risk meet the high standards expected of us.”

King acknowledged he would need to deliver a “disciplined step change in our management of financial and non-financial risk”.

In its release, APRA said it decided to pursue a CEU after examining the findings of risk governance reviews conducted by Westpac and other third parties over the past year. Those included Westpac’s own reassessment in June this year, which highlighted that the change it had achieved in risk governance had only been “incremental” since its self-assessment two years prior.

The regulator also factored in the results of its own risk governance review into Westpac, which it began in December 2019 after Australian financial intelligence agency Austrac fined the bank A$1.3 billion (US$967 million) – the largest corporate fine in Australian history – to settle legal action over allegations it had failed to pass on information about potential money laundering, or carry out appropriate due diligence over transactions associated with possible child exploitation..

Austrac said Westpac had committed 23 million anti-money laundering law violations, in what remains Australia's largest ever anti-money laundering scandal to date.

Raising reserves

APRA released a statement on 1 December confirming it had taken an enforcement action against Westpac.  

The regulator found that Westpac had committed several instances of incorrect treatment of specific funding and loan products for the purposes of calculating its liquidity coverage ratio (LCR) and net stable funding ratio (NSFR).

APRA ordered comprehensive reviews by independent third parties of Westpac’s compliance with liquidity reporting requirements and the remediation of its control framework for liquidity risk management.

The regulator ordered Westpac to apply a 10% add-on to the net cash outflow component of its LCR calculation. It did not disclose any details of the penalty imposed.

The review is ongoing, and APRA says the capital add-on will remain in place until it is satisfied that deficiencies in risk governance have been adequately remedied.

APRA says that while the breaches have been rectified, and do not raise concerns about the “overall soundness” of Westpac’s current liquidity position, they demonstrate “weaknesses in risk management and oversight, risk control frameworks and risk culture.”

Lonsdale said he hopes the action “sends a message to the wider banking industry that breaches of prudential standards are not acceptable, and APRA will respond as appropriate, including by imposing penalties.”

Shortly after APRA opened its own investigation into Westpac in December 2019, the regulator ordered the bank to set aside an additional A$500m in capital in line with its “heightened operational risk profile.”

It is unclear what external counsel Westpac used for the CEU.


Get unlimited access to all Global Banking Regulation Review content