Royal Commissioner – the Australian regulatory system is broken!

It’s like a Monty Python sketch – “This parrot is NOT dead – see, it’s still paying life insurance! Why would it do that if it was deceased? Who would be silly enough to sell a dead parrot life insurance?”

Justice Hayne, Commissioner of the Royal Commission (RC) into Misconduct in the Financial Industry in Australia, asked a similar question and in the commission’s Interim Report provides some to the point answers:

• greed – “the pursuit of short-term profit at the expense of basic standards of honesty”; and
• because they could – “when misconduct was revealed, it either went unpunished or the consequences did not meet the seriousness of what had been done”.

[Note An edited version of this article appeared in Australian Banking and Finance on 2nd October 2018.  Many thanks to editor Elizabeth Fry.]

In 1,000 dense pages, the commissioner and his team slammed the largest financial institutions in Australia, especially the Big Four banks, and also the two main financial regulators: the prudential regulator, the Australian Prudential Regulation Authority (APRA); and, with particular venom, the conduct regulator, the Australian Securities and Investments Commission (ASIC).

Regulatory Failures

Volume 2 of the Commission’s’ interim report documents a litany of case studies of bad behaviour, mainly by banks, some of which (after further scrutiny in future) might be considered breaches of the Corporations Act. The revelations of blatant misconduct are shocking but more shocking still is the failure of regulators to take appropriate action:

“When misconduct was revealed, it either went unpunished or the consequences did not meet the seriousness of what had been done. The conduct regulator, ASIC, rarely went to court to seek public denunciation of and punishment for misconduct. The prudential regulator, APRA, never went to court.”

The contempt in which the banks has held the regulators was well-documented in the report, with the banks

“preferring profit to pursuit of any other purpose; and treating regulatory compliance as a cost of doing business rather as a foundation that informs and underpins how the business must be conducted.”

The numbers tell the story, “over the 10 years to 1 June 2018, ASIC’s infringement notices to [all of] the major banks have amounted to less than $1.3 million” yet in just one year (2017) the Commonwealth Bank (CBA) declared a profit about 7,000 times greater, and “the total amount that CBA had paid out in remediation of customers was many hundreds of millions of dollars.”.  Obviously, legal compliance was an afterthought, because a breach of the law cost virtually nothing, whenever ASIC was the regulator.

On many occasions, the RC reported that banks broke the rules on lodging written breach reports with ASIC, as required by the Corporations Act. A report by ASIC (published after the RC began) reported that the major banks took an average time of 1,726 days (over 4.5 years), to report significant breaches and , for significant breaches that involved consumer financial  loss, the major banks “ took an average of 2,145 days [almost 6years] from the first instance of  the breach to make the first payment to affected  consumers”. Report late, remediate late, make profit on the money involved! And every major bank was doing the same.

Nor is ASIC the only regulator that is an easy touch. Earlier this year, in a first for APRA, the regulator outsourced its responsibilities for investigating CBA’s governance problems, to an expert independent panel.  The panel found grievous corporate governance failings, in relation to a money laundering scandal. Despite the fact that another regulator, AUSTRAC, had already fined CBA some $700 million, all that APRA required of CBA was to accepted an enforceable undertaking (EU) to “submit a remedial action plan” that would address the issues raised by the independent review. No promises to undertake remedial action, just to submit a plan to do so!

The interim report notes that APRA has taken no action with regard to other examples of possible governance failures in other banks, noting that

“…  other entities have engaged in conduct of the kinds that led APRA to conduct its inquiry into CBA. The conduct suggests that there has been insufficient attention given within those entities to regulatory and compliance risk. It suggests want of attention by those entities to reputational risk. Some of the conduct suggests want of proper governance in the entity”.

Lack of Competition

A recent report,  by the Australian Productivity Commission (PC), into competition in the financial services system echoed the commission’s conclusion that “competition within the banking industry is weak” and worse encourages the types of bad behaviour documented by the commission.  And, the banks get away with it.

“But there being little threat of failure of the enterprise, and there being little competitive pressure, pursuit of profit has trumped consideration of how the profit is made. The banks have gone to the edge of what is permitted, and too often beyond that limit, in pursuit of profit.”

The Regulatory System is Broken

Echoing the Productivity Commission, the interim report criticizes the lack of real competition in the Australian banking industry, which gives rise to the systemic misconduct documented in the forensic investigations undertaken by the commission’s staff

“The law sets the bounds of permissible behaviour. If competitive pressures are absent, if there is little or no threat of enterprise failure, and if banks can and do mitigate the consequences of customers failing to meet obligations, only the regulator can mark and enforce those bounds.”

Scathingly, the commissioner concluded that neither ASIC nor APRA had enforced the legal boundaries “in a way that has prevented the conduct described in this report”.

Nor are there any valid excuses for the regulators failing to act, since, as the commissioner points out, there are sufficient laws in place already to cover the misconduct that has been reported but there is a reluctance by regulators to implement the laws already in place.  The regulatory system has failed, in great part, because the regulators did not do the jobs they were tasked by parliament to do.

Since any attempt to fix the culture of misconduct across the financial system, must start with addressing the failures of regulators to act, then the regulatory regime must be repaired first.

Fixing the Regulatory System

The commissioner recognises that there are significant barriers to fixing the current Australian financial regulatory system, beyond the reluctance of regulators to take on the ‘big end of town’. Merely chucking money at the problem or tinkering at the edges will not work.  The commissioner notes that despite the fact that ASIC “may be seeking to alter its approach to enforcement, [he …] remains to be persuaded that it can and will make the necessary changes”. In other words, it is very difficult for an especially timid leopard to change its spots?

The first and toughest problem is confusion over ASIC’s remit which, as the corporate as well as the financial regulator, is almost impossibly wide. And the commission notes that ASIC keeps taking on more work, as new legislation is enacted. This increase in workload has been at the expense of ASIC’s vital enforcement work.

The commissioner points out that it is all very well providing advice on new legislation to the industry but that is pretty useless if not backed up with the real teeth of enforcement.  Too often, ASIC has sought a negotiated outcome, such as an Enforceable Undertaking (EU) and a nominal “community benefit payment [ … which is] unrelated to the profit derived by the entity from the contravening conduct”. That is a mere slap and the wrist with a promise to do better in future. The commissioner writes that is not enough and

“The regulator must do whatever can be done to ensure that breach of the law is not profitable”.

The Interim Report has not yet answered the very many questions that arise from the failures of the financial regulators to take action against flagrant misconduct but raises many important issues that need to be addressed before the regulatory system can be fixed. The key questions raised by the RC include:

• Is the law governing financial services entities and their conduct too complicated?
• Should there be annual reviews of the regulators’ performance against their mandates?
• ASIC: Is ASIC’s remit too large?
• Is the [ASIC] regulatory regime too complex? Should there be radical simplification of the regulatory regime?
• Should industry codes relating to the provision of financial services […] be recognised and applied by legislation?
• Are ASIC’s enforcement practices satisfactory? If not, how should they be changed?
• Should ASIC’s enforcement priorities change?
• APRA: Are APRA’s regulatory practices satisfactory? If not, how should they be changed?
• Are APRA’s enforcement practices satisfactory? If not, how should they be changed?
• Does the conduct identified and criticised in this report call for reconsideration of APRA’s prudential standards on governance?

However, these questions are based on the presumption that the current regulatory architecture (sometimes called the ‘Twin Peaks’ model), remains appropriate for regulating Australia’s financial system and if it does are the roles and responsibilities currently assigned to various regulators appropriate and, as important, effective.

Although its Terms of Reference refer to the fact that RC is not required to inquire into matters related to “macro-prudential policy and regulation”, it is obvious that questions of how macro prudential regulation should work, need to be addressed.  By whom the questions are answered is less important than ensuring that the issues are addressed openly and thoroughly.

The regulatory system is, as illustrated by the cases reported by the Commission, thoroughly broken and needs repair.  The system may be broken as a result of: the wrong regulatory architecture; or the ineffective implementation of an appropriate regulatory architecture; or the wrong people operating the regulatory architecture; or a combination of these problems.

It is obvious that such questions need to be addressed prior to fleshing out the details of fixing the problems.

For example, is Twin Peaks the most appropriate regulatory architecture for the future financial system in Australia?  Some overseas jurisdictions have adopted a Twin Peaks (TP) model, although most often with a different structure to that of Australia, e.g. the UK prudential regulator (PRA) remains part of the central bank, the Bank of England.  While TP may indeed be considered to be the preferred regulatory architecture for Australia, is the implementation flawed?  For example, is ASIC’s remit too wide to make it effective?

Answering such questions requires taking a different approach to that adopted by the RC to-date, which is forensic analysis of case studies, and requires the involvement of different legal and technical expertise.

The Royal Commission is tasked with producing its final report by February 2019, which, given the work needed to complete Round 7 of its deliberations (in November 2018) and its final report, leaves little time to discuss such a wide-ranging issue. An extension of time for the RC, or a follow-up independent inquiry, with terms of reference ideally set by the RC, is called for[1].

How, where and when these vital issues will be tackled, remain questions that the commissioner has not yet answered. But the questions must be answered before the systemic cultural problems evidenced in the RC, can be fixed.

 

 

[1] It should be noted that the author has elsewhere called for a Royal Commission into Banking Regulation, but as the current RC is identifying at least some of the major questions, an independent enquiry, rather than a Royal Commission, should be capable of addressing the more technical issues.