“It was more than just a Coding Error” – CBA and Conduct Risk Management

It has been an extraordinary month for CBA.  One which the other banks, and the market, watched unravel with bated breath. Let’s take a moment to recap.


CBA’s initial response to AUSTRAC’s civil proceedings that the alleged misconduct was a “coding error” was misguided, potentially misleading and demonstrated a serious misread of consumer and regulatory sentiment. 

For the past couple of years, CBA, along with its peers, have repeatedly responded to criticism of poor conduct enforcement action with relative indifference and, after serious arm bending, an occasional apology. In the world of Australian banking, another day another dollar.

After a string of poor conduct (CBA Financial Planners, CommInsure etc) CBA has no credit in the bank (pun intended).  So, when the news broke of AUSTRAC’s enforcement action and the CBA responded with an explanation of a “coding error”, the Australian community balked. 

In summary, AUSTRAC alleged that since 2015 CBA has been aware that it had breached the mandatory AML/CTF reporting obligations not once, not twice but on 53,000 occasions spanning a three year period between 2012-2015. By most people’s reckoning, that is systemic.

Conduct Risk

Culture is a key driver influencing conduct. Conduct is often heavily influenced by performance incentives, and the likelihood and impact of consequences if something goes wrong.

Whilst much recent focus has been on the banking industry, Australian and global regulators are increasing their oversight and security of the Asset Management industry. Conduct risk is at the heart of ASIC’s focus. At a recent speech, Greg Medcraft said "Conduct risk is the risk of inappropriate, unethical or unlawful behaviour on the part of an organisation’s management or employees. That conduct can be caused by deliberate actions or may be inadvertent, because of inadequacies in an organisation’s practices, frameworks or education programs.”

From an AFSL perspective, conduct risk is encapsulated by a licensees’ general obligation to provide financial services in a manner that is efficient, honest and fair, whilst maintaining adequate risk management systems. Last year, in its Corporate Plan, ASIC set out what it considered good conduct to look like for each sector that it regulates.

In recent months ASIC has undertaken a survey on conduct risk, however, the results have yet to be published. ASIC has informed the market that its focus in relation to conduct risk will canvass the following areas:

  • reward and incentive structures, including promotions;
  • recruitment and training policies;
  • whistleblower policies;
  • conflicts of interest and how they are managed;
  • the nature and level of complaints within firms and complaints handling procedures;
  • remediation policies and procedures (how are customers treated when things go wrong?); and
  • corporate governance frameworks to support a customer-centric culture.

Managing Conduct Risk

Managing conduct risk should be a key priority for any AFSL holder. You should be examining your business and the financial services provided against each of the points noted above. You may also consider the following questions:

  • Has introducing a new system or process affected your governance and reporting arrangements, or the effectiveness of your supervisory arrangements?
  • Have new systems, processes or products created new or different conduct incentives and, if so, what kind of incentives?
  • Will any changes in governance and incentives create new issues and/or risks to monitor?
  • Are your products, services and delivery channel not only legal but the right things for the customer and/or the market?
  • From the perspective of both staff and supervisors, are people encouraged to do the right thing and call out the wrong kind of behaviour?

How CompliSpace can help 

CompliSpace AFSL Workshop: Sydney & Melbourne

Australian Financial Services Licence holders are inundated with a raft of corporate governance obligations and an ever-growing compliance burden, which can easily distract focus away from core business activities.

CompliSpace is running Practical AFSL Workshops for Responsible Managers and Compliance Professional on Friday 15 September in Sydney and Friday 22 September in Melbourne.

If you are an AFS license holder, you must ensure that your responsible managers and representatives receive ongoing training. Our interactive, “on-the-go” workshops are designed to keep you up-to-date with the latest industry changes, real life case studies and exercises and fast-track the practical development of new knowledge and skills.

 Training is delivered in an interactive workshop environment providing attendees with:

  • a simple framework for understanding your core AFSL obligations;
  • practical guidance on current regulatory issues and trends including conduct risk; and
  • CPD points for attendees.

 Refer to our website for more information and to register. 


Financial Services Updates

Financial Services Updates