A message from CEO Matt Comyn

We have embraced APRA’s Prudential Inquiry report as a critical but fair assessment of the shortcomings in our governance, culture and accountability.

Our Remedial Action Plan outlines the steps our Board and senior leaders will take to respond to the Inquiry’s 35 recommendations – and to ensure we become a better, more customer-focused bank.

While work is well underway to strengthen governance, culture and accountability within the Commonwealth Bank, we recognise that it will take time to demonstrate real change.

We will continue to focus on delivering the plan and maintaining momentum to make CBA a simpler, better bank for our customers, and we will be transparent about the progress we’re making.

You can read about it here. We will report on our progress twice a year. Our next update will be in August 2019. 

 Matt Comyn

A roadmap for change

In May 2018, APRA’s Prudential Inquiry released a report outlining shortcomings in governance, culture and accountability at the Commonwealth Bank (CBA). The report was constructive and fair and we accepted all of the 35 recommendations. We are addressing every recommendation in full.

APRA endorsed CBA’s comprehensive Remedial Action Plan in June last year. The plan outlines the actions we are taking to improve risk management capability and deliver better outcomes for our customers. The plan incorporates the CBA Board’s and senior executives’ reflections on the report’s findings.

There is a lot of work ahead of us and while we have actions underway, we are realistic that the cultural change necessary will take sustained focus over a number of years. Our approach has measureable goals, clear responsibilities, executive accountability and ongoing review to make sure we stay on track.

Implementing the plan will support us to become a simpler, better bank for our customers. 

Changes we’re making

The plan explains in detail the changes we’ll make to how we run our business, manage risk and work with regulators, including:

  • Strengthening governance and oversight
  • Achieving better customer and risk outcomes
  • Building a more accountable, customer-focused and transparent culture
  • Taking a proactive approach to risk
  • Improving execution and delivering our plan. 

Our plan has nine priority areas that address each of APRA’s recommendations. This provides a roadmap to improve management of non-financial risk and will lift the ‘voice of risk’ and the ‘voice of customer’ in our decisions. We will be transparent in tracking our progress.

Strengthening governance and oversight

APRA’s report recognises that we have made changes in a number of areas, however, there is much more for us to do. 

The Board has set clearer expectations of management, and has increased its oversight and scrutiny of the risks facing the bank. It has become more visible and is challenging executives more than ever to understand and manage the risks in their business. 

An Executive Leadership Team (ELT) Non-Financial Risk Committee has been set up and held its first meeting in June 2018. Similar forums have been established in each business and support unit, with Group Executives accountable for the key risks and the controls in place to manage them.

The plan explains how we’ll clarify accountability for managing risk by implementing the three lines of accountability model consistently across each Business and Support Unit. Starting with each member of the ELT, leaders will be accountable for identifying, owning, understanding and managing risks in their business.

Achieving better customer and risk outcomes

Using a consistent risk management framework leaders are expected to role model good risk management and will receive the support and skills they need to do this successfully. To improve consistency and quality, we’ll give our people the training and support necessary to manage non-financial risk.

Our compliance and operational risk functions will provide stronger constructive challenge to managers on their risk management practices and controls.

We’ll ensure we do the right thing by our customers by instilling a ‘should we’ check into our decisions.  

Building an accountable, customer-focused and transparent culture

The APRA report is clear - our culture needs to change to be less complacent and reactive, more accountable and more open to challenge. Leaders will be expected to understand customers better and to listen to them. They’ll need to have a genuine appetite to learn and to improve how they are performing.

Leaders will also need to show that they reflect carefully on what they are doing, instead of just managing the day to day, and constructively challenge their colleagues instead of going along with the status quo. They’ll also need to demonstrate a crystal-clear understanding of what they’re accountable for.

The plan outlines how we’ll create a culture where each of us owns our actions. We’ll change performance review and remuneration policies and practices to ensure greater accountability for risk and customer outcomes, with rewards and real consequences. 

Taking a proactive approach to risk

In the plan we’ve outlined how we will allocate and prioritise funding to ensure we identify issues early and resolve them effectively. This includes making technology and systems investments to improve our risk management capabilities.

Improving our systems and procedures for reporting and resolving customer complaints is a priority. We’ll understand root causes of problems and learn from them so that we don’t make the same mistakes again. We’ll fix issues quickly and thoroughly. 

Improving execution and delivering the plan

The work has already begun, yet we know we have a lot of work ahead of us. We will make these changes consistently and sustainably, and have set up the Better Risk Outcomes Program. A small central team will provide standards, processes, coordination and challenge to leaders as they deliver the plan in their businesses.

Individual executives are accountable for implementing our plan, ensuring the changes are instilled into ways of working and achieve the improvements expected of us. Leaders will face consequences if they fail to deliver. 

Tracking progress: continued transparency with our stakeholders

We will continue to engage openly as we implement our plan.

The plan provides a comprehensive assurance framework. Promontory Australasia (Sydney) Pty Ltd has been appointed as independent reviewer and will provide quarterly progress updates to APRA.

We know that we will not be judged by the plan or by completing milestones, but to the extent that we improve customer and risk outcomes. We’ll know we’ve succeeded when we’ve built a culture focused on getting things done, that looks outwards for better ways of doing things, and always does the right thing with actions that improve the financial wellbeing of our customers and communities. This includes our leaders having a deep sense of accountability, demonstrating better risk and customer outcomes and holding themselves, their teams and each other accountable. We will do the hard work to earn trust every single day.

Prudential Inquiry report

APRA released the report from its Prudential Inquiry into the bank’s governance, culture and accountability in May 2018. Read APRA’s Prudential Inquiry report in full.

Promontory progress reports

Promontory Australasia was appointed as the independent reviewer to regularly review the implementation of our Remedial Action Plan. Promontory looks specifically at the milestones we have made a commitment to APRA that we will achieve.

We released Promontory’s first report on our progress in October 2018. You can find the full report here.

Promontory’s second report on our progress was released in February 2019. You can find the full report here.