One of the great questions levelled at the banking industry in recent years has been: How bad do things have to get before someone gets sacked?
Here’s another one: How big does a problem need to be before a director starts kicking and screaming?
This was the unspoken but underlying question that senior counsel assisting Rowena Orr, QC, was trying to answer as she probed Commonwealth Bank chairman Catherine Livingstone on Tuesday on how the bank’s board dealt with snowballing problems with breaches of anti-money laundering and counter-terrorism financing regulations.
It was in late 2016 when Livingstone – then still relatively new to the board, having been officially appointed in March 2016 – started asking management about a series of red flags that the bank’s audit processes had uncovered, and notices it had received from AUSTRAC.
This was a serious and long-standing issue. Indeed, the board’s risk subcommittee, on which Livingstone sat, was told in October 2016 of the problems.
“I have to say I was concerned about the fact of the notices and I’d had experience with AUSTRAC in a previous role,” she told Orr.
“It didn’t feel quite right to me that AUSTRAC would be comfortable with where we were, but management provided assurances.”
She named former chief financial officer David Craig as having provided the assurances.
But Orr questioned Livingstone over the level of urgency the board attached to this issue.
Did, for example, Livingstone ask for the 2014 audit report that showed the genesis of the AUSTRAC issues? No, she didn’t, and she couldn’t recall any other audit committee members doing it either.
Indeed, Orr referred to the minutes of the December audit committee 2016 meeting, which provided no reference to what was actually discussed about the AUSTRAC matters. Orr suggested this showed the board’s lack of urgency.
Livingstone conceded the board had failed to challenge management appropriately and had failed to properly assess non-financial risk.
This was further illustrated when Livingstone revealed that when she joined the board in 2016, the briefing pack she was provided with was “more a description of the organisation and how it runs” than a rundown of the big issues the board was dealing with.
Commissioner Ken Hayne asked the obvious question. Couldn’t “an organisation as large and as sophisticated” as CBA have managed to do both when it inducted a new director?
Livingstone was then taken to reporting to the board from divisions such as wealth and the retail bank, which current chief executive Matt Comyn previously ran.
There was plenty in their reports on customer satisfaction but precious little on customer complaints or problems.
“We focused far too much on customer satisfaction and good customer scores, and not on customer dissatisfaction,” Livingstone conceded.
The first few days have seen Orr and Hayne grow ever-so bewildered with the way CBA has been run at both an executive and board level. This is the biggest bank in the country, with seemingly infinite resources and a crucial place in the financial system and community.
And the picture provided by chief executive Matt Comyn and Livingstone makes the bank seem amateurish – and that’s the kindest reading.
Obvious risks were missed. Obvious questions weren’t raised. Information didn’t get to the right levels.
But in so many cases, problems were identified and red flags raised, only for them to be ignored or dismissed by directors and management.
How could this happen, in Hayne’s words, at “an organisation as large and as sophisticated” as CBA?
Livingstone says the board is functioning much more effectively, with much better flow of information, much more time spent on risk and particularly non-financial risk, and processes which ensure management are challenged and held to account.
“Clearly the degree of challenge at the board is significantly greater … we seek much more evidence of what has actually been done,” Livingstone told Orr.
Customer complaints are now also being brought to board level, as directors hunt for systemic issues in the bank. And Livingstone has personally helped redesign the risk-management system in the bank.
It’s all important stuff, albeit a bit nebulous. But it’s also a reminder to CBA’s stakeholders – customers, shareholders, regulators and the broader community – that there are no quick fixes.
This is an organisation that needs to be remodelled from the top down.