Given ongoing market volatility, organisations are moving to align their business strategy with their risk appetite statement. KPMG’s Risk Consulting group has recently researched or analysed how organisations are applying risk appetite from a management and board perspective. Our research found that a well articulated risk appetite statement can help resolve tensions in the business plan, communicate the board’s vision in practical terms, articulate acceptable risks and, importantly, quantify risks in terms of the type and level of risk that an organisation is prepared to accept in pursuit of value. Organisations found that expressing their risk objectives through a formal risk appetite statement changes the way they think about their businesses and assists them to develop more effective enterprise risk management models. They also uncover opportunities and weaknesses that might otherwise remain hidden.
Environmental issues, major trading partner weakness, a fiscal crisis and demographic changes are some of the key features of Australia’s current risk landscape, according to business, government and academic leaders who contributed to a new research paper released by ADC Forum in collaboration with KPMG. The document, The Australia Report 2011, should prove a valuable tool for long term strategy planning and risk profiling. It outlines the risks facing Australia over the next decade by their likelihood and potential economic impact while providing an insight into the interconnectedness of these risks and the opportunities they present. The key findings of the research are:
1. Environmental issues dominate with climate change the standout risk in terms of both likelihood and severity.
2. Major trading partner weakness is perceived as the most likely economic risk as Japan tries to pick itself up from the recent earthquake and tsunami, China’s growth slows and the US struggles with an uncertain economic outlook.
3. Asset price collapse is rated the most severe economic risk, reflecting concerns about overseas asset pricing and uncertainty about the outlook for Australian property, especially housing.
4. Demographic challenges are rated in the top five for both likelihood and severity.
Understanding specific fraud threats, their frequency and the potential losses continues to be a problem for most organisations. The average loss from fraud is increasing, according to KPMG’s latest Fraud Barometer. Detection times for some frauds has also increased.
Organisations need to have in place effective fraud risk management arrangements proportionate to their needs. A good reference point is the relevant Australian Standard (AS 8001:2008), which more organisations are using to review or benchmark their anti-fraud measures. A key element to this is robust fraud risk assessment. This should result in organisations not only having a good understanding of their real rather than perceived fraud risks, or threats, but also an insight into clear and practical actions they can take to deal with the problem. Increasingly key risk indicators and good quality data analysis form part of the response to ensure that any potential incidents are identified and responded to in a timely manner.
Organisations are taking a renewed interest in the application and implementation of governance, risk and compliance. Commonly called GRC, it is an integrated framework that unifies governance, risk, compliance and assurance functions to achieve a consistent and holistic vision across the organisation. It is important to remember that GRC is not just a technology, it is a way to rationalise risk management and controls, giving management the information it needs to improve business performance and achieve compliance.
The direct benefits of a well implemented GRC framework are enhanced management of risks, improved performance and reduced costs. Recent research demonstrates the value of GRC from a boardroom perspective through improved quality and timeliness of reporting. This has never been more important than with the current challenges being faced by companies resulting from increasing regulatory requirements in a number of industries e.g. financial services.
People are one of the biggest challenges faced in implementing a successful GRC program. It is therefore important to understand the culture of the organisation prior to rolling out a major transformation program to implement GRC.
Many financial services organisations have developed highly complex technology, data and process landscapes over the past decade. Recent market instability (GFC) and subsequent changes to the regulatory landscape have seen many financial institutions embark on large-scale technology implementation and upgrade projects, replacing ageing infrastructure and minimising technology and process fragmentation. Simplifying process, technology and data architectures now tops most cost management and operational optimisation agendas, making it a key enabler of competitive advantage.
On the banking side, the systems in question typically cover functionality related to risk management, asset and liability management, product distribution, data management, finance and valuation, settlement, confirmation and payments processing. The scale and complexity of such architecture rationalisation and the execution of projects requires harmonisation of process and technology change. Management of such initiatives demands robust upfront planning (target operating model review, target state technology, process and data architectures, delivery roadmaps and program interdependency management, etc). Competition for subject matter expertise, poor vendor relationships, high levels of demand for customisation, changing requirements and governance instability are only some examples of the challenges that most of our clients are facing.
The financial and non-financial benefits of efficiently executing such change are significant.
Recently the Federal Court handed down formal judgement against the six Centro non-executive directors in relation to their approval of the 2007 accounts. The decision by Justice Middleton has put all directors on notice that they need to undertake diligence to understand the key disclosures within their companies’ financial statements and annual reports. Greg Medcraft, ASIC Chairman, said in June that the outcome of this case makes clear directors’ responsibilities to apply their skills and knowledge to the financial statements of the company. The court found that the Centro directors fell short of the minimum standard of boardroom participation.’ The Centro decision reiterated that directors cannot delegate their responsibility to review and critique the financial statements to a third party, and they need to undertake a careful review of the report and ask appropriate questions to understand and gain confidence as to the completeness and accuracy of the disclosures made.
It is imperative for any firm that either operates in perceived high risk jurisdictions or could be exposed to the obligations of the various Anti-bribery legislations around the world, to ensure it possesses effective anti-bribery arrangements. The UK Bribery Act 2010, which came into force on 1 July 2011, is the most recent example of legislation that provides for tough penalties for both individuals and organisations subjected to this Act.
The Act and the subsequent guidance requires that firms possess adequate procedures covering due diligence on third parties operating on their behalf; that they are assessing the risks of bribery and corruption both with regard the jurisdiction they operate in and the types of operations they undertake; that have proper oversight; provide appropriate information to their people on acceptable and unacceptable practices and how they should report suspicions of relevant misconduct.
Many will be aware of some of the penalties that have been imposed and we note that in the last few years the top 10 fines all exceeded $70 million, the largest being $800 million. We have also seen an increasing number of prosecutions. Those who fail to take note of these events and lack effective arrangements that would withstand scrutiny by an enquiring third party are significantly increasing their risk.
In an effort to curb perceived tax abuses by US persons with offshore bank accounts and/or investments, the United States Congress has enacted the Foreign Account Tax Compliance Act (FATCA). This legislation is aimed at the identification and disclosure of US persons with offshore accounts. The fundamental premise of FATCA is that a ‘Foreign Financial Institution’ (FFI) will be subjected to a 30 percent rate of withholding on all withholdable payments unless the FFI enters into a legally binding agreement with the Internal Revenue Service (IRS) under which it agrees to identify US persons it is doing business with and to report certain information to the IRS. The effective date for the new regime is 1 January 2013.
On 25 July the IRS released revised Notice 2011-53, which provides a timeline for the implementation of information reporting and withholding provisions under FATCA. The notice also discusses other matters that will be covered in regulations to be issued by Treasury and the IRS.
Draft regulations are expected before 31 December 2011 with final regulations expected to be released in June 2012.
The pace of Basel III related announcements is now picking up with APRA having released its capital proposals in September and its liquidity proposals released mid November (see summary under ‘Liquidity Reforms’). APRA has said that authorised deposit taking institutions (ADIs) will be required to meet the revised minimum regulatory capital ratios (including deduction adjustments) in full from January 2013. It explained its decision of not adopting the permissible transition arrangements as reflecting the fact that ADIs in Australia were well placed to meet the new capital requirements.
This means that the future Australian definition of regulatory capital will be predominantly common equity capital (CET1), which is primarily shareholder funds with limited recognition of hybrid and Tier 2 capital. Consequently profit growth and its retention will be more significant to potential balance sheet growth than it has been in the past (in the absence of new share issues).
More recently APRA released a discussion paper on establishing prudential standards for superannuation funds. It is intended in part to overlap with a number of requirements already applicable to ADIs. There is a particular focus on governance (including independence and remuneration issues), risk appetite and operational risk.
Dodd Frank is the name of a US Act that will increase government oversight of trading in complex financial instruments such as derivatives that affect Australian banks operating overseas. US regulators are in the process of releasing regulations to support the legislative requirements of the Act.
For example, the whistle-blower provisions have now commenced, including the establishment of a whistleblower office in the Securities and Exchange Commission and the financial incentives for providing independent information as a whistleblower. The draft regulations for the ‘Volcker Rule’ have also been released, in particular the non-permissibility of conducting proprietary trading as part of the operations of a deposit guaranteed financial institution.
The rules for centralised clearing are still to be released, but may well be out by year end. The Australian regulators have issued a consultative paper on the issue of mandatory clearing in Australia, but final decisions on this matter will not occur until next year at the earliest.
The Clean Energy Future legislation is now a reality with the bills passed in the Senate. The legislative package is part of the Australian Government’s plan to transition Australia to a low carbon, clean energy economy through initiatives in four key areas – carbon pricing, renewable energy, energy efficiency and land management.
Central to the plan is the introduction of a carbon price mechanism (often referred to as the 'Carbon Tax') along with a significant package of complementary measures and assistance for business and households.
With a start date of 1 July 2012, an understanding of the mechanics of this major reform is important for all businesses.
In September, the Australian Government released details of the Stronger Super reforms. Stronger Super seeks to make the Australian superannuation system more transparent and efficient, and help to maximise retirement incomes. The objectives of the Stronger Super reforms are to:
- create a new simple, low cost default superannuation product called 'MySuper'
- make the processing of everyday transactions easier, cheaper and faster through the 'SuperStream' package of measures
- strengthen the governance, integrity and regulatory settings of the superannuation system, including self managed superannuation funds.
There have been several amendments and enhancements proposed to the National Consumer Credit Protection Act 2009 (NCCP Act). Several key reforms are proposed.
1. Additional rules relating to credit cards and mortgages, including providing a customer with a Key Fact Sheet prior to entering into a contract, restrictions on offers to increase credit limits on credit cards, restrictions on licensees approving the use of a credit card in excess of the approved credit limit and requirements relating to the order of application of payments made under credit card contracts.
2. Specific changes to the provisions of the NCCP Act to improve its operation whereby licensees will be required to meet higher standards of conduct. Other changes make it easier for debtors to seek a variation of the repayments under their contract due to financial hardship.
3. Product specific obligations in respect of reverse mortgages intended to assist consumers make more informed choices in relation to the use of these products.
4. Caps on the maximum amount credit providers can charge. This relates to both small amount credit contracts, all other credit contracts and additional obligations in relation to small amount contracts.
5. Changes to provide greater regulatory consistency: between consumer leases and credit contracts.
Points 2 to 5 noted above will mainly affect businesses that engage in credit services, especially in relation to consumer leases, short term small amount loans and reverse mortgages.
Requirements to provide a Fact Sheet for mortgages came into effect on 1 September 2011, whilst the credit card requirements will come into effect in July 2012.
The general enhancements to the NCCP Act, reverse mortgages, prohibitions and disclosure obligations in relation to small amount credit contracts, consumer leases and application provisions will come into effect on 1 July 2012. The schedule placing caps on costs commences on 1 January 2013. The amendment to the Corporations Act will come into effect on the day after the Act receives Royal Assent.
The Future of Financial Advice (FOFA) reforms are focused on improving the quality of financial advice and enhancing retail investor protection. They are designed to underpin investor confidence and trust in the financial advice industry.
The government’s FOFA website states, ‘These reforms will see Australian investors receive financial advice that is in their best interests, rather than being directed to products as a result of incentives or commissions offered to the financial adviser.' (Source: futureofadvice.treasury.gov.au).
In April 2010 the then Minister for Financial Services, Superannuation and Corporate Law stated, ‘These important reforms will improve the trust and confidence of Australian retail investors in the financial planning sector. They are designed to tackle conflicts of interest that have threatened the quality of financial advice that has been provided to Australian investors.' The main FOFA reforms include:
- charging ongoing fees – ‘opt-in’ requirement
- best interests duty
- ASIC licensing and banning powers
- ban on conflicted remuneration
- ban on volume-based shelf-space fees
- ban on asset-based fees on geared funds.
The timetable and final content of the new FOFA laws has recently become less clear, with the reforms now being reviewed by a Parliamentary Joint Committee, which is scheduled to report its findings on 29 February 2012. This likely means that a FOFA bill will not be presented until the May 2012 session of parliament, putting in question the planned introduction date of 1 July 2012. Similarly, with this review occurring, which includes a request for submissions, the final content of the FOFA reforms, may also be subject to change.
The Australian Government is considering changes to the Privacy Act to allow a significant increase in the information available to credit providers in assessing an individual’s suitability to access credit. The proposed changes will enable Australia to move from the current negative credit reporting to a comprehensive or positive credit reporting regime. Credit providers can use this information to make better decisions when providing credit, offering payment terms, handling slow and non-paying customers and managing their customer portfolios.
In addition, comprehensive credit bureau reporting should improve access to affordable mainstream credit for certain currently under-served sections of the community. The legislation also permits credit reporting agencies to, in a limited manner, use credit information about individuals for the purposes of direct marketing and research purposes. Utility companies, telecommunications companies, insurance companies and financial services companies can benefit from the opportunities that comprehensive bureau reporting creates to understand their customers better.
The Personal Property Securities Act brings together different Commonwealth, State and Territory laws and registers involving the financing of personal property under one national system. It will require the registration of security interests in personal property on a ‘Personal Property Securities Register’. Property covered by the legislation includes cars; works of art; machinery; crops; intellectual property and contract rights. Land, buildings or fixtures that form part of that land are specifically excluded.
From a financing perspective, the new regime also extends the concept of security interests to include:
- leases of goods
- hire purchase agreements
- retention of title arrangements.
The commencement date was initially set for October 2011, but has since been deferred to early 2012. A single national register should result in greater efficiencies and simplified processes for financiers and others affected by it. However, it does necessitate the need for new training requirements and may create additional effort for those entities not previously captured under the old regime.
In its 2011-12 Supervisory Strategy, AUSTRAC announced that it plans to triple its supervisory efforts compared to 2010-11, means more ‘low’, ‘moderate’ and ‘high’ intensity regulatory activities. AUSTRAC has stated that ‘a particular focus for frontline supervision is to assess reporting entities’ Anti-Money Laundering/Counter-Terrorism Financing (AML/CTF) programs and compliance with ‘know your customer’ (KYC) obligations’ (page 7, AUSTRAC Enforcement Strategy 2011-12). This is important as compliance with KYC procedures is not ordinarily tested during reporting entities’ AML/CTF Independent Reviews. As such reporting entities should ensure that they test their current compliance with KYC obligations to mitigate the risk of AUSTRAC identifying any deficiencies during a Supervisory visit.
From 1 November 2011 all Reporting Entities (including those that have enrolled before) are required to enrol with AUSTRAC to assist it in identifying those entities that are subject to the annual supervisory cost recovery levy, and the amount of the levy they are required to pay. As such we advise all reporting entities to ensure that they have enrolled appropriately.
G20 Leaders have sought to address the moral hazard posed by Systemically Important Financial Institutions (SIFIs) by requiring the submission of adequate and credible recovery and resolution plans (RRP or ‘Living Wills’). These SIFIs represent any firm assessed by its home authority to possess a potential impact on financial stability. Preparation of these plans is not an optional exercise. Global SIFI’s in the UK and US are well advanced in the drafting of their plans.
The Australian Prudential Regulation Authority (APRA) has, to date, taken a less intrusive approach, asking six Australian banks to develop draft recovery plans by mid-November 2011 based on a stressed scenario. Final plans are due by mid-2012.
From a narrow perspective, RRPs force banks to face up to the possibility of their own demise, and ensure their break-up and wind-down can occur in an orderly manner.
More strategically, RRPs acts as a catalyst for financial services organisations to address challenges of effective capital allocation, revenue attribution and the benefits that truly arise from centralised processing. Further, changes in product development and customer interaction will be necessary to ensure organisations are in an advantageous position once legislative amendments are enacted.
The FCS was established in October 2008 to protect depositors of Australian banks, building societies and credit unions, and policyholders of general insurers, from potential loss due to the failure of these institutions. For depositors the scheme serves to afford protection and timely access to funds up to a specified limit (currently $1m per customer, reducing to $250k from 1 February 2012), with compensation extended to eligible insurance policyholders with valid claims. The scheme does not apply to deposits held with foreign-incorporated authorised deposit taking institutions, specialist credit card institutions and providers of purchased payment facilities, nor interest bearing investments in finance companies and other institutions that are not supervised by APRA.
Whilst the scheme intends to protect depositors and policyholders, it imposes significant reporting and operational obligations on Australian banks, building societies, credit unions and general insurers. APRA has consulted with industry to address concerns and set expectations, with a second consultation paper and draft prudential standard released in September 2011. Responses were due in early November to allow for the intended release of the final prudential standard in late 2011 and commencement of a two year transition period from January 2012.
APRA has released its liquidity reforms Discussion Paper and draft revised Prudential Standard Liquidity ('APS 210 Liquidity') following the Basel III liquidity requirements which will be phased in between January 2013 and January 2018. APRA will accept submissions on the Discussion Paper and draft standard until 17 February 2012.
The Discussion Paper outlines APRA's proposals to implement a package of reforms to strengthen the liquidity framework for authorised deposit-taking institutions ('ADIs') in Australia. These reforms give effect to the Basel III liquidity framework announced by the Basel Committee on Banking Supervision ('Basel Committee') in December 2010 to strengthen global liquidity rules so as to promote a more resilient global banking system and the qualitative requirements announced by the Basel Committee's Principles for Sound Liquidity Management and Supervision released in September 2008.
APRA has followed the Basel Committee's timetable for the reforms and ADIs will be required to meet:
- The new qualitative requirements following finalisation of APS 210 in mid-2012
- The minimum Liquidity Coverage Ratio from January 2015 and
- The minimum Net Stable Funding Ratio from January 2018.
On 1 August 2010, the Australian Securities and Investments Commission (ASIC) formally took over the responsibility for supervision of real-time trading on Australia's domestic licensed markets.
In March 2011 ASIC released a timetable for the introduction of market competition. In April ASIC released new market integrity rules for competition in exchange markets. These rules are intended to mitigate the regulatory issues resulting from the introduction of competition in exchange markets for trading in equity market products.
The market integrity rules include:
- requirements for market operator level order entry controls and a harmonised trade cancellation policy in the event of an extreme price movement
- rules on achieving best execution for clients
- pre-trade and post-trade transparency rules to promote the fairness and efficiency of our market and in particular to promote its liquidity and quality of price formation
- reporting requirements for crossing systems
- rules on making market data available and promoting accessibility of consolidated market data
- information sharing requirements between market operators
- rules on the coordination of time, identifiers and tick sizes across markets
- a requirement that all transactions in equity market products are entered into under the rules of a licensed market (unless the transaction is a redemption or primary market action)
- rules prohibiting trading during a trading halt
- rules to allow market participants to aggregate transactions into a single confirmation.
On 28 October 2011 ASIC registered market integrity rules for capital for the Chi-X market. They are modelled closely on the market integrity rules for capital for the ASX market to ensure a level playing field for the two equities markets.