Royal Commission Interim Report


The Interim Report[1] of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services was released on 30/09/2018. It covers the first four rounds of hearings around lending to consumers, small/medium enterprises and agriculture, provision of financial advice as well as experiences with financial services in remote areas.

The Report’s core message is:

“Greed overruled honesty to the detriment of customer outcomes.”

While most of the findings and case studies were discussed during the hearings and published in various press releases already, the report contains also some information about possible causes for the identified misconduct.

Individuals or the entire organisation benefited from misconduct with risk & compliance management frameworks ineffective to prevent it. This conduct was driven by financial incentives used in respective organisations and accepted across the industry. Furthermore, regulatory penalties and enforcements were too lax, i.e. organisations profited from misconduct even after deduction of remediation costs and fines.

Among others, the Interim Report identifies three key causes of misconduct:

  • Piecemeal Risk & Compliance Management
  • Remuneration Policies encouraging Misconduct
  • Lax Enforcement of the Law

Piecemeal Risk & Compliance Management

For the initial request to provide information on identified misconduct, the Royal Commission received several responses from major financial institutions. However, these responses were kept on a high-level necessitating additional inquiries. Reactions indicated that some institutions treated risk & compliance management in a piecemeal fashion. Apparently, risk/ compliance management systems were incapable of providing requested information on misconduct in a timely fashion. Possible reasons included limited ability to identify systemic issues within the organisation or information gaps concerning systemic issues in respective risk/ compliance management systems.

Furthermore, having identified a regulatory breach, organisations took a long time to report that breach to respective regulator[2].  Subsequent remediation of identified issues stretched over a number of months, sometimes even years, and were executed with the narrowest scope possible. Drivers for this kind of remediation were cost considerations, organisational complexity and limited organisational capabilities.

Remuneration Policies encouraging Misconduct

The report identified remuneration policies and procedures as one of the key drivers of misconduct. Volume-based and revenue oriented performance measurement models incentivised front line staff to maximise their personal financial gains – to the detriment of customer outcomes. Even after the Sedgwick Report on Retail Banking Remuneration[3], financial service institutions continued to use volume-based and revenue-oriented incentives. Underlying assumption was that employees must be incentivised to sell products & services, so that the organisation could increase its overall revenue.

However, the Interim Report questions whether replacing this type of incentives with balanced scorecards has the desired effect of increasing customer outcomes. It cautions that if front line staff is measured by balanced score-cards but senior management performance is still appraised with revenue and profit margins in mind, identified misconduct may continue. Front line staff would simply follow the lead of senior management, i.e. maximising profit margins and revenue.

Lax Enforcement of the Law

The Interim Report identified another key driver of misconduct – lax enforcement of the law. While the Report comes to the conclusion that more regulations are probably not required, it elaborates on regulatory shortcomings. On the one side, there is APRA which is responsible for the stability of the financial system focussing mainly on governance and risk culture. On the other side, there is ASIC which focuses on conduct of regulated organisations.


Over the past years, ASIC chose to negotiate with organisations in breach of regulations.  Focus of these negotiations was customer remediation with some individuals being banned from the profession. Instrument of choice were Enforceable Undertakings and Infringement Notices. In addition, success rate of litigation cases was over 90% indicating that the regulator was willing to pursue cases only which were easy to win.

Looking forward, the Interim Report makes some observations about potential changes and their expected impact. For one, ASIC’s scope of responsibilities increased over time and may have become too large with the effect that available resources are spread too thinly. Furthermore, the established culture of negotiation may prevent the regulator from taking more drastic measures such as punishments and public denunciations. Another important observation is that apparently the regulator did not take into account that entities profited from misconduct. In future, cost of remediation, fines and penalties should ensure that organisations in breach of regulations do not profit from it.


APRA’s mandate focuses on stability of the financial system. Therefore, the limited number of actions taken by APRA can be understood. However, the Interim Report draws a connection between CBA’s list of incidents over the past years, the subsequent APRA report[4] and identified misconduct during the first four rounds of hearings of the Royal Commission.

Based on these findings, the Interim Report raises the questions what APRA could do better, how the law could be enforced better and what actions are necessary with regards to governance, culture and accountability in other financial institutions.

Overarching Questions

In over 1’000 pages, the Interim Report evaluates why the identified misconduct was allowed to happen and what could be done to prevent it from happening again.

At the end of the Report, questions are raised which are important to be answered:

  • What are banks and regulators doing about conduct risk?
  • Should employees with client contact receive variable remuneration? What about senior management?
  • Should BEAR[5] be extended or changed?
  • How can the conflict of interest (including remuneration) of intermediaries be resolved?
  • Should business structures, e.g. vertical integration, be changed?


First publish on Enforcd.

[1] Interim Report Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry:

[2] ASIC’s report 594 on “Review of selected financial services groups’ compliance with the breach reporting obligation” indicates that it took organisations on average 168 days to report a breach. The mandatory reporting period for breaches is only 10 days. Source:

[3] Sedgewick report on Retail Banking Remuneration Review:

[4] Prudential Inquiry into the Commonwealth Bank of Australia:

[5] For more information about the BEAR (Banking Executive Accountability Regime), refer to:

%d bloggers like this: