Westpac agrees to work faster to fix risk system failures

By

As regulators raise concerns about slow progress.

Westpac has entered into a court enforceable undertaking with the Australian Prudential Regulation Authority (APRA), promising to bolster efforts to fix its risk governance failings after the regulator found the bank wasn’t moving fast enough. 

Westpac agrees to work faster to fix risk system failures

The undertaking comes after APRA raised concerns at the bank's progress in remediating weaknesses including an "immature and reactive risk culture, unclear accountabilities, capability shortfalls, and inadequate oversight".

APRA’s concerns stem from the findings of a risk governance review into Westpac in response to anti-money laundering breaches that cost the bank $1.3 billion in penalties.

The breaches stemmed from a failure by Westpac to implement automated transaction monitoring systems for money coming in and out of Australia, resulting in 23 million contraventions of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

The transaction monitoring failures were attributed by a prior review to poorly-implemented middleware between batch systems and monitoring software, an implementation works beset by technical difficulties and staff cuts.

An advisory panel report into the Westpac board’s oversight of financial crime obligations that was released in June put fresh scrutiny on Westpac’s technology stack, questioning whether the bank’s IT platforms were “best practice”.

Despite almost two years of remediation, APRA said Westpac had failed to deliver expected risk governance improvements. 

As part of the undertaking, Westpac has 90 days to submit an integrated remediation plan to APRA that incorporates all its major risk governance remediation programs, covering both financial and non-financial risks. 

The bank must also appoint an independent reviewer, who will report to APRA each quarter on the effectiveness of the integrated plan. 

Westpac will also assign accountabilities for delivery of the plan to named executives and board members and incorporate outcomes into remuneration decisions. 

Westpac Group CEO Peter King said the bank was determined to deliver on its risk remediation activities. 

“My top priority is to ensure the bank’s risk culture and management of risk meet the high standards expected of us,” King said. 

“We have had constructive discussions with APRA and know we have to deliver a disciplined step change in our management of financial and non-financial risk. 

“While we have made progress in improving our standards, we have much more work to do, and this must be done at pace.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Macquarie's banking CISO headed to Endeavour Group

Macquarie's banking CISO headed to Endeavour Group

UniSuper's Google Cloud environment was deleted

UniSuper's Google Cloud environment was deleted

The full list of IT projects in the 2024-25 federal budget

The full list of IT projects in the 2024-25 federal budget

ASX's technology and data business chief to leave

ASX's technology and data business chief to leave

Log In

  |  Forgot your password?