Lessons for in-house lawyers from the Australian financial services industry on Risk & Compliance management

3 min read

Last updated: April 30, 2021

Australia’s Banking Royal Commission and APRA’s Prudential Inquiry into the Commonwealth Bank of Australia have highlighted the considerable influence an organisation’s approach to Risk & Compliance management has on its ability to manage misconduct. And these lessons are not just limited to the financial services industry – all industries and organisations, in both Australia and NZ, can learn from the challenges experienced by financial institutions in achieving effective Risk & Compliance management practices.

Given the significant inter-relationship between Legal Services and Risk & Compliance management in any organisation, these lessons are ones that in-house lawyers should be across. In-house legal teams are often responsible for Risk and/or Compliance or, at a minimum, are always an important part of an organisation’s response to Risk and Compliance management. And the clear expectation set by both the Royal Commission and APRA is that in-house lawyers have a big role to play in how an organisation conducts itself.

So, how should you go about upskilling in Risk & Compliance and having a positive influence on your organisation’s Risk & Compliance practices? Here are our top take-outs from the Royal Commission and APRA Inquiry lessons:

  1. Learn about what Risk & Compliance management is: Risk & Compliance management are their own disciplines and there is a lot more to it than just having policies. Talk to people who are Risk & Compliance specialists, join Risk forums or associations or even start with a bit of reading.
  2. Get involved: Know about what your organisation does – and doesn’t do- in the Risk and Compliance space. Ask questions, fill in your knowledge gaps and provide some challenge.
  3. Have fit for purpose frameworks: Make sure your organisation has operational and compliance risk management frameworks in place and that they are fit for purpose, practical and effective – over-complicated rules and processes just don’t work.
  4. Have the right people: Risk and Compliance “capability” and “voice” is critical. Your organisation needs the right people and enough people to support its risk and compliance management. Underinvesting in these areas will ultimately have an impact.
  5. Position to challenge: Just like lawyers, your Risk and Compliance people need to have enough seniority and/or “place in the organisation” to be able to confidently challenge senior management; and there needs to be a culture where these people are heard and their views are given as much weight as everyone else’s around the table.
  6. Accountability: Be clear on who is accountable for risk & compliance management and ensure there is adequate oversight and challenge by the Board and senior executives. Unclear accountability and responsibility results in an ineffective risk & compliance culture.
  7. Quick resolution: In-house lawyers are in a good position to know if the frameworks enable problems to be quickly identified and resolved. Prioritising revenue making activities above “righting wrongs” is a sure path to misconduct.
  8. Conduct as a separate risk: Consider whether your organisation needs to focus on conduct risk as a separate stream and have a role here. Organisations in industries that, like the financial services sector, have obvious opportunities for putting the pursuit of profit above the interests of customers will benefit from doing this.

If you want to discuss any of the above or get help with your Risk and Compliance management, please contact us.