By Craig Cummins, Superannuation, Asset and Wealth Management Leader, PwC Australia
Share this article
For the past 11 years, PwC has surveyed over 70 fund managers and super funds each year to capture the issues that are shaping the risk and compliance landscape in the industry.
This article reflects on recent events affecting our industry and the results of the 2018 PwC Wealth Management Risk and Compliance Benchmarking Survey (the PwC Survey) to provide practical steps trustees can consider when managing risk and compliance in this challenging environment.
The Australian superannuation industry has enormous responsibility as the custodian of one of the largest pools of savings in the world. While our superannuation system is generally recognised as world class, 2018 is shaping up to be the year that forces the industry to rethink how it goes about managing risk and compliance.
Over 50% of respondents in the PwC Survey stated keeping up with regulation is one of their top 3 challenges. This will only intensify with the long pipeline of reforms scheduled in the coming years, as well as the Royal Commission findings and the recommendations on superannuation.
Proactive and forward-looking organisations who take the opportunity to embrace technology will be better placed to manage these reforms than those who remain reactive.
The survey results also indicate that organisations believe risk and compliance approaches must be changed in a significant way to maintain relevance in the current environment.
Trustees must be able to demonstrate members’ interests are always prioritised over organisational interests and risk and compliance functions have an important role to play in this regard. Traditional methods for identifying, monitoring and managing risks are proving to be unsustainable, with demand for skilled people draining an already shallow resource pool. The automation of routine risk and compliance activities provides a great opportunity to redeploy staff to activities that add greater value, as well as providing more comprehensive and robust results.
However, even the best tools, processes and controls can be undermined by a lack of accountability. To achieve the desired results, organisations must hold individuals to account, and offer the right incentives that are consistent with behaviours that the community expects.
While the industry awaits the next round of policy and regulatory reform, there are six steps that trustees should consider to pivot towards ongoing sustainability and resilience in their business.
1 . Rethink strategic business plans and risk management frameworks
APRA is yet to finalise its long-awaited strategic planning and member outcomes reforms but that should not discourage trustees from acting now. Trustees should review strategic objectives and business plans and how they connect with their risk management frameworks to identify opportunities to prioritise member outcomes. Trustees are required to connect and explicitly address strategic risks in the risk management framework; however, they should now be asking themselves whether this connection could be strengthened.
2. Double down on risk culture and accountability
The Banking Executive Accountability Regime (BEAR) responds to concerns that executives in the banking industry have not been held to account. The regime seeks to improve accountability through a sound risk culture and effective corporate governance, supported by stronger consequences for poor behaviours and outcomes. Increased clarity around accountability within organisations has the opportunity to lead to faster, yet better decisions, and drive good customer outcomes and risk management practices. Treasury has signalled that applying similar measures to superannuation trustees might be a reasonable response to the outcomes of the Royal Commission.
To support the ongoing prioritisation of members’ interests and in preparation for the introduction of heightened regulatory requirements, embedding a strong risk culture must remain a priority for all trustees. Risk and compliance functions can play a key role in supporting the collective efforts of trustee boards and senior management to drive and monitor organisational risk culture.
Widespread outsourcing in the industry adds complexity to good risk management and compliance practices. Reliance on attestations alone is unlikely to be sufficient to appropriately manage risk. Trustees need to ensure risk frameworks are adequately designed to effectively monitor the performance of service providers and ensure they operate within the trustee’s risk appetite.
3. Take a fresh look at your existing risk and compliance resources
Trustees must ensure their businesses are sustainable and set up to succeed. However, the majority of trustees in the survey said insufficient resources are currently being directed towards supporting risk and compliance which may put this success at risk.
Over-stretched risk and compliance functions will struggle to ensure members’ interests are prioritised and that all legal requirements are met. Trustees should review the human and technology resources currently being directed to risk and compliance and, where gaps are identified, invest to ensure they are appropriately managing their obligations.
Technology offers many potential ways to help trustees rebuild trust in the community. For example, data analytics and robotics can combine to flag member balances eroded by fees and insurance, or to avoid members being assigned inappropriate products. To realise this potential, risk and compliance teams could collaborate more closely with technologists to develop more rigorous and cost effective compliance programs.
Less than 20 per cent of organisations surveyed said their systems were ready to adopt RegTech solutions. Part of the challenge is that the RegTech market is still developing but this should not discourage trustees from considering how these options might deliver benefits over time.
4. Help the wider business understand and manage technology and data risks
Trustees are responsible for managing extremely large volumes of data. Our community expects organisations entrusted with Australia’s retirement savings to have technology systems that are efficient, effective and secure. Further, the Government and its agencies and regulators are placing greater obligations on trustees to protect the privacy and security of the data they hold.
It is crucial that trustees know where all member data resides and are across the checks in place to ensure third party providers handle data with care and can escalate data breaches.
Collective responsibility for risks relating to data is required across the whole business, including the risk and compliance function. These functions must do more to help the wider business understand and manage the full spectrum of information risks, such as data quality, data privacy and reputational risks arising from data misuse, letting go of the notion that technology and data is ‘owned’ by the IT department.
5. Simplify products and processes
The complexity of the superannuation system can undermine trust and member engagement. Many people simply don't understand what they’ve signed up for and how it might affect their financial future. Fee structures, insurance arrangements and investment strategies must be easy to understand to allow members to make better, more-informed decisions about their superannuation. Risk and compliance functions can play a part in helping organisations look through the eyes of the member, with the aim of finding ways to simplify products and processes.
6. Be vigilant about conflicted arrangements
It is essential that trustees continually assess potential, perceived or actual conflicted arrangements to ensure the best interests of members prevail. This is particularly the case where a trustee deals with related party service providers, where unmanaged conflicts may adversely affect members in a material way.
Trustees must do more to empower their risk and compliance teams to facilitate independent assessments of actual and perceived conflicted arrangements. This will help ensure that existing arrangements and future decisions made by the trustee are in members’ best interests.
Download a full copy of the 2018 PwC Wealth Management Risk and Compliance