CBA Prudential Inquiry

May 1, 2018

The CBA Prudential Inquiry Final Report (“the Report”) was issued this morning (1st May 2018) along with a new Enforceable Undertaking which is a direct consequence of the many issues identified in the Report. 

The following news reference provides some more flavour and background on the Report and its findings (  We have emphasised, in bold below, some of the key standouts from our perspective.

Of the many issues that the panel found were affecting CBA, some of the key ones included:

  • “inadequate oversight and challenge by the board and its committees of emerging non-financial risks”, “unclear accountabilities”;
  • “a remuneration framework that, at least until the AUSTRAC action, had little sting for senior managers and above when poor risk or customer outcomes materialised (and, until recently, provided incentives to staff that did not necessarily produce good customer outcomes)”;
  • weaknesses in how issues, incidents and risks were identified and escalated through the institution; and
  • an operational risk management framework that “worked better on paper than in practice” supported by “an immature and under-resourced compliance function”.

The report highlighted four broad and interlinked cultural traits that have impacted CBA.  These include: 

  • a widespread sense of complacency [that] has run through CBA, from the top down” which made the bank “desensitised to failings with customers”; 
  • a “slow, legalistic and reactive, at times dismissive, culture also characterised many of CBA’s dealings with regulators”, which had led to a “sense of ‘chronic ease’”; 
  • a lack of “intellectual curiosity and critical thinking about the ‘bigger picture’ and the full depth of risk issues”, which “inevitably limited CBA’s ability to learn, anticipate and adapt”; and 
  • the “collegial and collaborative working environment at CBA, which places high levels of trust in peers, teams and leaders” that has “impeded accountability and the individual ownership of risk issues” and “lessened constructive criticism and has led to slower decision-making, lengthier and more complex processes, and a slippage of focus on outcomes."

The report makes 35 recommendations for addressing these issues within CBA focused on five key levers:

  • more rigorous board and executive committee level governance of non-financial risks;
  • exacting accountability standards reinforced by remuneration practices;
  • a substantial upgrading of the authority and capability of the operational risk management and compliance functions;
  • injection into CBA’s DNA of the "should we?" question in relation to all dealings with and decisions on customers; and
  • cultural change that moves the dial from reactive and complacent to empowered, challenging and striving for best practice in risk identification and remediation.
(Source: “APRA censures CBA for range of failings”,, 1st May 2018)

There are lessons here for all companies regardless of size.  We recommend directors, executives and other key stakeholders consider the report’s findings and learnings to determine if there are any of these factors present in their organisation and consider means as to how they should address these issues.

Given our industry knowledge and direct experience with risk culture assessment, Quadrant Advisory would be happy to assist directors and business owners in obtaining a deeper understanding of the many issues identified in the Report. 

Please contact Managing Director Paul O'Farrell on 0447 196 886 or email