Management and Consequence Management

Consequence management .. requires the application of direct and proportionate consequences to hold individuals to account when issues emerge and are not properly addressed.
— APRA Information Paper "Self-assessments of Governance, accountability and culture", 22 May 2019

Consequence Management

And .. what it also found ... is that there was a lack of [Consequence Management] policy application by the business where advisers admitted to or were found to be non-compliant or breached the Westpac code of conduct?

Yes.
— Mr Hodge's examination of Mr Hartzer, Westpac CEO, Royal Commission transcript, 22 November 2018 P-6847

How Licensees approach Consequence Management should be appropriate for the ‘nature, scale and complexity’ of their business. and their Risk Appetite. What APRA have effectively done is articulated their expectations, which are similar to ASIC, that a Licensee’s consequence management policy needs to be consistently applied and must apply ‘direct and proportionate’ consequences for misconduct and improperly managed compliance failures.

In this respect, a licensee’s consequence management policy is a critical component of your organisational culture; it embeds accountability and promotes an unambiguous statement of individuals’ responsibility. If it’s also consistently applied, it will significantly reduce both the incidence and impact of non-compliance.

Start with your Risk Appetite and build a conceptual framework to explain when you'll take remedial actions - fixing the problem - and when you'll take Administrative actions - addressing the conduct and the cause.

Review your remuneration framework at the same time and eliminate any inconsistencies you identify.

Clearly define your expectations and remember that the responses you propose for failures need not be mutually exclusive.

In an advice business, you might conceive of your framework to look like this:

Screen Shot 2018-05-19 at 6.24.31 pm.png

It’s disappointing that few of the entities surveyed by APRA have any effective way of identifying and consistently reacting to incidents, breaches and contraventions. 

To be clear, consequence management is not a complete solution; monitoring, supervision and remediation are equally, if not more, important. Consequence management is, however, an effective and efficient way to both manage regulatory risk and maintain a good corporate 'culture'. Properly applied, it may also help you better manage your reputation and your resources.

Screen Shot 2018-05-19 at 6.24.51 pm.png

Management’s role

Is there proper accountability as demonstrated by discipline for managers under whose watch misconduct occurred? Is the application of discipline consistent? Is there an incentive program for good compliance and ethical behavior? Can the company point to specific examples of actions taken (promotions or awards denied) as a result of compliance and ethics considerations?
— U.S. Department of Justice, Criminal Division, Fraud Section "Evaluation of Corporate Compliance Programs"

Consequence management is not only about the framework for responding to incidents - consequences must be clear, cascaded and enforced. APRA did not find this to be the case. Instead, consequences were found to be inconsistently applied throughout the businesses. The business’ willingness to insist on accountability varied depending on the seniority, role or influence of the offending party.

This is the core of APRA’s call for Licensee’s to enhance their consequence management framework.

While APRA found that senior executives had clarity about their roles and responsibilities, the clarity they had was not shared by those at lower levels. If you are in any management role, it is incumbent on you to gain clarity of your role and responsibilities and communicate these (and the Licensee’s expectations) in a manner that ensures that understanding and accountability cascades throughout the business.

It’s easy to see Consequence Management as a compliance obligation but it’s a key indicator of corporate culture; it improves your retention and recruitment of ethical staff, enhances your reputation and brand and ensures your business’ alignment with community expectations.

It’s also a particularly useful point of focus given that ASIC’s wealth management investigations increased by 129% since February 2018.

If you need help refocusing on Culture, Conduct or Consequences reach out to us.