​Westpac's Juno system centralising risk compliance issues

Westpac introduced a risk management system known as Juno 18 months ago, which effectively tracks compliance issues right across the bank.

According to CEO Brian Hartzer, Juno allows Westpac to log all of its incident-related data, even if it's just a suspicion that it might be an issue.

"Historically the management of compliance incidents and the like was dispersed into different business units. While people would report them up and they would get aggregated and shown at various risk committees, it is true that they sat in different systems," Hartzer told the House of Representatives Standing Committee on Economics last week.

"About 18 months ago we implemented a new system, called Juno. It is a common system across the company, where we require everybody to log everything, even if it's just a suspicion that it might be an issue."

He told the committee looking into the performance of the big four banks that Juno sits across the entire company. He explained that issues of any sort across the bank go into that system and get reviewed regularly.

"It's been much easier to pull things out and sort them and the like," he added.

While tight-lipped on the specifics of the system, Hartzer detailed for the committee the process of dealing with risk after implementing Juno.

"You've got a lot of overlapping responsibilities that try to look at that from different angles. It depends on how it's picked up. If it's come through the complaints team, they look at the root cause of every issue and meet regularly to think about whether there are themes that are coming up," he said.

"Those are then passed to the relevant area to look at. And then, through our risk processes -- operating risk, compliance, and audit -- issues that have surfaced, either through complaints or other means, are then tracked and reported to risk committees, including my executive risk committee, which meets pretty much monthly, or are ultimately tracked at a board level."

More from the Economics Committee: Westpac predicts Open Banking to cost AU$200m to implement | MPs concerned bank lending practice is stifling entrepreneurship in Australia | Big four banks passing the buck on open data regulation

A report from the Australian Securities and Investments Commission (ASIC) last month highlighted an "unacceptable" delay in financial institutions reporting a "significant" breach, asking banks to remedy this by improving its data collection and the operation of their business and compliance IT systems.

The report [PDF] found that Westpac, in addition to the Commonwealth Bank of Australia (CBA), the National Australia Bank (NAB), and ANZ bank are taking an average of 150 days to investigate and lodge a breach report to ASIC.

Under the law, all financial institutions are required to have a process that effectively identify breaches and then reports significant breaches to ASIC within 10 business days of becoming aware of them. Failure to do so is a criminal offence.

"The identified instances of non-compliance with the 10 business days reporting requirement are unacceptable, especially when the legal requirement is to report 'as soon as practicable' but no later than 10 business days from awareness," ASIC wrote in its report.

The major financial groups also took an average of 1,726 days to identify an incident that was later determined to be a significant breach.

ASIC also found that some of the IT systems used by financial providers had limited search functionality, which the regulator said, in combination with a fragmented approach to recording information over many databases, inhibited the identification and investigation of a number of significant breaches.

The need to have up-to-date internal systems in place was highlighted when CBA in June entered into an agreement with Austrac to end civil proceedings initiated in August 2017.

The agreement sees the bank admitting to 53,750 breaches of the Anti-Money Laundering and Counter-Terrorism Financing Act (AML/CTF), which included failing to hand over 53,506 threshold transaction reports (TTRs) for cash transactions over AU$10,000 to the regulator through intelligent deposit machines (IDMs) for almost three years between November 2012 and September 2015; and for a period of three years not complying with its AML/CTF program across 778,370 transactions.

The terms of the agreement will see the bank pay AU$700 million along with Austrac's legal cost of AU$2.5 million, and the regulator's proceedings dismissed.

Similar to Westpac, CBA has invested heavily in internal technology, including for AML/CTF compliance.

SEE ALSO

Banks warned of unhappy customers as tech giants join fintechs as competition

A report from Capgemini has found satisfaction is low in customers and banks need to up their levels of personalisation if they want to keep customers from turning to tech giants and fintechs.

CBA preparing for 'digital gorillas' to join fintechs as competitors

The Commonwealth Bank of Australia knows it is not immune to the threat of disruption, so it is redefining how it structures its organisation and how it consumes technology to keep the Amazons and Googles, as well as fintechs, at bay.

ANZ bank turns to Atlassian as it pushes on with 'agile'

The bank has turned to the Australian software developer-focused startup to help drive its agile-based transformation.

Why Westpac is making 'frenemies' with fintechs(TechRepublic)

The bank's CIO has used the term 'frenemies' to describe the relationship Westpac has with the fintech community down under.

How NAB is taking Australia's skills shortage into its own hands (TechRepublic)

The National Australia Bank is seeking 2,000 tech-focused staff and sending more than 2,000 of its existing staff through training provided by AWS to combat the looming skills shortage.