Royal Commission into Misconduct in the Banking ...€¦ · number of its subsidiaries (Aussie Home...

L\325360228.1

Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry

Submission

29 January 2018

RCD.0001.0003.0004

I

RCD.0001 .0003.0005

Table of Contents

Executive Summary ............. ............................. ..... ... ..................... ........ ............. ........ .................... ......... ..... 3

1. Introduction ... .... ..................... ........ ........ ........ ......... .... ........ ................. ............. ................ ............. .... .... ..... 5 1. 1 Overview of approach .. ..... ........ ........ ................ ..... .... .... ................ ............. ........ ........ ............. ..... 5

1.2 Overview of the Group ...... .... .... ........ ........ ........ ..... ........ ........ ........ .... ................. ........ ........ ..... ..... 6

1.3 APRA inquiry into governance, culture and accountability ..... ........ ........ .... ................. .................. 6 2. Misconduct and related issues since 1 January 2008 .. ........ ..... .... .... ..................... ..... ................... ..... ..... 8

2.1 Financial Advice: review of poor advice ......... ....... ......... ........ ........ .... ......... ........ ........ .................. 8

2.2 Financial Advice: ongoing service review ......... ............. ........ ................ ............. ........ ............. ... 11

2.3 Storm Financial. .... ........ ..... ........ ................ ..... ................ ........ ............. ........ .................... ......... ... 13 2.4 Wealth Package customer remediation ..... ..................... .... .... ................ ......... ............................ 16 2.5 IT procurement ..... .... .... ..... ........ ................. ..................... ........ ............. ................. ........ ............. ... 17 2.6 Foreign Exchange trading ......... ........ ........ ........ ......... .... ........ ........ ............. .... .... ........ ........ ........ 18 2.7 AML/CTF ........... ... ..... ............ ..... ....... ........ ..... .... .... ..... ... ........ ............. ............ ............ .... ......... ... 19 2.8 Customer remediation activities ........ ........ ..... ... .......... ... ........ .... .... ........ ..... ........ ........ ................ 20 2.9 Employee misconduct .. ............. ................ ........ ..... ........ ................ ...... ........... .... ........ ............. ... 21 2.10 Customer cases ............ ............. ........ ........ ............. ................ .............. ....... ........ ........ ................ 22 2.11 Regulatory actions and findings ........ ........ ..................... ................ ........ ..... ........ ........ ................ 22

3. Community standards and expectations and other conduct related issues since 1 January 2008 ........ 25 3.1 Definition of community standards and expectations ............. ............................. ................ ........ 25 3.2 Home insurance: flood definition ... .... ........ ........ ......... .... .... .... .................. ... ........ ........ ............. ... 26 3.3 Consumer credit insurance: credit card and loan protection .. ........ ................ .... ......... ..... ; .. ........ 27 3.4 Commlnsure: heart attack definition & related allegations ..... ..................................... ................ 28 3.5 Unpaid superannuation ..... ......... ................ ..... ... ..... ........ ........ ........ ............. ........ ........ ................ 30 3.6 Aussie Home Loans ..... ..................... ........ ............. ........ ........ ........ ................. .... ........ ............. ... 31 3.7 Other issues of community interest or concern ..... ......... .... .... ........ ..................... ............ ......... ... 32 3.8 Enhancements to our business practices to meet community standards and expectations ....... 36

4. Evolving our business to prevent, identify and remediate misconduct and other conduct related issues ... .... .... ................ ..... .... .... ........ ................ .... ..... .... ................ ..... ... ............. ........ .... .... ............. ........ ... 40

4.1 Introduction ............... ......... ......... ........ .... .... ..... ......... .... ............ .......... .... ................ ..... ... ............. ... 40 4.2 Culture .. ........ ........ ............. ................ ............. ........ ........ ........ ... .......... ........ ........ ..................... ... 40

4.3 Governance (including risk management, recruitment and remuneration) ............ ............. ........ 43

4.4 Group Customer Advocacy ....... ........ ........ ........ ..... ........ ........ ..................... ................................ 49 5. Industry and regulatory reforms to better meet community standards and expectations .. ......... ............ 52

5.1 Industry reform ............. .......................................................... ............. ........ ........ ..................... ... 52 5.2 Enhanced regulation .......... ........ ........ ............ .... ..... ........ ........ ........ ............. .... .... .............. ....... ... 53

6. RSE licensees .. ........ ........ ............. .... .................... ..... ........ ................ ............. ........ ........ ........ ..... ........... 58 6.1 Use of members' funds ...... ................ ........ ..................... .... .... ..................... .... .... ........................ 58 6.2 Use of funds in the best interests of members .. .... ................. ........ ............................. ................ 59 6.3 Cost centres ......... ........ ..... ............ .... ........ ............. ........ ........ ........ ..... ..... ................................ ... 60 6.4 Amounts applied ........... ..... ........ ..... ... ........ ............. ................ ..... ........ ........ ........ .................. . , .... 61

Annexure A - Timeline of issues, responses, reforms and inquiries ............................. ...................... ....... 63 Annexure B - ASIC Banning Orders and Enforceable Undertakings ..... ........ ..................... ........ ............. ... 64

Annexure C - Adverse findings made against the Group ............... .... ......................................................... 66 Annexure D - Glossary ......... ........ ......... .... ........ .... ............. .... ................ ..................... ........ ........................ 70

2 Commonwealth Bank ot Auslrali&

L\325360228.1

RCD .0001.0003.0006

/ Executive Summary

The Commonwealth Bank of Australia Group welcomes the opportunity to provide this submission to the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry.

The Letters Patent recognise that "Australia has one of the strongest and most stable banking, superannuation and financial services industries in the world, which performs a critical role in underpinning the Australian economy". Indeed the strength of our financial system was a major reason for Austral ia avoiding the worst of the global financial crisis. Policymakers, regulators and banks worked collaboratively to ensure that our community and global funders retained confidence in the banking system, and continued to provide the funding critical to Australia's prosperity. Austra!ian businesses and families, in turn, recognised the safety and stability of the banking system.

That stability has strengthened over recent years. At the same time, levels of innovation are among the highest of any developed market's banking system, and overall levels of customer satisfaction are high.

However, we recognise that instances of poor conduct within financial institutions, including within the Group, have weakened public trust in the financial services sector. Trust is fundamental to the ability of the sector to continue to perform its critical role in the economy. A Royal Commission will ensure that the reasons that trust has been weakened, and the steps required to strengthen trust, can be examined in a balanced and fact-based manner. We support this goal.

We have endeavoured through this submission to respond to the Commissioner's request for information in a thorough and transparent manner. We accept fully that there have been instances over the last 10 years where our conduct has been unacceptable, and other instances where we have fallen short of expectations. We address each of those instances in this submission. In doing so, we make a humber of distinctions, which we summarise below.

Nature of conduct

The Commissioner's request draws a distinction between misconduct and conduct which falls below community standards and expectations.

The definition of "misconduct" in the Letters Patent encompasses conduct that is an offence under Commonwealth, State or Territory laws, is misleading or deceptive, is a breach of trust, breach of duty or unconscionable conduct, breaches a professional standard or widely accepted benchmark for conduct.

The definition refers to "offences" against relevant laws. In the interests of transparency we have not sought to draw a strict distinction between offences and contraventions of laws. As a result, most of the instances of misconduct identified in this submission involve some degree of non-compliance with financial services laws but not necessarily offences against those laws. The conduct also varies in terms of customer impact, severity and financial consequence.

When considering community standards and expectations, we consider an appropriate benchmark is the standards and expectations of a reasonably representat·ive cross-section of the community, rather than a discrete sub-section of it. The high standards and expectations to which we are held by the community, are consistent with the high standards and expectations set by our Vision and Values, internal policies and regulatory requirements. We submit that it is also reasonable to recognise that mistakes happen, particularly in the context of an institution of our size and scale, and when they do to expect us to work closely with affected customers, Government and regulators to address those issues so they do not reoccur. Community standards and expectations must also be seen in the context of the community's primary expectation of a bank: to safeguard savings, extend credit responsibly and facilitate payments and other commerce.

Attribution

We believe that it is important to have a strong corporate culture and sound governance, supported by effective policies for all aspects of our activities, including for risk and reputation management, performance management and recruitment. At the same time, we recognise that even with effective policies and good culture, conduct incidents can occur. Incidents of misconduct or other conduct related issues may indicate a poor culture or poor governance practices, but that is not necessarily the case.

3 Commonwealth B&nh. of Aussratfa

L\325360228.1

RCD .0001.0003.0007

In this submission, we have considered the incidents of misconduct and other conduct related issues with regard to the extent of the cond.uct relative to the size and scale of our activities, our stated cultural goals (being people, practices, policies, processes and systems) and the governance practices through which the cultural goals are implemented and monitored. In doing so we have identified incidents attributable to an individual or a small number of individuals, or pockets of poor culture.

Remediation

Regardless of the underlying cause of poor conduct, we must be accountable for the customer impact, and for the remediation required to put customers in the position they should have been in had the conduct met the relevant standards.

Our approach to remediation is to do more for our customers than the bare minimum required, in recognitioh of the fact that in addition to having caused financial loss to our customers at times, the incidents and the remediation of them are time consuming, inconvenient and potentially distressing for our customers. There are a number of examples of this approach to remediation in the submission.

There are also examples in this submission of where we have self-identified issues and remediated them quickly. Having said that, we recognise that we have not always acted as quickly as we should have done. We have been working hard to embed a more consistent approach to remediation across the Group that leverages what we have learnt from the remediation of the incidents outlined in this submission.

We recognise the importance of the legislative framework which imposes penalties for breaches of the law and our obligation to pay penalties under that framework that appropriately reflect the nature of the breach. We seek to work collaboratively with our regulators to meet any additional requirements appropriately imposed by them, including in the implementation of remediation programs but also by the payment of additional contributions to nominated community programs. However, we believe a distinction should be drawn between compensation of customers, and other penalties that are paid and retained by regulators.

Prevention

In this sub.mission we demonstrate the improvements that we have made to prevent misconduct and other conduct related issues. This starts with an emphasis on culture at Board and senior executive level, and throughout the organisation. At the Common.wealth Bank, this has centred on a structured program that commenced in 2015 to clearly define our Vision and Values, and to ensure that our culture reflects them.

We have also worked hard to learn from our mistakes. We have listened to the experiences of our customers, thoroughly investigated what happened in each instance, worked through the attribution, and addressed the issues and improved our policies, processes and practices to prevent mistakes from reoccurring. We recognise that more work and ongoing vigilance will be required.

We have actively participated in, and supported, a number of major industry initiatives and regulatory reforms which have more closely aligned industry practices to community standards and expectations (e.g., Future of Financial Advice), aided prevention and improved the way that the Group and the banking, superannuation and financial services industry approaches conduct issues.

In recent year-s we have taken a more pr-oactive approach to evolving our business, culture and governance practices having regard to external trends. The external environment is dynamic and community standards and expectations evolve over time. A number of incidents outlined in this submission could have been prevented or better addressed if we had kept abreast of external trends and proactively calibrated our practices to keep up. We are committed to improving our focus in this area.

4 CommonwealU\ Bmth. of Auscraita

l \325360228.1

RCD.0001.0003.0008

/ 1. Introduction

1.1 Overview of approach

[1] The Commonwealth Bank of Australia (Bank) and its associated Australian entities (Group) provides the following response to the questions in the letter from the Honourable KM Hayne AC QC dated 15 December 2017 (Letter}. As requested, the Group has provided a consolidated response, noting that a number of its subsidiaries (Aussie Home Loans, Commlnsure and Colonial First State) received separate requests from the Royal Commission.

[2] The Letter requests information on identified instances of misconduct, as defined in the Letters Patent dated 14 December 2017 (Letters Patent), which in the context of the Group precjominately relates to non-compliance with financial services laws, and identified instances of conduct, practice, behaviour or business activity which the Group considers has fallen below community standards and expectations (referred to in this document as other conduct related issues), in each case for the period from 1 January 2008.

[3] In providing this response, and having regard to the size and scale of the Group's operations and the relevant time period, the Group has endeavoured to provide information that it considers will be of most assistance to the Royal Commission. We have focussed our response on Australian Group entities, and we have adopted the following approach:

• We have identified misconduct and other conduct related issues in the period since 1 January 2008. These were identified having regard to a range of factors including customer impact, extent of noncompliance with legal or regulatory requirements, and reputational and financial impact for the Group. We have then sought to address the questions in the Letter for each issue.

• To assist the Royal Commission to understand the Group's operations, in addition to the specific issues, we have provided an overview of other areas across the Group's operations where instances of misconduct and other conduct related issues have arisen or have been addressed by the Group.

• We have also outlined a number of areas where the Group has improved its approach and proactively enhanced its products, policies or processes, including with reference to the standards and expectations of the community. We note that "community standards and expectations" is not defined in the Letters Patent and we have included some analysis and our view of the meaning of that term.

• In respect of questions 3(b)- (d) of the Letter, and recognising that there is often more than one reason for misconduct or other conduct related issues, we have provided additional information about the Group's approach to culture and governance, including risk management, recruitment and remuneration, and improvements over the relevant period to prevent recurrence of the misconduct or other conduct related issues. For several misconduct and other conduct related issues outlined in this submission, it is a combination of factors that contributed to the. environment in which the issues arose. The Group's improvements in these areas aim to prevent similar issues arising.

• We have also outlined other ways in which the Group is working to prevent similar issues from arising, including participation in industry initiatives to improve the way in which the industry operates and responding to recent regulatory changes. A number of industry and regulatory changes have been implemented since 1 January 2008 and an overview is provided as relevant context to how the external environment has changed since a number of the issues outlined in this submission arose.

• We have answered question 4 on behalf of all Registrable Superannuation Entity (RSE) licensees in the Group.

[4] The s4bmission is provided on behalf of the Group and this includes businesses and entities, such as Bankwest and Aussie Home Loans, that operate within the Group's governance frameworks (including risk management, recruitment and remuneration), but have their own processes and practices in some respects, including in relation to matters that are described at a "Group" level in these submissions.

5 -Conmionwea1lh 6illlh. of Australia

L\325360228.1

RCD.0001 .0003.0009

(5] In summary and to provide relevant context, Annexure A provides an overview of the misconduct and other conduct related issues outlined in this submission, actions taken by the Group, including in response to those issues, regulatory and industry changes and related Government and regul,ator inquiries since 1 January 2008.

1.2 Overview of the Group

[6] In 2017, the Group had 16.6 million customers, returned 75% of cash profits to shareholders, employed 51,800 people, and paid $3.9 billion in tax. We provided $197 billion in new lending to businesses and individual customers to help them grow their businesses and buy a home, insured more than 6 million customers, and helped 1.8 million customers invest for the future. We sourced goods and services worth $4.8 billion, including from more than 5,000 SME partners and suppliers. Remaining profits were invested back into the business, to fund innovation and growth.

[7] As a large diversified financial institution, the Group is organised into operating businesses, each with its own customers and product offerings. These business units within the Group's organisational and corporate structure allow each business to respond to customers' needs and deliver business results, whilst ensuring consistent application of the Group's governance frameworks.

(8] Figure 1 outlines the structure of the Group's businesses in Australia and shows the relative weightings by profit.

' '

..,,. ----- ---

Retail &i1nMn11 Servi<le.s

Bu<i'lMS& Prtv•te Banlclng

Jmtltutlonal

S;onklna& Markets

BankWllSl

I ,

L[)i. [ --"5:~ ___ } t_ 17% __ } ~IJ_ - 7~- -11_ ~J. 1~ ___ 1 i

Nqte" Ptoflt ~re.-enm cootrll>utio~ tu NPA 1 flJlUll:>~ al ~o 1110P-2Ul / .O,tl\er •11£11l<lC11111~ReSM!> 011! "7de i\Ullt'all;t, I fnan¢a 1 ~ocvlcoa IP HH-I\; C•Dt.tf~ Al.u1i1 & /\'Yut 111c.41 C'roup Corpo " to f\ff olq ltH;fo1(t· Guv.oir1Jf\Ct' S. U•1 ll

1.3 APRA inquiry into governance, culture and accountability

[9] The Group is currently subject to a review by the Australian Prudential Regulation Authority (APRA) in respect of a number of matters outlined in this submission.

[10] On 28 August 2017, APRA announced that it would establish a prudential inquiry, to be conducted by an independent panel (comprising Dr John Laker AO, Prof Graeme Samuel AC and Jillian Broadbent AO), into governance, culture and accountability within the Group.

-.a- ,Commonwea4ttl Sank of Austroh&-

L\ 32536022B.1 I --- - ~

RCD .0001 .0003.0010

/ [11] In conducting the inquiry the panel will:

• Identify, in light of a number of incidents in recent years that have damaged the reputation and public standing of the Group (many of which are covered in this submission), any core organisational and cultural drivers within the Group that have contributed to these incidents.

• Assess, at a minimum, whether any of the following areas, or their implementation, are conflicting with sound risk management and compliance outcomes:

the Group's organisational structure, governance framework, and culture;

the Group's framework for delegating risk management and compliance responsibilities;

the Group's financial objectives;

the Group's remuneration frameworks;

the Group's accountability framework; and

the Group's framework for identification, escalation and addressing matters of concern raised by Group staff, regulators or customers.

• Consider where the Group has initiatives underway to enhance the areas reviewed, whether these initiatives will be sufficient to respond to any shortcomings identified and, if not, to recommend what other initiatives or remedial actions need to be undertaken.

• Recommend, to the extent that there are other shortcomings or deficiencies identified that are not already being addressed by the Group, how such issues should be rectified.

7 Comrnooweelth Banh. of Auscraita

L\325360228.1

RCD.0001.0003.0011

/ 2. Misconduct and related issues since 1 January 2008

{12] This section addresses questions 1 and 3 of the Letter by setting out the main areas of misconduct identified and acknowledged by the Group since 1 January 2008.

{13) The definition of "misconduct" in the Letters Patent encompasses conduct that is an offence under Commonwealth, State or Territory laws, is misleading or deceptive, is a breach of trust, duty or unconscionable conduct, breaches a professional standard or widely accepted benchmark for conduct.

[14) The definition refers to "offences" against relevant laws, however we have not sought to draw a strict distinction between offences and contraventions of laws. As a result, most of the areas identified below involve some degree of non-compliance with financial services laws, but not necessarily offences against those laws. The conduct also varies in terms of customer impact, severity and financial consequence.

[15) We note that the definition of misconduct in the Letters Patent also does not involve any element of intent in order for conduct to be characterised as "misconduct". Nonetheless, we have included issues in section 2 notwithstanding that there is no suggestion of intentional misconduct on the part of the Group or its employees.

[16) Following the main areas identified below, we have outlined a number of other areas across the Group where instances of misconduct and related issues have occurred.

2.1 Financial Advice: review of poor advice

Nature, extent and effect of the conduct, practice, behaviour or activity

{17) The Group's identification of poor financial advice provided to certain of its customers and its efforts to remediate those customers have been well documented in recent years. This issue has been included because we recognise that there has been misconduct by some advisers. There have also been other conduct related issues.

{18) To give some sense of the size and scale of the financial advice business, as part of the Open Advice Review (OAR) pro.gram (which is discussed in paragraph [32) below) the Group endeavoured to retrieve and catalogue advice files for the period from September 2003. The program retrieved and catalogued approximately 970,000 advice files.

[19) In the period since 1 January 2008, the Group has identified:

• lnstance.s of poor financial advice being provided to its customers, in contravention of the duties and obligations owed to customers, including those found in the Corporations Act 2001 (Cth) (Corporations Act). The reason why any particular instance of advice was not appropriate for a customer depends on the personal circumstances of that customer, but concerns identified included incorrect asset allocation having regard to the customer's risk profile and tolerance for risk; poor financial strategies; errors in the implementation of advice provided to a customer; and advice which was inappropriate having regard to the customer's relevant personal circumstances. In some instances customers suffered financial loss as a result; and

• Other instances of misconduct or unacceptable behaviour (e.g., forgery of customers' signatures) by some representatives.

[20) There have also been other instances of poor financial advice identified in other Group subsidiaries. For example, Count Financial Limited (Count) has received over 100 complaints relating to its former authorised representative Mr lnderasan (Pullen) Pillay. The complaints relate to advice alleged to have been provided between 2005 and 2008. Mr Pillay's authorisation with Count ceased in May 2008 and Mr Pillay's activities were conducted before the Bank's acquisition of Count.

[21] Finally, as part of their ongoing supervision and monitoring, Commonwealth Financial Planning Limited (CFP) and Financial Wisdom Limited (FWL) have notified the Austral ian Securities and Investments Commission (ASIC) of a number of significant breaches in accordance with section 9120 of

8 Commonwealth 6"'1h. of Auslralfa

L\325360228.1

RCD.0001 .0003.0012

/ the Corporations Act (Significant Breach Notifications). As part of their approach to good governance, they also notified ASIC where concerns existed about an adviser's conduct even though a Significant Breach Notification may not have been required. Some of these advisers have been the subject of enforcement action by ASIC, including the issuing of banning orders (see Annexure B), and court action where appropriate (for example, former CFP adviser Rick Gillespie was referred to the Queensland police and pleaded guilty to forgery). It should be noted that the Group has no tolerance for criminal matters and refers any suspected criminal activity to the police.

Investigations and proceedings

E~for'.:eab!e: Un<l.;.rtakt ll,

[22] On 25 October 2011 , CFP entered into an Enforceable Undertaking (EU) with ASIC. The EU required CFP to conduct an assessment of its risk management framework and draft an implementation plan to address any unresolved deficiencies (which was required to be reviewed by an independent expert). The EU also resulted in a number of changes to remuneration and organisational structures to help strengthen its risk management framework.

[23] The Group has conducted a far reaching program of review and remediation of financial advice. The OAR program was announced by the Group on 3 July 2014 and is discussed further in paragraphs [32].

[24] In May 2014, ASIC announced additional conditions were to be applied to the Austral ian Financial Services Licences (Licence) held by CFP and FWL (Licence Conditions). The Licence Conditions required the appointment of a compliance expert (KordaMentha) to produce three reports - the Comparison Report, the Identification Report and the Compliance Report.

• The effect of the Comparison Report (which was published by ASIC on 23 April 2015) was that CFP and FWL were required to send a letter to certain customers explaining (amongst other things) that they could have their financial advice reviewed again, have access to an Independent Adviser, have access to their customer file, and that they may, in the alternative or in addition, have access to the OAR program (discussed in paragraph [32] below).

• On 17 December 2015, ASIC published the Identification Report. The effect was that CFP and FWL were required to review a further 17 advisers to determine whether they should form part of the compensation program.

• Parts 1 and 2 of the Compliance Report assessed CFP's and FWL's compliance with the Licence Conditions and were published by ASIC in December 2016.

• Part 3 of the Compliance Report was published by ASIC in January 2018. The effect of that report was that customers of a further five advisers were required to be reviewed to determine whether they required remediation. As at the date of this submission, these reviews are almost entirely complete, and affected customers now have a number of further options available to them after considering the outcome of the review of their financial advice.

[25] Court proceedings have also been pursued for certain individual cases.

[26] The financial advice industry has been the subject of numerous Parliamentary inquiries, including those considering amendments to the legislation governing the provision of financial advice - the Future of Financial Advice (FOFA) reforms and ASIC reviews. Key inquiries and reviews are outlined below in section 5.

Attribution

[27] The advice issues were attributable to people, policies and processes that existed within a pocket of poor culture in that area at the time. More specifically, the issues were attributed to inadequate risk

9 Com.-uonwealth Baok of Auslr.ltia

L\325360228.1

management frameworks and processes, and the design and operation of reward and remuneration structures.

RCD.0001 .0003.0013

f28] As noted above, the EU required CFP to conduct an assessment of its risk management framework and draft an Implementation Plan to address any unresolved deficiencies in its risk management framework (which would be reviewed by an independent expert). We have set out below in paragraph [38] the enhancements that were made by CFP in this regard concerning its culture and governance practices (including its risk management framework).

Remediation

[29] We have set out below details of the main customer remediation activities undertaken by CFP, FWL and Count. However, it is important to note that because the Group has sought to approach remediation of poor financial advice in a comprehensive manner, some of the customer remediation that has been undertaken relates to advice provided before 1 January 2008, and is therefore outside of the time period referenced in the Letter.

[30] As at 31 December 2017, the Group's remediation activities relating to the provision of poor financial advice or adviser misconduct have resulted in approximately $96 million being offered or paid to customers.

·~s omer rerr:ed•otion al"lr:l Ef"forcer.1hl<:' Jnder+ak '1'l

[31] A summary of some of the steps undertaken to identify and remediate poor advice, including the steps that were undertaken as part of the EU, is provided in the "Executive Summary" and "Background" sections of the Comparison Report, published by KordaMentha on 23 April 2015, and available here: hltc 1a.;,1c. a ov. aw reg ulator;-resc urces:f1nct-a .. Jo ... u n i.:.nt/reeia :tslteo-4 3 1-comoarison-reo ... u •.

cornmc.nw~alth-financ1al-olanri1nn-lw01te 1.c;~,d-finan ·1al--.visdom-lim1red

Open .... avice Rs\ 1e1 program

[32] As noted above, the OAR program was announced by the Group on 3 July 2014. It issued an open invitation and provided customers an opportunity to participate in a process of review of any financial planning advice provided by FWL or CFP representatives in the period from 1 September 2003 to 1 July 2012. It was established by the Group in response to the concerns raised about past instances of poor financial advice. The key features of the OAR program included:

• Three of Australia's largest customer advocacy law firms were appointed as Independent Customer Advocates to support individual customers through the program;

• An Independent Review Panel was appointed, chaired by the Honourable Ian Callinan AC QC and having as its other members the Honourable Geoffrey Davies AO QC and the Honourable Julie Dodds-Streeton QC;

• Ms Fiona Guthrie, Chief Executive Officer of Financial Counselling Australia, was appointed as a Consultant Expert Adviser to the Independent Review Panel;

• McGrathNicol was appointed as the program's Independent Forensic Expert to investigate any concerns about possible fraud or forgery relating to the financial advice customers received; and

• Promontory Financial Group Australasia (Promontory) was appointed as independent expert to the OAR program to oversee, monitor, review and report on the program and its progress. Promontory delivered seven reports between December 2014 and 15 June 2017.

[33] The features and outcomes of the OAR program are set out in the reports which have been published by Promontory. As at 31 December 2017, the OAR program had conducted 8,658 assessments, 2,503 of which were assessed as requiring compensation. A total of $37.6 million in compensation has been offered as at 31 December 2017 (this includes negotiated settlements, and refunds to address incorrect fees and implementation errors).

1 o Com.'"Oonwealtn B;mh. ot Auslraii&

L\325360228.1

RCD.0001 .0003.0014

/ [34] A summary of the review and remediation activities under the Licence Conditions program is set out in the Compliance Reports dated 30 November 2016 and 23 January 2018, available at hrtp //de n cad.astc.guv 12u1med1a 140932441 rep504-pJbilsh.;d-5~jecember-2016 pdr and htip.l/dot1 nload. Z!Sic.oov .au media/463171 ~'rsp549-pubhshe-d-2'3januarv- -.01 S.pdf.

[35] We also note the $1.9 million of compensation that ASIC announced in its update on the licence conditions on 23 January 2018 (ASIC's media announcement available at http //asic-.9011 au1ab0Jt asicl'11edia-centrelfif'.d--a· 11ed1a-r~lease12018-releasas/. 8-0 1 amr- pdate-on-commonw~alth-bank

financial-planning-licence-.:or1difions-progr:iss-cn·C001Pensation-scheme'

[36] Count is committed to resolving the complaints about advice provided by Mr Pillay. The complaints of over 30 customers have been resolved. A further nine claims are currently being considered by the Financial Ombudsman Service (FOS). Count has also provided ASIC with details of concerns about Mr Pilllay's advice, and provided updates on its investigation and the complaints it has received.

Prevention

[37] When the first issues arose, CFP and FWL implemented a number of measures to improve their businesses, including enhancements made during the course of the EU, which were the subject of reports by PricewaterhouseCoopers (the independent expert for the purposes of the EU). The final report was published on 25 October 2013.

[38] Some of the key aspects of these enhancements included:

• Culture: an overarching focus on integrity, honesty and customer service and specifically on quality advice, including through:

Processes, procedures and Licensee standards: CFP and FWL improved existing processes, procedures and guidance to promote good behaviour, provide consistency and to support positive regulatory compliance; and

Organisational changes: a new management team was appointed and overlapping layers of management were removed, spans of control of advisers were reduced and a clear division of responsibility between various parts of the busin·ess was put in place.

• Governance: a more robust governance structure for CFP and FWL was put in place, and there was a significant increase in funding and resourcing, including:

Business structure: the advice business was separated from the product manufacturing business;

Risk Management: an improved risk management framework was developed for the advice business and the implementation of more targeted supervision and monitoring which provided a robust approach to monitoring adviser activity and conduct; and

Remuneration: CFP and FWL redesigned key performance indicators and remuneration models to reflect cultural changes within the business and changes in community and regulator expectations, which promoted good customer outcomes.

2.2 Financial Advice: ongoing service review


[39] CFP, BW Financial Advice Limited (BWFA) and Count identified instances from 2007 where customers had paid for a service as part of their "ongoing service" package and sufficient evidence could not be identified which demonstrated they were provided the service they had paid for. We have refunded

11 Commonwea1th Baonk of AuslraH&

l \325360228.1

RCD .0001.0003.0015

/ the fees that the customers paid, including interest. As at 31 December 2017, approximately $118.5 million of refunds {including interest) has been offered or paid to customers in respect of ongoing service arrangements that commenced in the period July 2007 to June 2015.


[40] Deficiencies in the provision of certain ongoing services has been an industry wide issue. A Significant Breach Notification was submitted to ASIC by CFP in relation to this issue on 13 August 2014. Count lodged a Significant Breach Notification with ASIC in September 2014, and BWFA lodged a Significant Breach Notification with ASIC on 5 December 2015. ASIC has been investigating the issue in detail and has been monitoring the remediation activities across the industry. ASIC released a report on 27 October 2016, with its most recent update published on 15 December 2017.

Attribution

[41] The ongoing service issues identified by the Group arose primarily as a result of inadequate risk management framework and processes, which meant it was not possible to effectively monitor the provision of ongoing services. The investment necessary to successfully deliver and monitor the provision of ongoing services was not undertaken, specifically:

• Without an advice arrangement based Customer Relationship Management (CRM) system, relevant service clients could not be identified, meaning ongoing contractual obligations cou'ld not be monitored effectively;

• Enhancements to the CRM system to shift to a fee for service arrangement structure were not undertaken; and

• Where a planner left an advice licensee, arrangements to ensure that there was no gap in the provision of ongoing services {or that the fees were discontinued) did not take place as the CRM did not provide readily available ongoing services information and/or that information was not always correct.

Remediation

[42] As noted above, the Group has undertaken an extensive remediation program to ensure that all customers of CFP and BWFA were appropriately remediated. The remediation methodology was developed in consultation with ASIC and with independent oversight and formal reporting to .ASIC by Ernst & Young.

{43] On 15 December 2017, the Group issued a media release noting in relation to CFP and BWFA:

• Assessment outcome letters had been issued to over 31,000 customers;

• Refunds of $117.3 million (including interest) had been offered or paid to customers; and

• The remediation activities were 98% complete and for the remaining small number of customers, the Group was confirming their current contact details or account information so that payment can be made as soon as possible.

[44] Separately, in relation to Count, as at 17 January 2018, fee refund payments totalling $1.2 million have been made to 1, 790 clients.

Prevention

[45] To prevent recurrence, a comprehensive set of actions has been undertaken including:

• The ongoing service package has been reviewed to ensure that the terms of the offer are appropriate for customers. The number of service packages CFP offers has been reduced from four to one. Customers were advised of the change and fees ceased to be charged (service provision continued for an appropriate transition period while customers were offered an opportunity to transition to the remaining service package);

12 Conunonwealth B&nk of Aus.fraifa

L\325360228.1

RC0.0001 .0003.0016

/ • Improved monitoring of compliance with contractual obligations has been implemented, with a

dedicated team ensuring that the core service of the CFP package, an annual review, is delivered within the required timeframe;

• A program to deliver a fully integrated CRM system for financial planners is expected to be operational by the end of 2018. The Group has spent approximately $46 million to implement this important improvement with expenditure continuing. For CFP, the CRM system the financial planners use, will be interfaced with the Bank's core CRM system, CommSee. This will provide additional reporting and monitoring capability which will allow simpler and more timely supervision of the provision of ongoing service obligations by representatives; and

• Processes dealing with the departure of a financial planner, to ensure that there is no gap in the provision of ongoing service or that fees are turned off, have been designed and implemented.

2.3 Storm Financial


[46] Storm Financial Limited (Storm) was a financial planning and advisory business based in Queensland until around 2009 (when Storm went into liquidation).

[47] From about 2000 to 2008, Storm advised the majority of its clients to invest in the 'Storm Model'; a model of investment advice developed by Mr Emmanuel and Mrs Julie Cassimatis, the sole executive directors (and shareholders) of Storm.

[48] The Bank maintained a relationship with Storm, during which it offered a range of services and products to Storm customers, including margin loans offered by Colonial Geared Investments (CGI) and home lending services, such as home loans and investment home loans. Colonial First State Investments Limited (CFSIL) was the responsible entity for four Storm-badged indexed funds, being the Storm Financial CFS Australian Sharemarket, Industrials, Resources and Technology funds.

[49] The 2008 global financial crisis resulted in a proportion of Storm clients defaulting on their margin loans. As a consequence, during December 2008, securities held against the CGI margin loans were sold (in accordance with the relevant terms and conditions) in an attempt to minimise the loss that the customers would suffer on the value of those securities, or to minimise the amount of customers' negative equity.


[50] The issues associated with Storm and the Bank have been subject to the following:

• ASIC investigation: ASIC commenced an investigation soon after the collapse of Storm (2009). The size and scale of the investigation was substantial, ultimately including compulsory examinations of over 50 Bank staff and the production of more than 84,000 documents in response to over 70 compulsory notices;

• Resolution Scheme: The Bank was the first lender to establish an alternative and comprehensive dispute resolution scheme in 2009 that remediated over 2,000 customers. Further details are provided below in paragraph [58]; and

• Legal proceedings: Three individual claims were commenced against the Bank in late 2009 and mid-2010. The 2009 claim was brought by Mr and Mrs Cassimatis and was dismissed by the Queensland Supreme Court in 2016. The 2010 claims were brought by former clients of Storm and were resolved in 2017. A class action was commenced against the Bank and CFS IL by former clients of Storm in July 2010. This was resolved in March 2015, with the approval of the Federal Court of Australia. ASIC commenced proceedings against the Bank and other banks in December 2010, with those proceedings being resolved in September 2012. Nineteen individual claims were commenced again.st the Bank in late 2014 in the NSW Supreme Court concerning Storm. These proceedings have now been resolved.

13 Commonwee1th Baokof Auslraita

L\325360228.1

RCD .0001.0003.0017

/ Attribution

[51] The Bank attributes the Storm issue and the impact it had on its customers to pockets of poor culture arising from shortcomings in some of its people, practices, processes and systems. The issue manifest itself in a way which impacted a discrete set of customers who had received advice from Storm.

[52] Following the experience with Storm, the Bank recognised certain shortcomings in its lending practices in relation to Storm customers. These shortcomings were present during a period of increased new business from Storm for both the home lending and margin lending sectors within the Bank, coupled with the effects of extreme market volatility in late 2008.

[53] A comprehensive review was undertaken into the nature and extent of the Bank's association with Storm. The insights from this review included:

• Home lending practices in relation to Storm clients were at times deficient. As a result, the Bank acknowledged that it should have focused more on providing service directly to customers and not through Storm (particularly in the context of the Townsville area office, where the local relationship with Storm was sometimes too close). Regrettably, the Bank's strict lending policies and practices across its home lending business were not always followed in its Townsville area office in lending to Storm customers;

• Certain staff had misused the Bank's property valuation assessment system when completing loan applications for Storm's customers, with the effect that loans against some properties were larger than they would otherwise have been had the usual and expected standards been followed;

• Although Storm dealt with separate business units in relation to the Bank's specific offerings of home loans and margin loans, visibility of line management should have been stronger and more robust given the outlier performance of the Townsville branch; one of the Bank's relatively small offices had written a disproportionately large amount of home loan business Without attracting further scrutiny;

• Following the collapse of Storm and the investigations undertaken as a result, it became clear that Storm's advice was inappropriate in respect of some of its clients, allowing some Storm clients to become too highly leveraged. As Storm was not a mortgage broker and the Bank paid it no associated commission, Storm clients who had home loans with the Bank were not readily identifiable in the Bank's overall home loan customer base. Further, staff from other divisions within the Bank were involved in opening margin loans for Storm cl ients and those Bank employees had no knowledge of the source of the investments funds (i.e. , from home loans or investment home loans); and

• The Bank had relied on Storm to do the right thing, particularly in the context of working with their clients to take timely action in relation to margin calls. Under the terms and conditions of the margin loans, the Bank was entitled to contact Storm or the customer, in relation to margin calls. At the relevant time, Storm insisted that the Bank contact it, not the customer. That arrangement, and Storm's strong reluctance for the Bank to have direct contact with its clients, was consistent with industry practice. Once the Bank became aware that Storm was not actioning margin calls with its clients on a timely basis, it rnade direct contact with customers.

Remediation

[54] In addition to the above review, a Bank-wide project was established with the purpose of remediating customers and implementing internal process improvements. The Bank worked proactively with the relevant regulators and its initiatives were subject to external review.

[55] Following Storm's collapse, the Bank began hearing from Storm clients about the nature and extent of their financial difficulties. It became clear that many clients had become significantly indebted because they followed Storm's aggressive leveraging model. As a large proportion of clients had also borrowed against the equity in their homes to invest in the Storm-badged index funds, there was also deep concern that, aside from having an unserviceable debt, they would have nowhere to live if the Bank enforced the mortgages over their homes.

f4- Commonwea1th B8'flk of Auscmlia

L\325360228.1

RCD .0001 .0003.0018

/ [56) The Bank sought to assist these clients by immediately addressing Issues of financial hardship. At that time, no immediate enforcement activity occurred for debts owed by Storm clients. The Bank also:

• Announced an interest and repayment suspension for customers who registered to participate in the Resolution Scheme that was established specifically to address issues relating to the Bank's involvement with Storm (discussed further in paragraph (58) below);

• Established a dedicated team and located them on-the-ground in the Townsville community where the hardship was being felt most acutely. The team had a presence in Townsville for 9 months, with around 45 staff (inclucfrng senior Bank staff experienced in the areas of credit and customer interaction) working exclusively on customer remediation at the height of the response; and

• Met face-to-face with hundreds of customers to learn more of their circumstances and, wherever possible, to develop a longer-term plan to help them address their hardship.

(57) The Bank's offers of assistance were tailored specifically to each customer's situation and included loan reductions and write-offs, loan restructures, reduced or zero percent interest rates for the life of a loan and permanent tenancies. To ensure that the Bank's customers' interests were protected, the Bank paid, up to a fixed amount, for affected customers to receive independent legal advice in each case, and if desired by the customer, financial advice.

Ri?solllllwn ~ rer ""

[58) To address any deficiencies in the Bank's lending practices to Storm clients, the Bank went on to establish a Resolution Scheme to provide resolutions for all eligible affected Storm cl ients. The critical attributes of the Resolution Scheme included:

• It would provide transparent and independent decision making;

• It would be efficient and timely in its processes;

• The Bank would pay for legal representation, up to a fixed amount, for all eligible Storm clients; and

• It would allow for significant client input into the process and an independent adjudication of a client's case if they elected to pursue that avenue of redress.

[59) The Resolution Scheme was available to all affected Storm clients who had a margin and/or a home loan with the Bank during the relevant period.

[60) On 14 September 2012, the Bank and ASIC entered into an agreement for the Bank to make available up to an additional $136 million as compensation for losses suffered on investments made through Storm. This was in addition to payments of approximately $132 million, and other benefits, the Bank had already provided under the Resolution Scheme.

Prevention

(61] As a result of the review outlined above, the Bank has implemented a number of improvements to its systems and processes, including:

• Implementing education programs and controls to prevent a recurrence of the relationship and structures with Storm, developing again in the Bank's retail network;

• Changes to certain functionalities in the property assessment system to significantly reduce the instances where an external valuation was not required;

• Improvements in supervisory mechanisms, includil'Jg data analysis, with a particular emphasis on interactions with third parties or areas of continued outperformance;

• Implementing a comprehensive program to prepare for the reforms concerning margin lending included in the then Corporations Amendment (Financial Services Modernisation) Bill 2009 (Cth); and

15 Commonwealth Brmk of Auslratfa

L\325360228.1

RCD .0001.0003.0019

• Undertaking a review of the initial and ongoing due diligence arrangements that it applies when agreeing for its products to be advised on or promoted by a third party, or licensed financial planners. This included updating processes to ensure customers are copied on important communications.

2.4 Wealth Package customer remediation


[62) The Wealth Package is designed to provide Retail Banking Services (RBS) home loan customers with discounts on a range of banking and insurance products offered by the Bank. Wealth Packages were first established in 2002.

[63) The Wealth Package has been internally reviewed on various occasions due to the complexity of fee waivers and resulting process and operational issues. The most significant remediation followed a complaint made in late 2013 regarding credit card annual fees, as a result of which RBS commenced comprehensive investigations into a potential issue of customers not receiving the full benefits of the Wealth Package, which included more than 10 product types.

[64) The investigation identified that there were a number of customers who were not obtaining the package benefits due to a breakdown in the package control environment over a number of years .. There were approximately 943,000 customers with a Wealth Package during the corresponding period.


[65) In May 2014, ASIC was notified of a potential breach in relation to Wealth Package. A Significant Breach Notification was lodged with ASIC on 29 August 2014. From May 2014 until the conclusion of the remediation, RBS provided regular updates to ASIC on the remediation efforts.

Attribution

[66) The issues related to the Wealth Package were caused by errors in operational processes, which were not prevented or detected through the Bank's risk management systems. Specifically, the errors related to the incorrect set up of products within the package, manual process and controls around package management, and control exception reports not working correctly to identify when a customer was not receiving the required benefits.

Remediation

[67) In 2014, RBS established a dedicated team in the. Better Customer Outcomes Program (discussed further in paragraphs [209) to [210) below) and initiated the Wealth Package remediation to identify and remediate customers where benefits were incorrectly applied. The remediation program was thorough, investigating back to 2008. The remediation was completed by 31 December 2016 and approximately 261 ,000 packages, to a total value of $77.4 million in Wealth Package benefits including interest, were remediated. The average payment per customer was $296 (including interest).

Prevention

[68) The remediation program also investigated the impact of weaknesses in the control environment relating to Wealth Package benefits. The following control improvements have been or are currently being introduced:

• The Wealth Package product offering has been simplified;

• A new automated process is being developed and will be implemented by mid-2018. This process will change the way in which package benefits are provided and will prevent similar package benefit errors;

• A number of reinforcement activities have. been implemented in the Bank to minimise manual errors when applying package benefits. They are:

'16 Commonweolth Banh. of Aus1rafia

l \325360228.1

RCD.0001.0003.0020

/ standard operating procedure documentation has been modified to ensure all required steps to set up a package are accurate and easy to follow;

loan application forms have been amended to make it easier for our lenders to input correct interest rates.

• The teams that process applications in the Bank have training aids to reinforce manual steps and the importance of following the correct process; and

• Detective controls have been implemented in the Bank to identify errors where reinforcement activities have failed.

2.5 IT procurement

Nature, extent and effe.ct of conduct, practice, behaviour or activity

[69) In late 2014, the Bank conducted an investigation into two Bank employees, Jon Gordon Waldron (Waldron) and Keith Robert Hunter (Hunter). The investigation revealed that both Waldron and Hunter had received USO payments into their Bank accounts from third parties that appeared to have links with one of the Bank's vendors. This vendor was one of over 450 IT supplier·s to the Bank and its services at the t ime represented 1.2% of total supplier spend.

[70) Both Waldron and Hunter's employment was terminated by the Bank on 24 December 2014. After their departure, the Bank continued to investigate and ultimately referred the matter to the NSW Police. The conduct of Waldron and Hunter did not impact any customers.


[71] Waldron and Hunter were each charged With offences under the Crimes Act 1900 (NSW) for fraud and receiving corrupt benefits. In June 2016, Hunter pleaded guilty and is presently serving a custodial sentence. Waldron continues to deny the charges and his committal is expected to take place in February 2018.

Attribution

[72) This incident was motivated by the self-interest of the individuals involved. However, it also highlighted areas for improvement in the organisational structure and supplier governance which the Group subsequently implemented.

Remediation

[73) No customers were affected. The steps taken to prevent similar conduct arising again are outlined below.

Prevention

[74) Following this.incident, a number of improvements were made to business practices to prevent similar conduct issues arising:

• Organisational structure changes - the internal function which manages business partners moved from the operational IT teams to the central Enterprise Services Strategy and Performance team;

• A review of all high value suppliers w ith links to Waldron and Hunter was undertaken to look for inappropriate practices. The review did not uncover any inappropriate practices in respect of those suppliers; and

• A review of supplier governance processes was conducted to identify opportunities for better implementation of the governance frameworks.

17 Commonwea1Ut B.loh. -of Aussra1ia

L\325360228.1

2.6 Foreign Exchange trading

Nature, extent and effect of conduct, practice, behaviour or activity

[75] Following global regulatory focus on conduct within the foreign exchange (FX) industry, which culminated in the FX Global Code, ASIC commenced an industry-wide investigation into its FX businesses in December 2014. As a result of this investigation, the following conduct by employees between 1 January 2008 and 30 June 2013 was identified:

RCD .0001.0003.0021

/

• On two occasions, Bank employees on an offshore spot FX desk, acquired proprietary positions in a currency after coming into possession of knowledge of large bank fix orders in that currency (i.e., there were two occasions where the Bank's traders may have been perceived to have taken advantage of knowledge of client orders);

• On at least two occasions, Bank employees traded in a manner that may have been intended to cause the trigger price for a stop loss order to trade when it might not have traded at that time (i.e., they may have traded with the intention of moving the market); and

• On a number of occasions, Bank employees on an offshore spot FX desk disclosed confidential details of pending client orders to external third parties, including identification of the cl ient through the use of code names.


[76] To resolve ASIC's concerns, an FX Enforceable Undertaking (FX EU) was offered by the Bank and accepted by ASIC on 21 December 2016.

[77] The Group's comprehensive review of the FX business included review of emails and electronic chat communication for the period of 1 January 2008 through to 31 December 2013. There were approximately 3.6 million records extracted, with approximately 530,000 identified for further review. The FX EU noted four instances of concern related to trading activity and others related to the management of confidential information.

Attribution

{78] The matter was identified following reviews into the wholesale FX industry. ASIC specifically identified limitations in conduct risk management and a need to ensure that systems and controls were adequate to address risks relating to instances of inappropriate conduct in the FX business.

Remediation

[79] The Bank has developed its FX Program having regard to various regulatory standards and guidance over time. In particular, the Bank believes the FX Program is consistent with the most recent relevant guidance in the FX Global Code (May 2017); and ASIC's Report 525, "Promoting Better Behaviour: Spot FX" (Ma.y 2017).

(80] Oliver Wyman has been appointed as the independent expert under the FX EU. Oliver Wyman has been provided with the FX Program and is currently in the process of reviewing and assessing the changes the Bank has made to the trading operating model in .recent years, including in training, procedures and oversight. The FX EU also included a voluntary contribution of $2.5 million to support the further development of financial literacy education related to the aged care sector.

Prevention

(81] Under the FX EU, the Bank has agreed to undertake certain actions in order to address ASIC's concerns, including agreeing to:

• Undertake a review of its Global FX business to seek to identify and rectify weaknesses in its management of fix orders, management of stop loss orders and handling of confidential information and it also agreed to develop a program which outlines ongoing changes which have been

18 C4lmmonwea1th Baook-of Australis

L\325360228.1

RCD.0001.0003.0022

implemented to enhance the Bank's ability to prevent, to detect and to respond to the conduct of concern identified in the FX EU, as compared to the position at the end of the relevant period (i.e., mid-2013) as well as further changes to be implemented in the future; and

• The appointment of an independent expert (Oliver Wyman) to review and assess that program.

2.7 AMUCTF

f82] Matters relating to alleged breaches of the Bank's anti-money laundering and financial crimes obligations are the subject of various ongoing proceedings and investigations, as detailed below.

Civil proceedings commenced by AUSTRAC

[83] On 3 August 2017, AUSTRAC initiated civil penalty proceedings in the Federal Court of Australia against the Bank alleging contraventions of tout key provisions of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AMUCTF Act). The alleged contraventions relate to the requirement to:

• Perforrn ongoing customer due diligence in accordance with section 36 of the AML/CTF Act;

• Submit suspicious matter reports in accordance with section 41 of the AML/CTF Act;

• Submit threshold transaction reports in accordance with section 43 of the AML/CTF Act; and

/

• Comply with Part A of the Bank's AMUCTF program in accordance with section 82 of the AMUCTF Act.

[84] Pleadings are not yet closed. The day after the Bank filed its defence on 13 December 2017, AUSTRAC served an amended statement of claim, alleging further contraventions of the provisions referred to above. The court is yet to order a timetable for further steps to be taken in the proceedings, including the time in which the Bank is required to file a defence to the amended statement of claim. The proceeding is case managed by his Honour Justice Yates.

Investigation commenced by ASIC

[85] On 11 August 2017, the Chairman of ASIC announced that ASIC is conducting an investigation into matters arising from the AUSTRAC proceedings and any consequences the matters have fot the laws ASIC administers.

f86] ASIC's investigation is ongoing. It currently includes whether the Bank, or its officers or employees, have breached the following sections of the Corporations Act:

• Sections 180 or 181 (directors' and officers' statutory duties);

• Section 674 (continuous disclosure obligations);

• Section 344 (failing to take reasonable steps to comply with its financial reporting obligations);

• Section 728 (misstatements in, or omissions from, disclosure documents);

• Section 1041 H (misleading or deceptive conduct); and

• Section 1309 (officer/employee making available, or authorising making available, information that is false and misleading in a material particular).

AMUCTF class action

[87] On 9 October 2017, Maurice Blackburn Lawyers filed a class action on behalf of shareholders who acquired an interest in the Bank's shares between 1 July 2015 and 3 August 2017, and who held some or all of those shares until after 1pm AEST on 3 August 2017. The class action alleges that the Bank knew about non-compliance with the AMUCTF Act and that its failure to disclose that information to the ASX

1 9 Commonwea1th Bifflk of Auslraiis

L\325360228 .1

RCD .0001.0003.0023

amounts to misleading and deceptive conduct and a breach of its continuous disclosure obligations under the Corporations Act and the ASX Listing Rules. The Bank intends to defend the allegations.

[88) The class action pleadings are still open. The Bank is due to file its defence on 23 February 2018, with the applicant's reply due on 9 March 2018. The proceeding is listed for case management before his Honour Justice Yates on 16 March 2018.

[89) Given the breadth of the matters covered by the proceedings and investigations, and that the Letters Patent do not require the Commissioner to inquire into matters that have l;>een or will be sufficiently and appropriately dealt with by another inquiry, investigation or proceeding, detailed submissions on these matters are not required and the Bank does not propose to provide any further comments at this point in time.

2.8 Customer remediation activities

[90) From time to time the Group identifies matters which require customer remediation. The overarching principle we follow in these cases is to put customers in the position they should have been in had the relevant products and/or services met the standards they should have. A decision by the Group to remediate customers does not always mean that misconduct has occurred. It can often mean that the Group has identified an issue where there has been a compliance and/or operational risk failure .. and then the Group takes steps to ensure customers are remediated appropriately.

[91) Our approach to remediating customers is asymmetric in that we will refund amounts overcharged to customers where possible (or where customers have been disadvantaged) when we identify these issues, but we generally do not recover historically undercharged amounts from customers (or where customers have been advantaged).

[92) The underlying causes of the issues which require remediation typicalfy fall into the following categories:

• Product administration and disclosure;

• Credit decisions and responsible lending;

• Systems, controls and processes failures;

• Sales practices; and

• Fraud or misconduct.

[93) The Group's approach to customer remediation has been an issue of focus and attention in recent years. The Group Customer Advocacy function was established in November 2015. Further details are provided in sections 3.8 and 4.4 of this document.

[94) The case studies summarised in this submission represent the most material cases during the relevant period, as opposed to an exhaustive list of all remediation activity. Other remediation programs which have taken place or are underway have followed the same principles outlined in this section. Where required, the relevant regulators have been notified and engaged in the process of performing these remediation activities. By way of example:

• Inadequate disclosure and application of relationship balance fee waiver for non-personal accounts. Certain products provided a monthly account fee and withdrawal fee waiver when the accounts maintained a defined balance. This waiver was intended to apply only to personal customers. However, and as identified by Group Audit and Assurance, it was determined that the relevant terms and conditions did not explicitly exclude non-personal entities from receiving the relationship balance fee waivers. The matter was reported to ASIC. The business identified approximately 158,000 nonpersonal customers who were technically entitled to the waiver based on the Terms and Conditions, and paid remediation of $2.28 million.

20 Com:nonwealth B3"1k of Auscraiia

L\325360228.1

RCD .0001 .0003.0024

• Comm Insure identified that the calculation of No Claim Discount did not align with the Product Disclosure Statement {PDS) as it was not being applied to a certain portion of the premium. A change had been made to the pricing algorithm for Motor Insurance policies which was inconsistent with the PDS. Following identification of issue, approximately 228,000 cases were identified and approximately $9.4 million of compensation offered and paid.

2.9 Employee misconduct

[95) The Group has mechanisms to identify and investigate employee misconduct. The Group Investigations team conducts investigations into matters involving employees, contractors and suppliers suspected of engaging in theft, fraud, bribery and corruption and/or integrity based misconduct of a serious nature.

[96) l.n addition, investigation of employee bullying and harassment allegations, discrimination claims, behavioural issues, performance management related concerns or misconduct related to policy breaches are managed by the respective business units with support provided by Human Resources.

[97) The Group has processes and policies to consider consequence management for employees and representatives found to have engaged in misconduct or inappropriate behaviour. This includes the work undertaken by the Misconduct Governance Committee. The Misconduct Governance Committee seeks to ensure that internal fraud and misconduct complaints across the Bank (including but not limited to those received through the SpeakUP channel) are managed in a reliable and consistent manner which facilitates outcomes that meet legal and regulatory requirements, and are aligned to the Group's Vision and Values, and Risk Appetite Statement.

[98) Whenever incidents arise, we investigate the actions and behaviours of relevant employees. While our approach to accountability and consequence management has not always been consistent across different issues which we have investigated, we are now seeking to improve in this area and have a consistent approach. The key distinctions we make in conducting such an investigation and then deciding on consequences are:

• Intent: whether the act of the individual involved deliberate malfeasance, and whether, having become aware of the issue, the relevant individual escalated it appropriately and took accountability;

• Competence: whether the act constituted gross incompetence, either because of its nature or magnitude, or because it was part of a pattern of behaviour.

[99) Bad intent will almost always lead to dismissal, unless there are very unusual circumstances. The consequences of gross incompetence may include dismissal, formal warnings and/or financial consequences, depending on the severity. Where there is no malfeasance or gross incompetence, coaching will result, and there may be financial consequences.

[100) Executive accountability is being assessed in a similar manner. We also have regard to the span of control of the relevant executive or manager, and reasonable expectations relating to that person's ability to prevent, or manage better, the relevant incident. Even where the individual could not reasonably be expected to have acted differently or personally controlled or prevented the conduct, there may still be consequences, including financial consequences.

[101) In the relevant period, misconduct by some of the Group's employees, contractors and suppliers typically fell into three broad categories which involved {but, may not have been limited to):

• Matters involving suspicion of misconduct which were investigated by the Group Investigations team. Misconduct incidents investigated by Group Investigations involved {but, may not have been limited to):

fraud, bribery and corruption;

theft of customer funds;

21 Coni..'tlonwea1Ul Baok ot Au3lraiia

L\325360228.1

RCD.0001.0003.0025

/ submission of false or misleading credit applications; and

serious conflicts of interest.

• Matters involving employee bullying and harassment allegations, discrimination claims, behavioural issues, performance management related concerns or misconduct related to policy breaches are handled by Human Resources. Typically the.se matters fall into the following categories of behaviour:

allegations of harassment;

bullying

breach of policy/process; and

dishonest/unacceptable. behaviour.

• Matters which are managed elsewhere in the Group. For example, the risk management team supporting RBS undertake reviews on an ongoing basis in relation to compliance and regulatory matters including conduct of front line staff and sales practices.

2.10 Customer cases

Court and tribunals

[102] Since 1 January 2008, a number of claims have been made by customers and regulators against the Group in various courts or tribunals. The claims range from routine litigation such as litigation in relation to debt recovery and insolvency to complex contractual disputes. Where proceedings are commenced against an entity within the Group, the Group typically engages external legal advisers to represent it and manage the claim.

[103] Where the Group believes it has made mistakes; we aim to engage constructively and resolve matters fairly and expeditiously. We recognise that there have been cases during this period where we have not adequately achieved this aim. However, it is also a reality of our business that customers pursue spurious claims, and/or have unrealistic remediation expectations. In such cases, we believe we have an obligation to st)areholders and other stakeholders to contest the claim, even in cases where the customer has convinced other stakeholders of the merits of the claim.

[104] In order to obtain a consolidated view of the claims, and provide the Royal Commission with information responsive to the Letter, the Group has asked each its external legal advisors most likely to have relevant information to provide it with details of all claims in relation to which the external legal advisors have represented the Group since 1 January 2008, and where an adverse determination has been made against the Group.

[105] Due to the ongoing nature of many of the claims (in relation to which it would be inappropriate to comment), the Group has not itemised each of the claims in this response. Rather, at Annexure C, the Group has provided a list of final determinations in which an adverse comment or finding has been made against one or more of the entities of the Group. The list is not a list of all allegations involving conduct issues by the Group, but is a list of the relatively few number of times a Court has made an adverse determination against the Group in cases which were not resolved by the Group prior to a final determination being made.

2.11 Regulatory actions and findings

[106] The Group is supervised by key domestic regulators who have powers to supervise and initiate enforcement actions against Group entities. We have provided a description the Group's interactions with those regulators below.

[107] In the ordinary course of its business, and through the work of our risk management teams and the work of Group Audit and Assurance, the Group identifies a range of conduct matters with potential

22 Commonwealth Bank of Aussrnlf6

L\325360228.1

RCD.0001.0003.0026

customer and regulatory implications. These matters are thoroughly investigated and reported to regulators, in accordance with regulatory obligations and our policies and processes. In many cases, we report matters at a relatively early stage; we strive to balance the need to investigate and understand the full facts and circumstances with wanting to ensure we are transparent about emerging issues.

f108] ASIC Significant Breach Notifications - From time to time, Group entities self-report by lodging notifications with ASIC in respect of breaches or potential breaches, pursuant to their obligations under section 912D of the Corporations Act. A number of the major issues notified to ASIC in this way are outlined in this submission.

[109] ASIC EU - In addition to the EUs noted in the issues outlined in this submission (at paragraphs [22) and [76], the Group has entered into two further EUs during the relevant period.

• The first was entered into in March 2012 following concerns expressed by ASIC about the approach the Bank had taken in seeking consent from its credit card customers to receive credit limit increase invitations from 1 July 2012. ASIC's view was that certain electronic messages transmitted by the Bank to its credit card customers on 12 and 13 December 2011 were misleading. The Bank immediately withdrew the message when ASIC raised its concerns; and

• The second was entered into in December 2013 {and varied in December 2014) by Commonwealth Securities Limited (CommSec) and Australian Investment Exchange Limited (Ausiex) which required them to appoint an independent expert to review their handling of client money and develop a plan to rectify any deficiencies found in their client money processes.

[11 O] ASIC Banning Orders and EUs - There have been 15 Group former employees or representatives subject to banning orders or enforceable undertakings in the relevant period, details of which are provided in Annexure B. We note that in some instances, these representatives have engaged in misconduct.

f111] ASIC infringement notices and penalties - From time to time, during the relevant period, ASIC has issued infringement notices and penalties to Group entities (in accordance with its statutory powers). The following are examples of infringement notices that ASIC has issued to Group entities:

• Responsible lending practices - the Bank has paid four infringement notices totalling $180,000 in relation to breaches of responsible lending laws when providing personal overdraft facilities. The Bank reported these breaches to ASIC following an ASIC surveillance. The Bank conducted an internal review which identified a programming error in the automated serviceability calculator used to assess certain applications for personal overdrafts. As a result of the error, between July 2011 and September 2015, the Bank failed to take into consideration the declared housing and living expenses of some customers; and

• Continuous disclosure - the Bank paid a penalty of $100,000 to ASIC relating to its alleged failure to comply with the continuous disclosure obligations. ASIC issued an infringement notice to the Bank alleging it had failed to notify the ASX after becoming aware of information about its expected loan impairment expense to gross loans and acceptances ratio for the financial year ending 30 June 2009.

[112] ASX Significant Breach Notifications - The ASX and Chi-X participants in the Group (CommSec, Ausiex and CBA Markets Limited) are supervised by ASX Compliance Limited, which has powers to initiate enforcement action and impose fines on Market Participants for breaches of the ASX Rules. ASX Compliance Limited is a wholly owned subsidiary of ASX Group. From time to time the ASX participants in the Group will lodge notifications with ASX in respect of breaches or potential breaches of the ASX Rules. Prior to the establishment of the Markets Disciplinary Panel within ASIC in 2010, the ASX also issued fines to Group entities for breaches of market integrity rules.

[113) ASIC Community Payments - From time to time the Group agrees with ASIC to make payments to community organisations or charities in response to conduct issues which ASIC has raised concerns about. We have included two examples in this submission - the payment of $300,000 by Commlnsure to the Financial Rights Legal Centre following ASIC's concerns about some of its advertising (referred to in section 3.4 below), and the $2.5 million payment to support the further development of financial literacy education related to the aged care sector payable under the FX EU (referred to in section 2.6 above).

2.3 Commonwealth Banh. of Auslraiia

L\325360228.1

RCD.0001.0003.0027

[114] APRA supervision and regulation - One of APRA's key regulatory practices is to undertake prudential reviews of its regulated entities. The outcome of the prudential reviews are issued via a formal report and can include specific observations rated according to severity of the finding for action or response by the regulated entity (i.e., requirements, recommendations, requests and suggestions). The number of APRA Prudential Reviews of the Group varies each year depending on the areas of focus and corresponding programs of work. Based on the Group's records, over the last 10 years the number has varied from 6 to 13 reviews per year. The Bank also has interactions with APRA in respect of capital requirements and credit receives instructions from time to time in relation to specific matters or exposures. Similarly, from time to time, the Group also notifies APRA of reportable breaches of prudential standards.

[115] An example of the Group's engagement with APRA is in relation to Bankwest in December 2013, APRA revoked the extension of the Bank's advanced accreditation to the Bankwest non-retail portfolio. The Bank's advanced accreditation enables it to assess risk-weightings of loans and allocate capital on that basis, rather than applying a standard set of (generally higher) risk-weightings to those loans. Following a comprehensive program to improve the risk environment and culture at Bankwest and a separate program to address APRA's specific concerns, in May 2016 APRA once again extended the Bank's approval to use its advanced accreditation approach to Bankwest. In the approval letter APRA noted their observation of "significant improvement in systems and processes . .. people, governance, data quality and risk culture relevant to the Bankwest non-retail portfolio."

[116] Another example of the Group's engagement with APRA is the APRA Inquiry into governance, culture and accountability that is described in more detail at section 1.3 above.

[117] Office of the Australian Information Commissioner - The Group has identified, and notified the Information Commission of, six breaches, or potential breaches by it (or its suppliers) during the relevant period.

[118] Code Compliance Monitoring Committee • The Group subscribes to the Code of Banking Practice which is administered by the Code Compliance Monitoring Committee (CCMC). The CCMC is appointed to ensure banks comply with their obligations under the Code. The Group's interactions with the CCMC includes:

• Lodgement of an Annual Compliance Statement reporting on compliance with the Code of Banking Practice;

• Responding to investigations by the CCMC on allegations of non-compliance with the Code;

• Responding to Inquiries initiated by the CCMC on compliance with the Code by subscriber banks;

• Providing information to the CCMC on an ad hoc basis;

• Participating in consultations/meetings with the. CCMC on an ad hoc basis; and

• Participating in the CCMC Annual Bank Conference.

2.4 C4lm:mo11wea1U\ Banh. of Auscraita

L\325360228.1

RCD.0001.0003.0028

3. Community standards and expectations and other conduct related issues since 1 January 2008

3.1 Definition of community standards and expectations

I

[119] The term "community standards and expectations" is not defined in the Letters Patent. Analysis of the term requires consideration of the two components - "community" and the "standards and expectations" of that community.

[120] It is our view that a reasonable approach is to consider the standards and expectations of a reasonably representative cross-section of the community, rather than a discrete sub-section of it. In the context of the Group, this must include consideration of key stakeholders (including customers, employees, shareholders, businesses and members of the broader community) and recognition of the role of the Group in the financial system, the economy and the ways in which its conduct and performance may impact upon each of those key stakeholder groups and the community more broadly.

[1211 The concept of community standards and expectations has a number of relevant considerations:

• Conduct which is regarded by a reasonably representative cross section of the community as unethical, unreasonable, unfair, dishonest or.inappropriate in the whole circumstances, will be conduct which falls below community standards and expectations. This also includes an expectation that the Group will act not only in compliance with the "letter of the law" but also the ''spirit of the law";

• We would expect the standards and expectations of a reasonably representative cross section of the community:

to recognise that customer and regulatory issues will arise from time to time in the undertaking of the operations of an organisation of the Group's size and scale; and

to expect the organisation to have in place systems and processes to prevent and identify misconduct and other conduct related issues and to remediate them in a timely manner where they do arise.

• It is important to note that the Group considers the high standards and expectations to which it is held by the community when providing financial services, are consistent with the high standards and expectations of the Group's employees, management, directors and shareholders;

• Community standards and expectations are dynamic and evolve over time. It follows that changes to business practices or approaches do not necessarily reflect deficiencies with the prior approach, but. may be driven by evolving standards and expectations and businesses seeking to achieve better outcomes for customers and other stakeholders; and

• Consideration of community standards and expectations also involves a consideration of the benefits to the community that are derived from having a strong banking system. This is recognised in the Letters Patent which observe that "Australia has one of the strongest and most stable banking, superannuation and financial services industries in the world, which performs a critical role in underpinning the Australian economy.'r

[122] We have set out below the conduct related issues since 1 January 2008, where the Group has taken steps to rectify issues for customers. For a number of these areas, the issues were self-identified by the Group and rectified, which we consider to be what the community would expect from the Group. We have also included some information about the evolution of our business practices to continue to meet community standards and expectations, recognising that those standards and expectations change over time.

25 Com .. "'Donweann Banh. of Auscratio

L\325360228.1

RCD.0001.0003.0029

3.2 Home insurance: flood definition


[123] There was significant focus for a number of years around the definition of "flood" and flood coverage in insurance policies across the general insurance industry. Historically Commlnsure drew a distinction between the definition of "Flood" and "Flash Flooding". For example, the 2007 Product Disclosure Statement (PDS) for home and contents insurance excluded "Flood" coverage, but did have limited "Flash Flooding" coverage. The nature of a flood or flash flood event, and the accompanying complexity and difficulty in determining (with consistent precision) if damage was caused by a "Flood" or "Flash Flooding" (as defined in the POS), had given rise to considerable customer confusion, ambiguity and delay in resolution of claims.

[124] At the time of the Queensland floods in December 2010 and January 2011 , the PDS contained a general exclusion for Flood coverage. However, in the case of Flash Flooding the PDS covered up to 15% of the total sum insured for building and 25% of the sum insured for contehts. This presented a significant challenge for both our customers and our assessors when reviewing claims and led to a number of claims be.ing denied.


[125] There have been a number of inquiries into flood insurance in Australia, including:

• Commonwealth Natural Disaster Insurance Review inquiry into flood insurance and related matters announced in March 2011. Findings were released in September 2011 and the recommendations included (amongst other things) that all home insurance, home contents insurance and body corporate insurance products need to include flood cover; and the introduction of a standard definition of "flood";

• House of Representatives Standing Committee Inquiry into the operation of the insurance industry during disaster events was announced in June 2011. The final report was published in February 2012 and made a number of recommendations, including endorsing the regulation of a standard flood definition and requirement for insurers to clearly inform consumers whether their policy provides for insurance cover in respect of flood. The House of Representatives also recommended that the standard definition of "flood" be included in the definition of Standard Cover in the Insurance Contracts Regulations 1985;

• Queensland Floods Commission of Inquiry examination of the performance of insurers in meeting their claims responsibilities in 2011. The interim report was released on 1 August 2011 and the final report in March 2012. The terms of reference did not ask the Commission to enquire into the flood definition, because it had already been the subject of two other inquiries, however the report did address insurers' performance where they were responsible for meeting claims.

Attribution

{126] The lack of standardisation of flood coverage, and associated lack of clarity and confusion for customers, was an industry wide issue which has been raised over a number of years in response to a number of flood events. The Insurance Council of Australia, and Commlnsure, welcomed the enactment of regulations (described below) that sought to provide customers with greater uniformity, clarity and awareness of flood coverage.

Remediation

{127] Commlnsure determined that it was likely that a significant number of customers' claims from the Queensland flood event would be declined or only partially paid in accordance with their home insurance policy. Recognising the limitations of the policy and the widespread effect on customers it would have, the Bank established a mechanism by which customers impacted by the flood could be provided with assistance. The "CBA Compassionate Fund" was established with an allowance of up to $50 million. A team of specialists was established to oversee the distribution of payments to customers.

26 Com .. -nonwea1Ul Banh. <tf Ausm11ia

L\325360228.1

RC0.0001.0003.0030

[128] The total amount paid to customers out of the CBA Compassionate Fund in relation to Queensland flood event claims was around $27 million. The "CBA Compassionate Fund" was subsequently extended to cover customers impacted by floods that occurred at or around the same time in Queensland and other states. The CBA Compassionate Fund was not a remediation, but was instead a form of support for customers in financial hardship.

Prevention

[129] Following the Queensland floods, and specifically in response to the Commonwealth Natural Disaster Insurance Review, legislation was enacted in 2012 to reform flood coverage in insurance policies. The reforms included standardisation of the definition of ''flood" and a requirement for insurers to clearly inform consumers whether or not their policy provides for insurance cover in respect of flood.

[130] In 2013, Comm Insure published a new PDS (for new and renewing customers of home and contents insurance policies), that ensures:

• All customers are now covered for Flood under the Commlnsure General Insurance PDS; and

• Customers are not provided with an option to "opt in" or "opt out" of flood coverage (on the basis that Comm Insure adopted the. position that customers would be provided with greater protection if flood coverage is mandatory).

3.3 Consumer credit insurance: credit card and loan protection


[131] In 2015, the Bank identified that some customers who purchased Credit Card Plus (CCP) insurance may not have met the employment eligibility criteria in the product terms and therefore they may not have been able to claim certain benefits under the policy. These customers were still able to claim on some of the benefits including Death and Terminal illness, but may not have been eligible to claim for disability or unemployment benefits. The number of CCP customers impacted was approximately 65,000.

[132] CCP insurance is a financial product which is sold to customers through the provision of general advice (rather than personal advice that takes into account their personal circumstances) and is designed to meet the needs of as many customers as possible. As a result, we were not confident that the eligibility criteria to claim disability or unemployment benefits had been explained clearly enough to our customers. On that basis, we assumed that customers who were ineligible may not have understood the limitation on benefits at the time they purchased CCP insurance.


[133] The Bank self-identified and reported this issue to ASIC in 2015, addressed it and worked w ith ASIC on a refund program which was agreed in April 2017, covering the period 2011to2015.

[134] The Bank then investigated whether this issue could occur in other products within the Consumer Credit Insurance range. In May 2017 we identified customers within the Loan Protection Product (LPP) (Home and Personal Loan) who also may not meet the.employment eligibility criteria. ASIC was notified on 4 October 2017 and the investigation work has begun to refund customers in a manner consistent with the CCP customers.

Attribution

[135] The issue arose due to weaknesses in the process for product distribution and failure in internal processes and controls to prevent or detect these weaknesses. These products were not designed to be distributed via a financial planner or, in the context of personal advice, tailored for a customer's specific needs. Customers were advised that they should consider whether the product was suitable for their needs in line with the requirement that applies to the provision of general rather than personal advice. While training and scripting· focussed on key features of the product, information about exclusions was general in nature and exclusions relating to a customer's employment arrangements were not specifically

27 Commonwealth Bank of Aus.tro1i6

L\325360228.1

RCD.0001.0003.0031

brought to a customer's attention in sales scripting (although these were detailed in disclosure documents).

Remediation

/

[136] Approximately 65,000 CCP customers were eligible for a refund, and refunds of approximately $10 million (including interest) have been made to date. This represents an average refund of approximately $184 (including interest) per customer.

[137] For LPP, while the investigation is at an early stage, we have so far Identified approximately 20,000 customers eligible for refunds estimated at approximately $3.4m.

Prevention

[138] The Bank has improved its sales practices to avoid offering these products to customers who we know are ineligible to claim on all the benefits on the basis of information they provide at the time of application.

3.4 Commlnsure: heart attack definition & related allegations


[139] In March and April 2016, a number of media reports raised allegations regarding Commlnsure's life insurance products and claims handling practices and procedures.

[140] The media reports alleged that Commlnsure used outdated medical definitions in life insurance policies; engaged in poor claims handling procedures and practices including deliberately delaying or inappropriately declining claims; applied undue pressure to doctors to change or alter their medical opinions or "cherry picked" doctors; deleted or altered medical records; significantly increased surveillance over a particular period; and claims staff were incentivised to decline claims.

[141] We acknowledged at the time that some customers had poor experiences with Commlnsure. We apologised for that, particul·arly recognising that when customers make a life insurance claim, they are going through a time of significant stress. Extensive investigations have shown that many broader claims made regarding the conduct of the business were unsubstantiated or disproven. For the purposes of the Royal Commission, it is important for us to highlight the significant factual gaps in some of the claims. In doing so, we also affirm our previous apologies to individuals affected, and stress that in no way does our criticism of those broader claims diminish their understandable feelings of disappointment. We remain committed to delivering better claims experiences for our customeFs.

[142] Investigations undertaken by both ASIC and APRA, as well as reports from the independent experts appointed by Commlnsure, concluded that:

• Comm Insure does not deliberately avoid payouts to customers, and no systemic issues were identified relating to historically declined claims;

• No evidence was identified that the current and planned improvements to the claims handling processes are designed in a way that could systemically deliver poor customer outcomes;

• There was no evidence to support allegations that Commlnsure claims managers applied undue pressure on doctors to change or alter their medical opinions, or selectively chose doctors to give preferred opinions in favour of the insurer;

• There was no significant increase in surveillance by Commlnsure as alleged and that the trigger for, and use .of, surveillance was reasonable in each instance;

• There was no evidence that medical opinions were deleted or altered outside the Medical Risk T earn other than for appropriate administrative functions; and

• Claims staff do not receive financial incentives for declining claims or delaying claims assessments.

~a Commonwealtfl Baok of Auslrnfia

L\325360228.1

RCD.0001.0003.0032

[143] In short, the core allegations of wilful or widespread miscondu.ct levelled against Commlnsure, which received substantial media coverage, were subsequently found to be either unsubstantiated or disproven.

[144] However, we acknowledge that ASIC concluded in its report that Comm Insure had trauma policies with medical definitions that were out of date with prevailing medical practice. While ASIC noted this is not against the law, it considered that it was clearly out of step with community expectations. In regard to claims handling ASIC did not find any breaches of law, but did conclude there were a number of areas of concern in which Commlnsure fell short of consumer expectations or best practices. ASIC also noted that a number of these concerns were not confined to Commlnsure and were found more widely across the life insurance industry.


[145] As outlined above, a number of reviews were commissioned to investigate the concerns raised in the media. Comm Insure engaged with ASIC and APRA in relation to the appointment of the independent experts and the scope of the reviews and investigations (which covered the period from 1 January 2013). Both regulators were provided with the final reports following the conclusion of those reviews.

[146] ASIC released its findings on 23 March 2017 which are outlined above.

[147] Overall, ASlC's investigation concluded that Commlnsure did not contravene the law and in its final report ASIC stated that it did not intend to pursue any further action in relation to the majority of the allegations.

[148] A number of areas of process improvement were recommended and work is underway to implement them.

[149] ASIC requested and Commlnsure agreed to undergo a further implementation review by an independent expert in mid-2018, to test the effectiveness of the process improvements, and to provide additional assurance that Commlnsure is making the necessary improvements to its business.

[150] ASIC also investigated a small number of advertisements relating to heart attack which appeared in adviser materials and on the Commlnsure website. In response to ASIC's concerns Commlnsure made a $300,000 payment to the Financial Rights Legal Centre (which was paid in December 2017). Commlnsure has also agreed to have its advertising sign-off processes independently reviewed and will report to ASIC by 30 June 2018 on the results of the review.

Attribution

[151] The lack of standardisation of benefit definitions in life insurance products across the industry (such as trauma insurance) has contributed to a lack of clarity and confusion for consumers. The complexity of meeting the insurance medical criteria required to access a benefit under a trauma policy can result in a misalignment of expectations for customers who have a clinical diagnosis that is different from the insurance definition. This added to the confusion for consumers. Challenges also exist with keeping policies and definitions aligned with rapidly improving medica.I diagnostic techniques.

[152] Commlnsure had reviewed its heart attack definition on a number of occasions. Decisions made to not amend the heart attack definition were based on a judgement which balanced insurance risk with customer affordability, policy holder impact, and competitiveness.

[153] While Commlnsure's heart attack definition was consistent with some of its competitors in the industry in 2016, it has acknowledged it should have been updated earlier and the decision not to update the heart attack definition in 2014 was a commercial misjudgement.

[154] The improvements in Commlnsure's claims handling processes identified by the independent reviews had in part already been recognised, and were in the process of being implemented, by

2 9 Commonwealth Baoh. of Aus.1raife

L\325360228.1

RCD.0001 .0003.0033

/ Cornmlnsure. Other enhancements recommended by the independent reviews are part of the continual evolution and improvement in Commlnsure's business.

Remediation

[155] At the time of the media stories, a planned update to the heart attack definition was scheduled for late 2016. Commlnsure decided in March 2016 that the definition should be updated with immediate effect, and in advance of the scheduled product update. Commlnsure made the decision to backdate the application of the changes to its heart attack definition to any claims arising since the date of the m0st recent full product review, i.e., May 2014. Following a request from ASIC in March 2017, Comm Insure further backdated it to October 2012.

{156] Commlnsure wrote to approximately 600,000 customers informing them of the changed definition and actively searched for previously declined claims. As a result of that exercise, Comm Insure has paid to date 33 customers a total amount of $4.2 million.

[157] To provide some context, throughout the same period Commlnsure paid approximately $4.4 billion in life and income protection payments to around 86,000 customers.

[158] The independent expert report into Claims handling was made public and found no systemic issues with past declined claims. The review was thorough and identified some instances that led to a poor customer experience. We apologised to those customers and rectified any mistakes made. Further detail is available at ti tosi11v.... 'W commbdnk co1n.au 1conten!ldarn'i::aastr.e 1sroo•11ldocs Cc• Ylmlnsur~v .200e. oitt€<'.1120Report 'e

20Claims0{ 20Rev1ew%20Prcgr:irr. -.::tf

Prevention

Po/1cv ciarm;nons

[159] Alignment of insurance policy definitions with medical definitions is an industry-wide issue that has been partially addressed by the introduction of the Life Insurance Code of Practice on 1 July 2017. The code includes standard definitions for three trauma conditions, one of which is heart attack, and a minimum period for reviewing definitions.

{160] In addition, over the last 12 months, Commlnsure has reviewed all of its medical definitions and developed a common product terms library. Comm Insure is also updating its product management procedures to provide practical assistance to Comm Insure staff in the application of cw~tomer advocacy principles to the product lifecycle and in defining expected customer outcomes.

C'larr'1s i;ard mg ::>rocs-.ss.,.s

(161] Throughout the reviews, Commlnsure acknowledged there were a number of areas for improvement to its claims handling processes. In addition to a program of work which Comm Insure had already commenced, Cornmlnsure requested an independent expert to make recommendations to enhance elements of the claims handling process. The recommendations included improved communications with consumers and enhanced training and assistance for claims managers to deliver a better experience for customers. Those recommendations have been accepted and are in the process of implementation.

3.5 Unpaid superannuation


[162] In 2009, the Australian Taxation Office made a "Superannuation Guarantee Ruling" which dealt with superannuation payable to employees. As this was a complex and technical area the Group sought advice to assist us to implement this change in practice. We decided in 2009 that while superannuation is payable on ordinary hours worked by our part-time employees, it was not payable on extra hours or overtime worked by them and this is how we implemented the new ruling.

30 Conm1onweaHh Bil'Ok ot Aus.sraffs

L\325360228.1

RCD.0001 .0003.0034

/ [163] However, in 2017 after reviewing this matter following discussions with the Finance Sector Union, we were no longer comfortable with the view we took in 2009. While there was no change in the law, we decided that extra hours worked should have superannuation applied.


[164] The Group engaged with the ATO in relation to the part-time superannuation issue and agreed the remedial response for affected employees. The Senate Economics References Committee also undertook an inquiry into Superannuation Guarantee non-payment in 2017 which the Bank participated in, including lodging a submission and appearing at a hearing of the Committee.

Attribution

[165] In response to requests from the Finance Sector Union and eight affected employees, the Group reviewed its interpretation of the 2009 ATO Ruling. The issue is attributable to the initial interpretation of the ATO ruling noted above.

Remediation

[166] In order to remedy the issue and adjust any superannuation underpayments and interest payments, the Group undertook a review of approximately 75,000 current and former employee records.

[167] Approximately 36,000 adjustment statements have been issued to current and former Group employees. As at 31 December 2017, approximately $18 million of back dated superannuation and interests payments have been made. Remediation of under accrual of annual leave and long service leave was also completed and 18,362 employees received adjustments to balances during August 2017 to reflect correct entitlements. 8,412 former employees are entitled to receive a cash payment (plus interest) in respect of payments that should have been paid at the time of exit.

[168] The Group will undertake a second round of remediation in 2018 for additional superannuation and other adjustments from 1 July 2017 to the inception of the new payroll system.

Prevention

[169] The Gro\,lp is implementing a new payroll system in March 2018, which includes the necessary adjustments for payment of superannuation on additional hours, in addition to other changes to ensure employees received the correct entitlements.

3.6 Aussie Home Loans


[170] The Group acquired a 33% interest in Aussie Home Loans (Aussie) in August 2008, and increased its investment to 80% in December 2012. On 9 August 2017, the Group announced that it had acquired the remaining 20%, giving it 100% ownership.

[171] To provide some context to the Aussie business, the total number of.Aussie customers who have settled a home loan through Aussie in 2017 was 63,795. Aussie employs over 280 people, and the total number of Aussie brokers who provide credit assistance services is over 1000.

[172] Aussie received its own letter from the Royal Commission dated 15 December 2017. While it has not identified any systemic misconduct or any systemic practice, behaviour or business activity fafling below community standards and expectations engaged in by Aussie or on its behalf during the relevant period, it provides the following information about issues it has identified.

[173] During the relevant period, Aussie has identified isolated and unauthorised incidents of conduct issues and some technical breaches of the law, in relation to the credit assistance services provided by Aussie brokers and in interactions between employees and Aussie· brokers. There have also been isolated issues which required customer remediation in relation to Aussie's white label products.

31 Commonwealth Bilok of Austr-Jtfa

l\325360228.1

RCD.0001 .0003.0035

/ [17 4] Examples of the nature of isolated and unauthorised conduct issues that Aussie has identified includes former brokers using customer information and seeking to contact Aussie customers in contravention of their contractual and privacy obligations; provision or facilitation by brokers of false or misleading information and false declarations from customers in the process of applying for loans; behavioural conduct such as offensive or otherwise unprofessional behaviour directed towards or amongst employees and/or brokers. Aussie also identified some minor system or process errors resulting in incorrect calculation of interest, fees or charges by the credit provider(s) on Aussie white label products and a small number of self-identified contraventions of the National Consumer Credit Protection Act 2009 (Cth) (NCCP Act).

[175] Where appropriate, Aussie has reported the conduct issues to ASIC and, through Group Investigations, to the police. In addition, as Aussie requires all Aussie brokers to be a member of the Mortgage and Finance Association of Australia, Aussie has reported conduct issues to that body. The Mortgage and Finance Association of Austral ia has a Tribunal which has the power to issue determinations to expel and suspend members and cancel memberships.

[176] In addition, as part of the Government's response to the Financial System Inquiry, Improving Australia's Financial System 2015, the Government requested ASIC to undertake an industry-wide review of mortgage broker remuneration.

[177] ASIC released its report on 16 March 2017, and the Government engaged in a consultation process in the period up to 30 June 2017.

3. 7 Other issues of community interest or concern

[178] The Group recognises that during the relevant period, there have been other issues which have been the subject of media interest, consumer complaint and previous inquiries, investigations or proceedings.

[179] The Group does not consider these issues to be areas of misconduct or other conduct related issues. However, the Group acknowledges that there may be some customers who will consider that they are. We have not sought to list each issue that is subject to media interest or complaint, but do note the following matters of prominence.

Bankwest post acquisit ion allegations

[180] Following the Group's acquisition of Bankwest, there have been two major issues raised by segments of the community:

[181] The Bank and HBOS entered into a Share Sale Deed for the purchase of Bankwest and associated assets on 8 October 2008 (Deed). The purchase price of $2.1 bill ion could only be varied by the price adjustment mechanism in the Deed. Any change was to be determined by reference to the capital position of Bankwest (and other acquired companies) as at.the acquisition date of 19 December 2008. Various allegations were made around 2012. It was alleged that the Bank directed Bankwest in early 2009 to raise provisions and default various commercial loans to receive a benefit from the operation of the Deed, and claw back part of the Bankwest purchase price from HBOS (Clawback Allegations).

[182] The Bank has denied the Clawback Allegations. HBOS and the Bank engaged an independent expert in 2009 to assist the parties determine the correct level of impairment provisions to be appropriately recognised as at 19 December 2008. The independent expert process and the determination of the level of acquired provisions was completed by July 2009. The expert determination and the adjustment mechanism provided for under the Deed resulted in a purchase price increase of $26 million.

[183] The Clawback Allegations made against the Bank have largely been abandoned following examination in legal and political forums. For example in the case of International Skin Care Suppliers v CBA [2013] NSWSC 1768, Justice Hammerschlag held (at [605]) "[t}here was no proper basis for the charges of dishonesty against the Bank and its officers which were levelled in the clawback arrangement

32 Commonwealth Baoh. of Auslratfe

L\325360228.1

RCD.0001.0003.0036

claim. It is difficult to see how the view could properly have been formed that there was any basis fot the allegations. They should not have been made". In addition this matter was explored in detail in a report published by the Parliamentary Joint Committee on Corporations and Financial Services on 4 May 2016 entitled "Impairment of Customer Loans" (see Chapter 7.48 and following).

[184] The Group has reviewed many customer cases relating to business banking customers of Bankwest around the time of the acquisition. These reviews have taken place both at the request of customers, and also as a result of parliamentary or other Governmeht inquiries. For example, at the request of the Parliamentary Joint Committee into the Impairment of Customer Loans, the Group reviewed, in detail, seven Bankwest customer cases and provided the Committee with comprehensive timelines relating to each case, including details of the specific default and the assistance offered to the customers through their difficulties. In no cases did our review suggest that the Bank had acted against the customers inappropriately, although we did conclude in one case that the customer's experience had been poor. For reference, in 2009 Bankwest had in the order of 26,000 business customers.

[185] We also note that to assist the Parliamentary Joint Committee, the Group conducted a basic file review of:

• Customers who lodged a submission relating to Bankwest with the Committee or who have appeared before the Committee (around 40 customer cases); and

• Customers who were considered as part of the Ernst & Young Expert Determination Report dated 7 July 2009 (67 customer cases).

[186] The purpose of this review was to satisfy ourselves that customers had in fact missed repayments and the Bank had not inappropriately taken action against the customer. These reviews found that the existence of loan to value ratio issues alone in a customer default situation was low. In 86 out of 95 cases, the customer's loan was overdue for repayment, or was in interest arrears, or both. In the remaining cases, either no receiver was appointed, or significant other defaults were evident. For customers who provided a submission to the Committee, the average number of days between the first default evident and the appointment of receivers was 539; the median number of days was 397 days.

Responsible Lending

[187] Responsible lending obligations in the NCCP Act are designed to protect consumers from unsuitable credit arrangements. Before entering into a credit contract with a consumer, a lender is required to assess that the contract will meet the borrower's requirements and objectives and that the borrower will be able to meet their repayment obligations without substantial hardship.

[188] These responsible lending obligations require lenders to make reasonable inquiries about both the borrower's requirements and objectives and their financial situation and to take reasonable steps to verify the consumer's financial situation. Lenders are required to base their assessment of the suitability of a loan on the information obtained from these inquiries.

[189] Concepts like 'reasonable inquiries', 'reasonable steps' and 'unsuitable' are open to different interpretations and ASIC's guidance has confirmed that these are scalable and can be applied differently depending on the circumstances. The .industry's understanding of these concepts has evolved since the legislation was first enacted. ASIC's guidance has played an important role in this, with more detailed guidance being released over time through changes to RG 209 and the issue of various reports. This guidance has also evolved considerably following judicial decisions on the interpretation of responsible lending obligations. The changing guidance and interpretation of responsible lending obligations has presented challenges for the industry.

[190] Over time we have experienced operational incidents that have impacted our responsible lending practices, including:

• inaccura:cie.s in our calculations;

33 Commonwea1th Baoh. of Ausu'Gifa

L\325360228.1

RCD.0001.0003.0037

/ • insufficient documentation and verification;

• failure to correctly follow scripting;

• employee and third party misconduct; and

• deficiencies in controls around manual loan approval processing.

{191] We have participated in a number of regulatory led industry reviews in relation to responsible lending practices, such as reviews of mortgage broker remuneration and of interest only home loans. We are currently participating in ASIC reviews relating to reverse mortgages and credit cards. Where reviews have led to recommendations to industry, we have factored these into our system and process improvement programs.

{192] When we identify issues with our responsible lending processes, we notify ASIC, APRA and other relevant regulators where appropriate. Controls, processes and systems are also amended to prevent errors from re-occurring. We have worked with our regulators to address systemic issues, including process and system re-design and remediation of impacted customers. For example:

• In 2014, the Bank advised ASIC that some of the its telephone banking representatives did not correctly follow scripts when processing credit limit increases for our· existing credit card customers. This resulted in some customers being granted unsuitable credit limits; and

• In 2015, the Bank advised ASIC of errors in its serviceability calculator which applied to some personal overdraft applications. This resulted in some customers being granted an overdraft when their application should have been declined and some cu.stomers being granted a higher overdraft limit than they were eligible for.

[193] Given the importance of this issue it is a focus of Risk Management and Group Audit and Assurance reviews on an ongoing basis.

[194] The Group has made significant investment over the last 18 months in its lending systems and processes to ensure we meet our responsible lending and other regulatory requirements. The following are some key changes made by RBS:

• introduction of the "Credit Assessment Summary Document" - a summary of key information relating to a customer's financial position as reflected in their application;

• lender front end system capability improvements, for example, the introduction of a frontline proprietary serviceability calculator;

• significant credit policy changes, and changes to a number of our Interest Only Lending terms and conditions; and

• re-engineering of unsecured lending application processes across personal loans, credit cards and personal overdrafts.

Agribusiness

[195] There have been some suggestions in recent years that enforcement action in relation to farms is excessively high and that these decisions are taken in haste by financial institutions with little engagement with customers. This is not the experience of the Bank. Of our 25,000 agribusiness customers, we have foreclosed on five farming businesses or assets nationwide in the last financial year. In these cases, we had worked with the customers to explore alternate solutions over an extended period of time. In the vast majority of cases, customers in financial difficulty are able to work with the Bank to restore their position and keep their business as a going concern.

[196] Our customers also have the option of resolving any concerns with us through the farm debt mediation schemes that run in a number of jurisdictions. The Bank believes farm debt mediation provides

3"4 Commonwea1th Bank O't Auslraiia

L\325360228.1

RCD.0001.0003.0038

/ a valuable mechanism for both banks and farmers to develop mutually agr.eeable solutions in relation to loans.

Small business lending

[197] We have responded to concerns we were hearing from the small business sector about our lending contracts and we have simplified the way we provide finance to them. For customers with total lending facilities below $3m we:

• removed financial indicator covenants (excluding property development, foreign currency loans, loans to super funds, margin loans);

• removed material adverse change "catch-all" clauses and reduced the non-monetary events of default down to seven key areas, which are all within the customer's control;

• provided a minimum 30 day cure right where the default is capable of being remedied by the customer;

• provided customers with 45 calendar days' notice period when making changes to all general restriction clauses and covenants; and

• provided 120 day notice prior to term loans maturing and providing an additional 90 day notice if a decision is made to not roll-over a term loan.

[198] For all loans using standard documentation we are in the process of simplifying and rewriting in plain English the business funding documents, Letters of Variation and the standard Terms and Conditions for business lending, trade finance and corporate cards customers. A new one-page summary of default and key detrimental outcomes will also be included.

[199] These changes impact 96% ofour small business customers.

Whistleblowers

[200] The Group's treatment of whistleblowers has been the subject of some criticism over the course of the relevant perfod, and in particular, in recent years. The Group recognises the important role that whistleblowers play in identification of issues, which is in the best interests of the Group. However, we do find that from time to time following comprehensive investigations, the allegations raised by whistleblowers are unsubstantiated.

[201] A number of the issues highlighted in these submissions were the subject of whistleblower disclosures. We are committed to embedding a culture of 'speaking up' and have enhanced our whistleblower framework to ensure that we provide our people with a trusted and effective place to go if they need to raise anything (further details of the improvements to our whistleblower policies are set out in section 3.8 below).

Bank Bill Swap Rates

[202] For several years, ASIC has been conducting a wide-ranging investigation into claims that a number of major banks traded bank bills in the interbank market with the sole or dominant purpose of manipulating the Bank Bill Swap Rate (BBSW). ASIC commenced proceedings against other major Australian banks in relation to the issue. The Bal"lk continues to discuss this matter with ASIC. The Bank and other major Australian banks have been joined as defendants in a US class action commenced by US investment fund Sonterra Capital Master Fund, various US "Frontpoint" investment funds and trader Richard Dennis. The class action complaint alleges that 15 international banks and 2 international interdealer brokers conspired and colluded to manipulate BBSW for the purposes of mutual profit. The defendants (including the Bank) have filed a joint motion to dismiss the action. The Bank disputes the allegations made against it

35 Commonwealth Ba-ok of Auslralfe

l \325360228.1

RC0.0001.0003.0039

3.8 Enhancements to our business practices to meet community standards and expectations

/

[203] The Group is constantly seeking to improve the way that it does business. In addition to the areas outlined above in response to question 2 in the Letter, where the Group has taken steps to address certain conduct, practice, behaviour or business activity, there are a number of examples where the Group has enhanced its approach and the way it deals with customers in response to its assessment of community standards and expectations, as those standards and expectations evolve over time. In these circumstances, it is not necessarily the case that the Group's conduct was previously below community standards and expectations, but that the Group identified there was scope for improvement.

Customer complaints

[204] The Group's processes are designed with an aim to resolve customer complaints at the first point of contact and to escalate quickly and appropriately where issues cannot be resolved at the frontline. The Group's complaints handling policy mandates that all staff are trained to identify and resolve complaints and ensure that all customer complaints are recorded.

[205] In 2008, priority and escalated complaints handling was centralised into a specialist team - Group Customer Relations (GCR)- to ensure a consistent approach. Where a complaint cannot be resolved at the frontline or is lodged at an external complaints authority, it is escalated to GCR. In 2010, the Bank also invested in a complaints database (Firstpoint) and a training program to record complaints and drive increased customer satisfaction. Staff are trained to record all expressions of dissatisfaction in the Firstpoint system.

f206] Our approach to complaints management is to encourage staff members to log all customer complaints and expressions of dissatisfaction in our systems, so that we can address them. The large majority of complaints are minor issues or queries which are resolved immediately by front-line staff at the time the customer raises the issue.

[207] Where a complaint cannot be resolved by GCR, customers have the option of taking their complaint to the Group Customer Advocate or to the relevant external dispute resolution scheme or external tribunal - for example the FOS or Superannuation Complaints Tribunal (subject to jurisdictional limits).

Group Customer Advocate

[208] In November 2015, the Group established a new function, Group Customer Advocacy, to consider the causes of, and appropriate responses to, customer outcome concerns, and lessons learnt from previous misconduct and other conduct related issues. Further details of the role and function of Group Customer Advocacy are discussed in section 4.4 below.

Better Customer Outcomes Program

[209] This program was established in January 2014 to systematically and proactively investigate conduct risk in RBS. The Group made a strategic decision to invest in managing conduct risk and build on the lessons it had learnt and from banks in other markets, particularly the United Kingdom where banks had experienced significant regulatory reform following the global financial crisis. Since that time, the program has assessed more than 50 RBS products against agreed product standards that cover product complexity; transparency; pricing; and staff incentives. The program has also identified and/or managed issues which have then been the subject of customer remediation - such as the Wealth Package remediation outlined in section 2.4 above.

[21 O] Examples of the program delivering value to our customers are:

• Making our terms and conditions simpler for our customers by reducing the length of Terms and Conditions documents, including one page summaries and tips to help customers maximise the value to them of the product and avoid unnecessary fees.

J.6 Commonwealth Banh. of AusCraffa

L\325360228.1

RCO .0001.0003.0040

/ • Changes that make RBS credit cards more affordable and manageable. For example, updates to old

credit card contract conditions to reflect the conditions available to new customers have resulted in material savings for our credit card customers. We have also introduced SMS payment reminder alerts as an easy way for customers to manage their spending and late fees. The savings to customers on the SMS payment reminders alone equates to $7m in reduced fees. The introduction of Click to Close for Bank customers also makes it easy for customers to instantly cancel their credit cards online.

• Enhancing our culture and sales practices by ensuring how we recruit, induct, train and performance manage, reward and remunerate employees is grounded in the Group's Vision and Values (discussed below at section 4.2).

Product improvements to better meet community standards and expectations

(211] We listen to our customers' feedback, and have taken steps to enhance our products and services to better meet the community's needs and expectations, recognising that these things change over time. For example., customers are increasingly expecting digital solutions for their banking needs and we have enhanced our products and services accordingly. Some examples include:

• Using the Comm Bank app customers receive an alert to help them avoid unnecessary fees or charges. Customers are alerted when a cash advance fee will be incurred and that higher interest will accrue;

• Analytics for business customers - we have enabled more than 600,000 business customers on our market-leading analytics platform, Daily IQ, free of charge. Through Daily IQ, business customers have access to customised insights around their cash flow, customer base and industry performance to enhance their financial success;

• Introducing Pay-to-Mobile functionality that allows customers to send money through the CommBank app securely to more than 200 countries in over 30 currencies, just by sending a message and a unique collection code from their mobile phone to the recipient's mobile phone. As a result, over 90 per cent of retail international money transfers are now sent digitally, with customers taking advantage of the speed, security and 24/7 availability of online services;

• For General insurance customers - SMS weather alerts for motor customers in our most storm or cyclone affected areas; utilisation of geo-routing technology to identify customers calling from areas impacted by weather events so they can be connected directly to claims staff; and online claims lodgement functionality and digitally authenticated claims forms, which pre-fill customers' personal details and use robotics to automatically submit completed forms to the claims system without human intervention; and

• For Bankwest customers, the introduction of "Easy alerts". This functionality alerts customers whenever their card is used on a pay pass transaction, when a deposit is made into their account, when an international payment is made, when their account has a low or high balance (customers set this limit), when a scheduled payment is about to be made and when a payment is due on their credit card (reducing the chance that customers are charged late payment fees).

Supporting vulnerable customers

(212] The Group has put in place initiatives to support customers who find themselves in a vulnerable position, or customers who are more vulnerable to fraud or scams. Some specific initiatives include:

• Domestic Violence - the Bank has had a long standing focus on the issue of domestic and family violence. In 2015, the Group developed a strategy to ensure we are part of a whole-of-community movement to end domestic and family violence. Our strategy consists- of five key pillars: providing a safe place to work, supporting our customers in crisis, championing gender equality, promoting financial independence and advocating for change. We have delivered a number of initiatives internally since launching the strategy, including increasing our domestic violence leave provisions to

3? C1lmmonwcaJU1 Saok ot Austratfa

L\325360228.1

RCD .0001.0003.0041

/ ten days leave for Bank employees living in a domestic violence situation and five days leave for those caring for family members who are experiencing domestic violence. In 2017, the Bank launched our Domestic & Family Violence Emergency Assistance Package in partnership with Telstra and Rape and Domestic Violence Services Australia.

• Hardship - the Bani< has more than 16 million customers and we recognise that some of them are experiencing financial hardship and are in need of assistance from us. The Bank's Financial Assistance Solutions team considers every request for assistance on an individual basis and works with customers to develop a solution to help customers get their finances back on track. The Bank has recently established a number of pilots and initiatives to support customers by proactively identifying customers in financial hardship and then connecting customers to professional counselling and advisory services at no charge to the customer. Support typically includes providing financial guidance, giving those customers additional time to pay back loans, and then connecting customers to professional counselling and advisory servic~s at no charge to the customer.

IB&M Global Markets Conduct function

[213] Global Markets announced the appointment of a Head of Conduct in September 2015 and established the Conduct, Operational and Regulatory Risk team in May 2016 with a specific remit for the design and implementation of a conduct strategy and framework in Global Markets within Institutional Banking & Markets (IB&M). The framework addresses the need to improve the way in which customer and market outcomes are considered during the course of our day-to-day business activities and to position the Global Markets business more broadly as a leader in good conduct. For example, the Conduct, Operational and Regulatory Risk team ensures the Global Markets' business model and strategy is aligned with the Bank's Vision and Values and Our Commitments, as well as fair customer outcomes and the efficient operation of markets. The team also monitors evolving regulatory expectations such as the FICC Markets Standards Board standards, to ensure Global Markets operates within legal and regulatory requirements.

Environmental, Social & Governance Lending Commitments

[214] The Group, as a major provider of financial advisory and lending services, plays a crucial role in enabling and facilitating economic and social development.

[215] We are continuously evolving our practices in this space. Since becoming a signatory to the Equator Principles Ill and introducing our nine Environmental, Social and Governance (ESG) Lending Commitments in 2014, we have been working to embed our approach to responsible lending in all our business lending.

f216] We have committed to:

• Building the capacity of staff to understand and assess ESG risks and opportunities;

• Integrating ESG risk assessments into existing risk frameworks and procedures;

• Ensuring that ESG assessment processes are aligned with the UN Global Compact and UN Guiding Principles on Business and Human Rights;

• Applying the Equator Principles categorisation as the framework for assessing impact and risk of client activities;

• Adding value to customers by influencing them to mitigate ESG risks and to seek the least harm by deploying best practice standards and solutions; recognising that economic considerations may take precedence where more sustainable alternatives are not currently available or viable;

• Identifying and understanding the high-impact sectors within our lending portfolio and applying additional levels of due diligence to sectors and jurisdictions where regulatory frameworks are not fully evolved and/or not best-in-class;

38 Commonwealth Bank of Ausiralfa

L\325360228.1

RCD .0001 .0003.0042

• Assessing and measuring the environmental (e.g., biodiversity, water and carbon intensity), social (e.g., human rights) and governance (e.g .. , corruption) impacts and risks across our portfolio;

• Not knowingly supporting clients or their activities that:

Irrevocably damage World Heritage sites or other high value conservation areas defined by internationally recognised agencies;

Are complicit in the abuse of human rights; and/or

Are engaged in corruption, extortion or bribery;

• Engaging with our clients to remedy issues as a condition of our ongoing support where they fall into breach of our principles.

39 ConL'Tionwea1Ul Banh. of Aus.frail&

l\325360228.1

RCD .0001.0003.0043

4. Evolving our business to prevent, identify and remediate misconduct and other conduct related issues

4.1 Introduction

[217] Question 3(e) of the Letter asks what steps have been taken to prevent and provide redress for misconduct or other conduct related issues. While we have made some specific comments about the issues identified in sections 2 and 3 above, this is a broader area of focus for the Group.

I

[218] For any particular instance of misconduct, or other conduct related issues, it is often not caused or attributable to one specific failing. In addition to the specific observations made in sections 2 and 3- above concerning instances of misconduct or other conduct related issues, we recognise that conduct issues will often arise as a result of oversights or weaknesses in key areas of operation and control. We have provided' an overview below of our approach to the following areas that are critical to prevention: culture and governance including risk management, recruitment and remuneration.

4.2 Culture

[219] The Group has had a dedicated focus on our internal culture over the last few years. This has centred on embedding our revised Vision and Values across the organisation, supporting our employees to speak up and promoting risk awareness across the business.

[220] We recognise that culture is a driver of conduct and is therefore a critical part of our approach to preventing misconduct from occurring. The right culture also drives our people to identify and remedy misconduct when it occurs.

Summary of our approach

[221] The Group's Vision is to excel at securing and enhancing the financial wellbeing of people, businesses and the community. This Vision recognises the important role that we have in the economies and communities in which we operate. In achieving this Vision, we expect our staff to act in accordance with five key values: Integrity, Accountability, Collaboration, Excellence and Service.

(222] Bankwest has also developed its own Vision - to be the best regional bank by delivering what matters to our customers. It has also developed its own values - our customers are at the heart of everything we do; w e care for our business, each other and our community; we act with integrity and have the courage to do what's right; we take ownership and tiold our selves accountable; and we're passionate to excel and proud to think differently.

[223] The current form of the Group's Vision and Values was introduced in 2013. In 2015 we moved to embedding the values and allocated significant resources to address three areas:

• Clarifying what our Vision and Values mean on a day-to-day basis - We provided our people with further guidance about how they should apply the Vision and Values to their daily work. We prepared a Values Guidelines document which outlines the expectation for team members and team leaders in implementing the values. Since the development of these guidelines, we have undertaken a program of work to communicate these to our people and to assist our people in translating these expectations into what they do every day. This has included, for example, regular messaging from the CEO, Group Executives and leaders throughout the business (the CEO emphasised the values in 89% of his weekly emails over the past three years); the roll out of an e-learning module called Voicing Our Values which addressed the importance of speaking up as a critical part of living our values (completion rate 99%); and a series of structured workshops across the Group on balancing stakeholder needs where teams discussed how they are applying the values in their day-to-day practices. Our leaders completed 971 workshops with their teams over a six-month period in 2016.

40 C1m1monwea1th Baok of Ausmtffa

L\325360228.1

RCO .0001.0003.0044

• Embedding Vision and Values throughout our people practices - We have integrated the Vision and Values into our selection processes for recruiting new people, in our leadership development programs, in our talent management processes and in our recognition programs. As part of our performance management process, starting in FY17, every eligible individual is now assessed on their performance in relation to our yalues. The expected behaviours of our people are not only defined through our values, but also through the responsibilities they have for managing risk. Both of these factors have a direct financial implication for those with short term variable remuneration. An example of how the Group is embedding vision and values is in one of the Group's primary staff recognition programs, "Legends of Can". Legends of Can was implemented in RBS in November 2014 and has been progressively rolled out to over 26,000 employee across the Group. It is centred on recognising staff at all levels for outstanding demonstrations of the Group's values: accountability, integrity, collaboration, service and excellence. In 2017, over 140,000 recognition events were recorded where staff highlighted colleagues for demonstrating one or more of the Group values.

• Aligning practices, processes and policies with our Vision and Values - W.e are working to ensure that our business practices across our various business units reflect our Vision and Values. For example, the Better Customer Outcomes Program in RBS and the Customer Advocacy Program in our Wealth Management business have both focused on changing practices to align with our values and create better customer experiences. We see this as an ongoing task and will continue to work on this alignment across the Group.

Recent improvements to the Group's culture

[224] As we review progress on embedding our Vision and Values and understand from stakeholders their perspectives on the Group's business, we will focus on embedding each of the values in a structured way. We have commenced with accountability, which we believe requires the most focus, based on feedback from our people and from other stakeholders. Recent activities include:

• Awareness - raising with employees the criticality of each person taking accountability and following through utilising a digital learning module which will be supported by dialogues to be run as part of all team meetings. The dialogue will specifically focus on taking ownership and following up in the context of managing risk well;

• Board engagement - our directors continue to monitor the organisation's culture through a variety of channels including regular discussions about the Group's culture. The Board takes an active role in shaping and monitoring culture. Consideration of the GrouJll's culture, including specifically around Vision and Values, has increased in prominence in board discussions and has been increasingly incorporated into board and management reporting formats;

• CEO Forums - continue to focus our senior leaders on our Vision and Values wifh a particular focus on embedding accountability;

• Business Unit employee forums - our Group Executives and their leadership teams hold open forums for staff. At these forums values-led behaviours are reinforced as critical to how we do business;

• Redesign of leadership programs - our current senior leadership residential program targeted at the General Manager (GM) and Executive General Manager (EGM) populations will continue to run through 2018. In addition, our leadership programs for Executive Manager (EM) and Manager level are being redesigned to focus more on our Vision and Values and addressing the changing requirements of leaders in today's context;

• Your Voice - our employee survey was redesigned in 2017 to directly seek feedback on how we are living the Vision and Values day to day in our business. It includes opportunity for verbatim comments. We increased the frequency with which the survey is conducted to twice a year, with results being reviewed at the Group Executive Committee and Board in addition to local leadership teams;

• Linking accountability with remuneration outcomes - through our performance and remuneration framework, accountability for risk is reinforced through providing the opportunity to reward for positive

41 Commonwealth BifOk of Awurafia

L\325360228.1

RCD.0001.0003.0045

risk outcomes and behaviours, and downward remuneration adjustments where requirements and expectations have not been met; and

• People practices - in line with our focus on continuous improvement we will review on an ongoing basis all people practices and their alignment to the values.

/

[225] In 2017, we also updated and simplified our Statement of Professional Practice in line with our Vision and Values, and renamed it "Our Commitments". Through Our Commitments, we ask all Group employees to provide a personal undertaking to demonstrate our Vision and Values, to adhere to common principles in performing our roles, and to conduct ourselves in a manner that strengthens trust. Our Commitments helps employees make the right decisions, shaped by two important questions:

• Can we do this - does it comply with relevant laws, regulations and policies?

• Should we do this - is it aligned to our Yision and Values?

[226] This is further reinforced through a digital learning module that all employees complete each year.

[227] In February 2017, the CEO and Chairman each signed the Banking and Finance Oath, demonstrating their personal commitment to building trust in the banking industry.

"Trust is the foundation of my profession. I will serve all interests in good faith. I will compete with honour. I will pursue my ends with ethical restraint. I will create a sustainable future. I will help create a more just society. I will speak out against wrongdoing and support others who do the same. I will accept responsibility for my actions. In these and all other matters; My word is my bond."

[228] In add.ition to the work being done to embed our Vision and Values, we have also made improvements in recent years to encourage "speaking up" and embedding a risk culture across the business.

Whistleblowers: Speaking up

[229] In 2017 we launched our updated Group Whistleblower Policy. This policy was updated in line with the guidelines produced as part of the Australian Banker's Association's industry reform program. This policy reflects our commitment to protecting whistleblowers (including current and former employees), including protecting their identity and the confidentiality of their disclosure.

[230] The .G.roup Whistleblower Policy is part of the Group's SpeakUP Program. The SpeakUP Program also includes an independently managed hotline. The hotline is run by an external and independent operator, and it is available 24n to any employee or external partner (broker, supplier, contractor, licensee etc.), who wishes to raise a concern. Speaking up is vital to our culture. We encourage all employees to do this through line management, and where necessary other channels when they wish to raise a concern. Our SpeakUP hotline provides another alternative.

Risk Culture Assessment

[231] In FY14 we introduced independent assessment of risk culture on a limited scale basis. In July 2015 Group Audit and Assurance trained all Australian based staff on the risk culture practise to be applied and commenced the full scale completion of such reviews. The team performs assessments of risk culture during business unit audits. The results of these are reported to the accountable executive for the audit, summarised in reporting to senior management including the CEO, and reported thematically to the Board Audit Committee every six months. Where major cultural concerns exist, Group Audit and Assurance have performed more in-depth assessments of culture and behaviour and revisited the areas to understand if improvements have occurred.

[232] In addition, to enable business unit driven risk culture self-assessment, a values based risk culture framework and self-assessment tool has been developed. Deployment has been actioned in parts of RBS, Human Resources, Business & Private Banking (B&PB) and Group Corporate Affairs (GCA).

42 Gommonwea1th 6af1k or Austraffa

L\325360228.1

RCD.0001.0003.0046

/ Organisation wide deployment is expected by June 2018. The line 1 risk teams are also being trained to support the ongoing rollout of this process.

Additional risk culture activities

[233] Other key initiatives around continuous improvement in recent years include rolling out programs of training in operational risk and compliance; strengthening operational risk management capability in the business units; and improving our management of conduct risk through programs designed to help frontline staff understand customer needs.

4.3 Governance (including risk management, recruitment and remuneration)

[234] The Group recognises the importance of having strong governance arrangements in place to ensure we are able to deliver on our Vision and Values, and operating principles in the areas of finance, IT, risk management, and human resources. Managing this alignment is a key ongoing focus for the Board, CEO and executive leadership team.

Summary of our approach

[235] The Bank regularly reviews its corporate governance arrangements and practices to ensure they reflect developments in regulation, market practice and stakeholder expectations.

[236] Throughout the 2017 financial year (FY17), the Group has followed the recommendations set out in the Corporate Governance Principles and Recommendations (3rd edition) published by the ASX Corporate Governance Council.

Shareholder Engagement

[237] The Group recognises its shareholders as its owners and values its communication with them. The Bank seeks to ensure that shareholders are provided with information that is timely, of high quality and relevant to their investment, and to listen and respond to shareholder feedback.

[238] The Group has an investor relations program to facilitate two-way communication with shareholders and to foster participation at shareholder meetings. The program incorporates a number of ways in which shareholders can access information and provide feedback.

Governance role of the Board of Directors

[239] The Board's role is to set the strategic objectives of the Group, appoint the CEO, and oversee the management, performance and governance of the Group on behalf of shareholders. The Board's responsibilities are specifically described in the Board Charter and are focused on:

• Strate.gy and performance - including the setting, in conjunction with management, of the Group's strategies and financial objectives, approving major corporate initiatives and capital expenditure which exceeds the authority limits delegated to the CEO and monitoring the culture of the Group. As noted above, consideration of the Group's culture, including specifically around Vision and Values, has increased in prominence in board discussions in recent years;

• Risk Management - including the setting .of the Group's risk appetite, overseeing the risk management framework of the Group and overseeing strategic risk, risk to the Group's reputation and risk culture. These responsibilities are critical in establishing the accountability framework within which management operates;

• Financial reporting - including approving the Group's financial statements and reporting;

• Capital, funding and liquidity- including approving capital management initiatives, policies and processes;

43 CeimmoJlWeelUl B.loh. of Ausfraifa

l\325360228.1

RCD.0001.0003.0047

• CEO and management - including appointing the CEO and direct reports to the CEO and succession planning for these executives;

• Corporate Governance policies - including determining appropriate corporate governance arrangements for the Group and overseeing the delegation of authority to the CEO;

• Remuneration and performance - including overseeing the executive remuneration principles and framework and determining the remuneration outcomes for the CEO, the CEO's direct reports and other key members of senior management;

• People and diversity- including overseeing the development of the Group's people-related strategies (including diversity);

• Environment, sustainability and governance - including approving and monitoring the corporate responsibility strategy; and

• Work, health and safety- including overseeing and monitoring work, health and safety performance and issues.

[240] The Board meets regularly. The Chairman, and in turn the Board, regularly review the Board's forward-looking agenda to ensure time is appropriately allocated to strategic, operational and regulatory/compliance priorities. Its broad areas of focus over the last year have been on the Group's corporate strategy, performance against business plans, material risk review and prioritisation, technology resilience and remuneration governance.

[241] The Board is also assisted by committees, which have been formed to focus on specific issues and areas of the Group's operations. These committees strengthen the Board's oversight of specific frameworks, systems, policies, processes and people, and in turn, the accountability that rests with senior executives. From time to time, sub-committees may be formed to deal with specific focus areas, for example, Comm Insure, and currently, financial crimes and regulatory compliance.

[242] There are also a number of subsidiary companies, some of which are independently governed by APRA and have a majority of independent directors and their own risk and audit committees.

[243] As noted in section 1.2, to effectively manage a business of the size and scale of the Group, the Board and CEO have structured the organisation into a set of operating businesses focused on different customers and their needs, supported by functional business units that serve and supervise the operating businesses. The leaders of each of these business units, the Group Executives, form the Executive Committee (Ex Co).

Peo::r 1 1mpro11P. neri~ ..

[244] The Gro.up periodically reviews its corporate governance arrangements, practices and documents to ensure they reflect developments in regulation, market practice and stakeholder expectations.

[245] The composition of the Board has changed significantly over the past 12 months, as long-serving members retired and new appointments were made. In a little over a year prior to the 2017 Annual General Meeting, four directors retired and three new directors joined the Board. Renewal of the Board will continue.

[246] The Board and Board committees recently reviewed their remits and updated their Charters, ensuring accountability between the Board and its committees were more clearly articulated. Since the beginning of 2017, the Board has made significant improvements to Board processes, including agenda setting and structure, and the form and style of discussion.

[247] In addition, work commenced in mid-2017 on refreshing the suite of corporate governance documents relevant to the Board. The review is aimed at ensuring that the structure and content of corporate governance documents is simplified, there is greater consistency and alignment across documents, and they reflect best practice.

44 Commonweatth Bank of Austrnifa

L\325 360228.1

RCD.0001.0003.0048

Acting Ethically and Responsibly

[248] The "Our Commitments" document is the Group's foundational code of conduct policy and sets the Group's expectations of its people, including its directors, senior executives and employees, when engaging with, and balancing the interests of, the Group's stakeholders. The policy is discussed in paragraph [225] above.

Confh te of te e;,t

[249] The Group's Conflicts of Interest framework comprises a number of components, including:

• Group Conflicts of Interest Policy;

• Group Gifts and Entertainment Policy; and

• Various supporting business unit level policies and procedures (including conflicts of interest registers and gifts and entertainment registers).

{250] The framework seeks to ensure that all actual, perceived or potential conflicts of interest are identified and recorded and then avoided or managed, as appropriate.

A~ 3r l er y 3 1d Cor 1, )!tur.

[251] The Group is committed to embedding a policy of zero tolerance for bribery, corruption and facilitation payments across its business and has an Anti-Bribery and Corruption Policy.

[252] The policy requires all parts of the Group's business to consider, identify and understand the bribery and corruption risks within their operations, identify controls applied to those risks and monitor key risk indicators.

Secur•tJPS Trading

[253] The Board has adopted a Group Securities Trading Policy. Under that Policy, the Group's people are permitted to deal with the Group's securities only within certain periods, as long as they are not in the possession of unpublished price-sensitive information.

l/v 11stl.,.bl 1 er Prot.;.ct1on

[254] The Group's recent enhancements to its whistleblower policy is discussed in section 3.8 above.

[255] The Group has published its latest Slavery and Human Trafficking Statement in compliance with the UK Modern Slavery Act, and updated its Supplier Code of Conduct to improve recognition of human rights and supplier compliance with international human rights laws.

Diversity and Inclusion

[256] The Group aims to leverage diversity and foster inclusion so that all its people feel valued and respected. The Group has a policy on diversity and inclusfon which is underpinned by its Diversity and Inclusion Strategy.

Risk Management

[257] The Group's management of risk is designed to support our Vision and Values and the delivery of our strategy. Implementing a strong risk m<1nagement approach not only ensures we operate within our risk appetite, but also to prevent misconduct. Where misconduct does occur, our systems and processes give us the tools to identify issues and address this, and also ensure we have controls and checks in place to prevent misconduct in the future.

45 Commonwealth Bank ot Aussralts

L\325360228.1

RCD.0001.0003.004.9

[258] The Group has in place a Risk Management Framework which governs the way we manage risk across the organisation. The Group Risk Management Framework comprises three key components:

• Group Business Plan - this identifies the areas of management focus to achieve the Group's strategic objectives. Consideration of risk is an integral part of the Group's strategic planning process. Risk is considered not only when developing the Group-level plan, but also by each line of business;

• Group Risk .Appetite Statement- this sets out the Group's appetite for risk taking. In developing the Group's Business Plan, management is required to consider the Board's risk appetite. The Board's risk appetite is then cascaded through the organisation through corresponding business unit Risk Appetite Statements, which are reviewed by the Board annually, or more frequently if necessary, and which ultimately link to team and individual accountabilities; and

• Group Risk Management Approach - this provides a description of the Group's overall approach for managing risk, with a specific focus on operational elements such as governance, policies, reporting and infrastructure. The Risk Management Approach also contains a summary of the risk type frameworks (see below) that support it.

[259] The nature of the Group's businesses exposes it to a range of different risk types, for which separate frameworks exist to guide employees as to how to manage these. The Risk Management Approach outlines five key Group risk frameworks which are applied and adapted within individual business units depending on the nature of their business, customers, products and risk profiles. The main risk types covered by the Group frameworks are:

• Credit risk - Group Credit Risk Framework;

• Market risk - Group Market Risk Policy;

• Liquidity risk - Group Liquidity Risk Management Framework;

• Operational risk - Group Operational Risk Management Framework; and

• Compliance risk - Group Compliance Risk Management Framework.

Lr e~ o ~.::cour tabil't::,

[260] The Group has a three lines of accountability model for managing risk. The model places accountability for risk ownership with individual business (Line 1) while focus.ing the mandate of risk teams (Line 2) on establishing and implementing our risk appetite, risk framework and providing critical review of business strategy against appetite and oversees the effectiveness of the risk and control environment. We have in place an internal Audit and Assurance team (Line 3) to provide independent oversight of the effectiveness of risk management, internal controls and governance across the Group.

[261] The three lines of accountability operating model is in place to ensure appropriate and robust management of risk across the business. It is underpinned by the following principles:

• Reinforcing that risk is best owned and managed where it occurs - so the business (Line 1) is accountable for the management of risk;

• Having a separate group of experienced staff with specific risk management skills (Line 2) to facilitate the development of, and monitor/measure the effectiveness of, the risk management process and systems used by Line 1, and to provide proactive advice, support and insight to enhance business decision making;

• The accountability operating model requires an independent Group Audit and Assurance function (Line 3) to provide assurance to the Board, regulators and other stakeholders on the appropriateness and effectiveness of the activities of Line 1 and 2.

46 ComnJonweahh Bllok of Auslraiia

l\325360228.1

RCD.0001.0003.0050

/ [262] The significant increase in technological advancement, regulation, compliance and importance of conduct in global banking over the last decade has elevated the level and profile of operational risk and compliance risk in the industry. During this period the Group has invested in enhancing controls and systems including: cyber-crime protection, real time transaction and fraud monitoring, and identity access management to mitigate material operational and compliance risks. In addition, the focus on continuously improving the embedding of our operational and compliance risk frameworks has been substantial over this period through a number of initiatives, including the implementation and embedding of RisklnSite - a Group-wide governance risk and compliance platform which has been in place for six years and supports day-to-day risk management activities in accordance with the operational risk and compliance risk management frameworks.

[263] More recently, there have been significant enhancements to the Group's risk management approach. The Risk Management team has had a dedicated strategic program of work aimed at strengthening the management of risk across the Group, improving the efficiency of the current Risk Management function and building the foundations of the future Risk Management function. Key activities have included:

• Recognition that historically there has been inconsistencies in the approach to managing risk in the business units, particularly regarding the roles and responsibilities Line 1 and Line 2 functions. Whilst fit-for-purpose in the context of each business unit, various challenges arose from these variations when a cross-business unit or Group-wide perspective was required. The Group has committed significant investment and resources to enhancing its 3 Lines of Accountability model;

• Clearer accountability for decision-making and risk-taking - by the introduction of a new simplified Group Risk Appetite Statement, a new Delegations of Authority policy, which drives greater transparency and consistency across the organisation, aAd developed the three Lines of Accountability principles for deployment across the Group;

• Introduction of an enhanced accountability model for operational risk and compliance risk. This included creating two EGM roles, EGM Operational Risk and EGM Compliance, who have end-to-end accountability for the consistent deployment of the operational risk and compliance risk frameworks across the Group. In addition, new GM and EM roles have been created to provide more focus on enhancing compliance frameworks and license obligations, operational risk capital, analytics and technology risk;

• Development of a standard set of operational risk and compliance risk classifications (risk "taxonomy'') for application across all Group businesses. A common language to describe and classify risk will better support more consistent identification of risks going forward and improve and standardise practices and controls across the Group. Work has started on expanding the taxonomy to include a standard set of control definitions for deployment later in 2018;

• Improvements to operational risk and compliance risk practices and risk governance have also been introduced, such as: establ.ishment of an Operational Risk Assurance Register; establishment of the Conduct Council; implementing a new control room to manage Group wide transactional conflicts; and

• Linking risk outcomes to remuneration. In FY15, a Group-wide mandatory risk assessment was introduced for employees and embedded in the Group's employee performance management framework. The outcome of the risk assessment is used to inform variable remuneration outcomes and, where risk requirements are not met, variable remuneration can be scaled down to zero.

Recruitment

[264] In order to meet the Group's business objectives it is essential that capable employees are attracted, retained and deployed in roles that maximise their contribution and potential. It is also imperative that we attract individuals who share our focus on customers and the community.

47 Conunonwealth Bank of Aus&raifa

l \325360228.1

RCD.0001 .0003.0051

/ [265] When recruiting for a role, the Group aims to assess an individual's suitability for that role based on both technical and "soft" skills, their prior track record of achievement, their personal motivations for joining, and their alignment to our Vision and Values. The Group's aim when attracting talent is to portray a realistic picture of our work environment, values and culture, together with setting clear expectations for each role. This enables potential applicants to select whether a job at the Group is right for them before they apply.

[266] Recruitment practices are governed by the Group's Appointment to Role Policy. In addition to mandatory declarations and qualitative enquiry through the recruitment process, extensive background checking is conducted towards the end of this process to ensure full due diligence has been conducted on any new hire.

(267] All recruitment of Australian employees is managed by a central Talent Acquisition function within the Human Resources business unit.

(268] In June 2017 the Group introduced a common, industry approach to reference checking job applicants known as the Background Checking Protocol as part ofthe Australian Banker's Association industry reform program. The protocol was introduced to prevent employees with a history of misconduct from moving fr0m one financial institution to the next. This creates an additional safeguard that protects customers from misconduct by individuals.

Remuneration

[269] Aligned to our vision, the Group's performance and remuneration approach encourages behaviours that supports the creation of is designed to create long-term value for all stakeholders including customers and shareholders. Remuneration must motivate and reward the achievement of superior and sustainable performance, while managing any risks associated with delivering that performance. Remuneration forms a critical component of the Group's accountability framework as it is linked to team and individual responsibilities and performance outcomes, and provides a mechanism for positive and negative consequences to be delivered.

[270] The Board Remuneration Committee is the main governing bodyior remuneration across the Group. It is responsible for the Group's remuneration philosophy, framework and policies, and reviews and recommends to the Board individual remuneration arrangements for the CEO, senior direct reports to the CEO and other individuals whose roles may affect the financial soundness of the Group. The Remuneration Committee has a robust framework for the systematic review of risk and compliance issues impacting remuneration and works with the Board's Risk Committee and management's Risk and Remuneration Review Committee (RRRC) to consider risk and reputational matters in the determination of variable remuneration outcomes. Key concepts that support sound performance and remuneration practices across the Group include:

• The Group's remuneration framework reflect a range of factors including competitiveness against the external market, regulatory requirements and evolving stakehold.er expectations;

• Variable remuneration plans are designed to motivate and reward sustainable performance beyond day-to-day role accountabilities, and discourage poor performance, whilst managing risks associated with delivering that performance. Remuneration outcomes are truly variable, as they directly reflect performance and risk assessments;

• Variable remuneration is equally weighted between delivery against key performance indicators and values, with individual risk behaviours assessment being a downward modifier of outcomes; and

• Remuneration plans are designed to exclude design features that could increase inappropriate risk taking (e.g., 100% commission-based payments) and include features that support sound management of risk.

[271] Our performance framework focuses on the delivery of both financial and non-financial outcomes. To achieve this, we set clear mandates and expectations for employees about the mix of financial,

48 Conunonwea1th B8flh. of Australia

L\325360228.1

RCD.0001.0003.0052

/ customer, people and business measures. These guidelines are aligned with Group Executive sc0recards to facilitate the cascade of performance expectations to all employees and set the tone from the top.

[272] In recent years, the Board has continued to evolve the Group's remuneration philosophy, policy and approach. These changes have come at a time when there has been a shift in community expectations for remuneration, together with an increased need to balance the often disparate views of stakeholders. During the period FY15 to FY17, key enhancements to the Group's performance and remuneration approach included:

• Inclusion of values assessment in the Group performance framework;

• Increased alignment of risk and remuneration;

• Executive remuneration framework refonns; and

• Continuing our efforts to eliminate the gender pay gap.

[273] In RBS, the promotion of ad-hoc incentives during marketing campaigns and use of league ladders, which had the potential to jeopardise good customer outcomes have been removed. A number of these changes were implemented prior to the Sedgwick Review into Retail Banking Remuneration. Where a stronger emphasis on customer outcomes and values was required, we have worked to get the balance right. Changes to formal recognition programs, to ensure values and customer outcomes are part of the assessment criteria.

[27 4] In recent years, we have also applied significant changes to front-line employee variable remuneration arrangements due to a combination of regulatory change, industry reviews (e.g. , Sedgwick Review), and the Group's strategic approach. These changes have included a strengthening of internal governance and controls (e.g., Group Remuneration Poficy variable remuneration principles, management reporting); a more balanced performance approach (e.g., minimum weighting for customer measures); and a simplification and rationalisation of plans to support clear communications to employees and enhanced governance.

[275] The Group's efforts to evolve and improve its remuneration practices are ongoing, during FY17 the Group committed to implementing all of the recommendations from Stephen Sedgwick's independent review of product sales commissions and product based payments in FY18. With the Board's oversight we .have already made significant progress on this important reform agenda.

4.4 Group Customer Advocacy

[276] The Gro.up Customer Advocate was established to proactively find ways to support all customers (particularly those that may be experiencing some element of vulnerability) by advocating for fair and reasonable outcomes, assist Group business units mitigate customer detriment and expertly guide remediation programs. The function was publicly announced in August 2016 and is resourced with almost 40 full time employees. The Group Customer Advocacy team's work is arranged into four areas.

Advocacy

[277] This area focusses on community engagement and independent complaint review. If a customer is unhappy about the outcome of a complaint they have with the Group, they can refer it to the Group Customer Advocacy team for an internally independent review. Although these decisions are final for the Group, customers remain free to go to an external dispute resolution body. In addition, a Multicultural Community Banking team has developed partnerships with community members, business leaders and Government bodies across Australia and we have signed major strategic partnerships with several key agencies in this sector. Further, in recognition of community expectations, Group Customer Advocacy established the Customer Advocate Community Council with 25 thought leaders and senior representatives from community and social policy organisations, a program of regional visits, and launched the Accessibility and Inclusion Plan for the Group.

L\325360228.1

RCD.0001.0003.0053

I Insights

[278] Thro1.1gh research, analysis, and by using data, this area seeks to better understand how particular types of customers interact with the Group. Findings can influence ways to better service customers. Initial focus has been on customers who find themselves at the intersection of personal, situational and structural vulnerability.

Prevention

[279] The Prevention function within Group Customer Advocacy commenced in early 2017 to assist in providing further guidance to the Group in the promotion of better customer outcomes, and to identify issues before they become problems, or to reduce their impact. Prevention collaborates across business units to increase the culture of accountability to customer outcomes.

(280] In summary, the team has assisted in an improved product design and review process to test whether products meet customers' needs; introduced mandatory customer standards to be met by every project team; and led conduct risk dialogue via conduct risk subject matter expertise.

[281] The team has also recently assumed Group responsibility for the management of systemic issues arising from customer complaints. The team is currently building the appropriate resources, processes, quality assurance and risk management and assessment plans. The focus for the remainder of the financial year is on data analytics capability to accelerate identification and triage of potential systemic issues from customer complaints, define the future state management and governance model, develop the policy and guidance to ensure appropriate responses to potential systemic issues, case management improvement, and communications, change management and implementation of future state. Group Customer Advocacy will identify, triage, and with the relevant Business Unit, assess systemic issues, manage systemic issue investigations by FOS (among others) and support the businesses that will retain responsibility for conducting root cause analysis and rectifying issues.

Remediation

[282] The Group's approach to customer remediation has been a key focus in recent years. The role of the Group Remediation team is to assist all remediation activities being completed in a manner that is fair, ethical and timely and puts customers back in the position they would have been in had the issue not occurred, by leveraging a centralised Remediation team.

[283] The Group Remediation team within Group Customer Advocacy has brought together a small team of experts and developed principles, processes and tools to help guide remediation activities as incidents or issues requiring a formal remediation initiative can have vastly different contexts, causes and challenges. The team has developed standards for how and when we need to communicate with impacted or potentially impacted customers, best practice processes to complete a remediation activity efficiently, create confidence that we have identified all customers impacted by the error, and how to compensate customers fairly anq efficiently for any detriment caused by the issue. In addition, every remediation initiative is committed to understanding what caused the issue and ensure that we learn and do our best to permanently fix it and that our customers can have a high confidence in how we react when something goes wrong.

[284] Group Customer Advocacy and the Group Compliance team in Risk Management have developed a Remediation Policy, which will be launched shortly. The Policy will guide all remediation activity within the Group. The key principles of the Group Customer Remediation Project Policy, which have been developed following the remediation activity the Group has undertaken, are set out below. They are based on a fundamental requirement that all remediation projects must be conducted in a fair, efficient and consistent way. Further, where specific legislative or regulatory requirements apply to the matter being remediated, projects must ensure those requirements are met in addition to the requirements of the policy. In summary the policy principles are:

• Remediation projects must be undertaken in a procedurally fair, comprehensive, timely and transparent way;

50 Com .. -nonwe:alth Bank ot AusCratia

L\325360228. 1

RCD.0001.0003.0054

• Remediation projects must use best endeavours to restore customers to at least the position they would have been in had the issue(s) not occurred;

• Communication with customers must be timely, simple, understandable and appropriate to the issue being remediated;

• Remediation projects must be proportionate to the scale of the issue identified, the nature of detriment and the number of customers impacted; and

• Remediation projects must be appropriately governed .

.51 Commonweam1 Banh. of Aus.frail&

L\325360228.1

RCD.0001 .0003.0055

5. Industry and regulatory reforms to better meet community standards and expectations

/

(285] In addition to the initiatives which the Group has undertaken, there have been considerable industry initiatives and changes to the regulatory framework in recent years to better identify and prevent misconduct, and to ensure that the industry is better meeting community standards and expectations.

5.1 Industry reform

[286] The Group has worked with its peers in the financial services sector on a variety of relevant reforms, including in relation to retail banking, business banking, wealth management and financial advice.

[287] In relation to retail banking,

• In 1993 the banking industry launched its Code of Banking Practice, with updates and revisions made in 2004 and again in 2014. The banks commissioned a comprehensive and independent review of the Code in 2016, with a view to making it simpler and more customer-friendly. Subsequent to this review, the industry substantially updated the Code, adopting the large majority of the independent reviewer's recommendations. The revised Code, which is currently with ASIC for review, wm enshrine a number of customer-oriented improvements in relation to specific product-lines, such as credit cards;

• Since 2013 the banking industry has delivered a series of reforms in relation to customer hardship, including industry guidelines, improved models for communication, and staff training to support those in financial difficulty;

• A Branch Closure Protocol was first agreed by retail banks in 2004 and updated in 2015, wherein banks committed to providing customers with appropriate access to retail banking services, as well as committing to guidelines on communicating with customers about upcoming changes to branch networks;

• In 2016 banks launched an independent review into product payments and commissions in retail banking, to investigate whether incentives could be leading to outcomes not in the best interests of customers; the review made wide-ranging recommendations, which the Bank committed to implement in full by 2018;

• In 2016 the banking industry committed to improving standards governing the protection of whistleblowers, with the Group implementing its strengthened standards in the latter half of 2017;

• In 2017 banks agreed to a Protocol to strengthen processes for checking the references of prospective employees, to reduce the risk of employees who had breached bank policies or engaged in misconduct in one institution subsequently taking up employment in another; and

• In 2018 a coalition of industry participants will deliver real-time banking, under the National Payments Platform, following five years of preparation. This will allow customers to make transfers to customers of other banks in real time.

[288] In relation to small business,

• In 2017 participating banks agreed that in all new or renewed small business loans (as defined), all loan contractual terms that relate to financial indicator covenants. (such as loan to value ratios or interest cover ratios) would be removed, so they could no longer be a cause for default (with some exceptions for specialist finance). The Bank chose to go further than the industry commitment, applying these changes to existing customers also, and adopting a broader definition for what constituted a small business, being any business where our total credit exposure was less than $3 million (covering around 95 per cent of the Bank's small business customers);

52 -Commonwealth Bank of Aussralia

L\325360228.1

RCD .0001.0003.0056

• Participating banks agreed to remove all 'material adverse change' covenants from small business loans, being a contractual term that allowed a bank to view a loan as in default if the borrower experienced an undefined material adverse change in the conditions of their business or industry;

• Participating banks agreed to provide a minimum 90 calendar day notice period of a lender's intention not to rollover a loan facility to a small business .• allowing the small business time to assess other options for finance; and

• Participating banks committed to simplifying documents for small businesses and making them more customer friendly.

[289] In relation to financial advice, following the finalisation of the Government's FOFA reforms in 2012, the industry has been implementing a set of reforms to lift the standards in financial advice. The reforms were agreed in 2016 and, allowing lead time for additional training and certification, will commence in 2019 for new advisers and 2024 for existing advisers. Subsequent to these reforms, each advisor will be required to:

• Meet a new code of ethics;

• Complete an entry exam and meet higher level of qualification, including having a degree or equivalent, before they can provide advice;

• Maintain ongoing professional development accreditation;

• Complete a professional year with additional managerial oversight and supervision, if they are new to the profession.

[290] In addition to specific reforms set out above, in 2016 banks agreed to appoint internal 'customer advocates', at a senior level. The customer advocate has a remit to examine and make recommendations around their institution's approach to vulnerable customers, as well as actively to advocate on behalf of customers internally.

[291] Industry bodies play an important role in helping bring the sector together to understand and address common issues. Over the last decade through working with various industry bodies we have been able to support and implement significant reforms which improve consumer outcomes across the industry.

5.2 Enhanced regulation

[292] Over the last decade, there has been significant regulatory reform impacting the financial services sector. In the years since the global financial crisis in particular, there have been a number of prudential reforms and guarantees introduced to promote the stability of the banking system. For the purposes of this submission, the Group will not address those structura.1 issues nor will it seek to cover the hundreds of reforms that impact our business each year. Instead, we have outlined below some of the key reforms that have increased consumer protections, improved accountability regimes and promoted transparency over the past 10 years.

Consumer protection

[293] The retall banking sector has been the subject of numerous reforms over the years. In 2010-2011. National Consu·mer Credit Protection reforms were introduced. These included new obli.gations on banks in relation to licensing and appointing credit representatives (including obligations to carry on their credit activities "honestly, efficiently and fairly" and have in place adequate arrangements to ensure that clients are not disadvantaged by any conflict of interest). enhanced disclosure obligations in relation to lenders, their representatives and remuneration structures, responsible lending, expanded consumer redress through external dispute resolution and improved consumer protections relating to consumer leases.

[294] The protections under the NCCP Act have been expanded since its enactment including:

53 Commonweaith Bank of AusfraH6

L\325360228.1

RCD.0001.0003.0057

• In 2011, termination fees, other than break costs and reasonable administrative costs of terminating the loan contract, were banned;

• In 2012, credit card reforms were introduced including a ban on unsolicited credit limit increases, improved disclosure about minimum payments and promotional periods, banning over-limit fees without agreement and the provision of Key Fact Sheets;

• In 2012, Key Facts Sheets were required to be provided about home loans in certai11 circumstances; and

• In 2013, additional protections were introduced for consumers in relation to small amount credit contracts and reverse mortgages.

[295] In 2010, unfair contract reforms were introduced for standard form consumer contracts, which, subject to some limited exceptions, extend to f inancial products and services. In 2016, these protections were extended to small businesses as well.

Payments

[296] The Bank has voluntarily adopted the Epayments Code (which came into effect in 2013) and its predecessor, the EFT Code of Conduct. The reforms in these Codes have included:

• In 2012, to facil itate account switching, financial institutions were required to provide a list of regular direct debits and credits to a new financial institution at a customer's request;

• The introduction of the Epayments Code in 201.3 included a regime for dealing with mistaken internet payments and requirements for merchant agreements to prohibit a merchant from holding a user's passcode (i.e. , PIN) as part of a "book up" arrangement.

(297] There has also been the following r.ecent regulation of payments systems by the Reserve Bank (in some cases in conjunction with the ACCC):

• Revised regulation oflnterchange fees in credit cards and the banning of payment of benefits such as marketing incentives, volume bonuses and signing bonuses;

• The inclusion of American Express Companion Cards within credit card interchange regulation; and

• The prohibition of excessive merchant surcharging i.e., surcharging in excess of costs of acceptance of a card.

Financial advice

(298] In the financial advice industry, reforms were announced nearly eight years ago. In 2009, a Parliamentary Inquiry into Financial Products and Services in Australia recommended a series of reforms to financial services in Australia. One of the key recommendations was the introduction of a statutory fiduciary duty for financial advisers. This led to the FOFA reforms aimed at improving trust and confidence in the financial services sector. The FOFA reforms introduced:

• A duty for financial advisers to act in the best interests of their clients and place the best interests of cl ients ahead of their own when giving advice;

• A duty to only provide appropriate advice (on the basis that the best interest duty is met);

• A prospective ban on confl icted remuneration and asset based fees on borrowed amounts used to acquire financial products;

• A ban on volume based shelf space fees for platform operators;

• Annual fee disclosure;

S4 Comrnonwea1Ul Bank of Auslf31ta

L\325360228.1

RCD.0001.0003.0058

• Bi-annual client opt-in to ongoing fee arrangements (subject to certain exceptions if an advisor is bound by an ASIC approved Code of Conduct that obviates the need for opt-in).

[299] In 2016, these reforms were enhanced by the introduction of new professional and education standards for financial advisers, commencing in 2019 for new advisers and 2024 for existing advisers.

/

[300] In 2016, ASIC also published its Regulatory Guide 256 concerning review and remediation programs for retail clients who suffer loss or detriment as a result of misconduct or compliance failures by financial advisers.

Superannuation

[301] For superannuation, there have been numerous regulatory reforms in the past decade. In 2010, the Cooper (Superannuation System) Review recommended changes including:

• MySuper, a legislative framework for a new simple, low cost default fund;

• SuperStream, introducing compulsory electronic payments for super, uniform data standards and efficient electronic processing of superannuation transactions; and

• Enhanced APRA reporting, self-managed super fund, operational risk and governance reforms.

[302] Many of the reforms were introduced with effect from 1 July 2013. APRA also introduced new and revised Prudential Standards applicable to RSE licensees with effect from 1 July 2013 covering the operation of superannuation funds.

[303] Since then, other elements of the Super System Review have been implemented including reforms to increase transparency of fees and costs and comparability of super products. The current Government continues to pursue further governance, accountability and competition reforms.

Life Insurance

[304] ASIC and APRA have undertaken extensive reviews of the life insurance industry in recent years. Commlnsure has co-operated in these reviews and is progressively addressing relevant recommendations. Commlnsure has also agreed to be bound by the Life Insurance Industry Code of Practice,. which came into effect from 1 July 2017.

[305] Other recent reforms include the introduction of the Life Insurance Framework from 1 January 2018, which includes caps on l!P-front and ongoing commissions for life insurance.

Market Manipulation

[306] In response to the allegations concerning BBSW, the following two key initiatives have been undertaken which ASlC stated had already resolved "big issues" for the benchmark and were restoring trust in the BBSW:

• The Government announced a new legislative regime for regulation of financial benchmarks, commencing in April 2018, for the administration of significant Australian financial benchmarks (including new market manipulation provisions) giving greater powers to ASIC to ensure Australia's financial benchmarks meet international standards; and

• The ASX released its BBSW Trad.e and Trade Reporting Guidelines in October of 2017, providing a new methodology for calculating the BBSW from a wider set of market transactions in the rate set window.

Stock Broking

[307] In August 2010, ASIC took over responsibility for supervision of trading on Australia's domestic licensed securities markets (including ASX, ASX24 and Chi-X). Since 2010 it has published a series of Market Integrity Rules, which are binding on participants and contain additional mandatory reporting, risk management, order management and processing and client protection obligations. In 2012, in response to

SS C•mt.monweaHh Banh. of Austral fa

l\325360228.1

RCD .0001.0003.0059

concerns about the impact of high frequency trading and "dark pools" on market integrity, ASIC amended the market integrity rules to: enable wholesale clients to request that participants disclose when they have tradeq with their clients as principal (necessary for the management of participants' conflicts of interest); and improve transparency around 'crossing systems' (transaction data and disclosure about crossing system operations).

[308] ASIC has also continued to adapt its enforcement stances and policies to address perceived shortcomings in the way in which markets are operating. For example, since 2011 , ASIC has maintained a particular focus on the sale and issuance of hybrid securities - using its existing Corporations Act powers to modify prospectus disclosure and selling messages by issuers and brokers. ASIC has continued to invest in more sophisticated detection and enforcement tools to identify and successfully prosecute brokers engaging in breaches of securities laws and the mari<et integrity rules. In 2017, reforms were enacted to the regulation of the management of clients' monies by issuers and dealers - through amendments to the Corporations Act Regulations. Under these reforms, client monies are better protected from the risk of loss of those monies in the event of the insolvency of the issuer or dealer.

AMUCTF

[309] The changes to the AML/CTF Act included the introduction of enhanced requirements for customer due diligence from January 2016 requiring reporting entities to:

• Identify and verify the beneficial owners of their customers;

• Collect and verify the names of settlers of trusts who are customers;

• Consider additional risks associated with customers;

• Conduct enhanced requirements in relation to politically exposed persons; and

• Conduct reasonable measures to update information collected.

[31 O] Additionally a statutory review of the AML/CTF legislation was released containing a series of recommendations for changes. This followed the evaluation by the International Financial Action Task Force's evaluation report of Australia's compliance with the international AML/CTF standards 1n April 2015. This led to legislation regulating digital currency exchange providers which is due to come into effect in 2018.

Privacy Data Protection and Open Data

[311] The Privacy Act was totally revamped with effect from 2014. This included obligations to:

• Provide consumer facing privacy and credit reporting policies containing specified consumer disclosures;

• Provide certain disclosures and obtain certain consents before disclosing information to a credit reporting body; and

• Provisions facilitating voluntary comprehensive credit reporting. Until the enactment of this legislation, only reporting about credit defaults and inquiries was permitted.

[312] The Government has recently announced that comprehensive credit reporting will be made mandatory for the major banks with legislation expected to be released in February 2018.

[313] Additionally, following the Productivity Commission Report into Data Availability and Use, in July 2017, the Government announced a Review into open banking in Australia.

Financial System Inquiry

[314] In 2014, the most significant inquiry into the financial system since the late 1990s, conducted by Mr David Murray AO, handed down its final report. The recommendations of that report have led to a series

.;& Com.'1Jonwea1th Ba-oh. of Auslrafia

L \325360228.1

RCD.0001 .0003.0060

of reforms aimed at improving supervision of the industry and improving consumer protections. These included:

• Credit card reforms, including banning excessive surcharging;

• New product design and distribution obligations, and new ASIC product intervention powers. Following a policy paper and consultation, draft legislation was released for consultation on 21 December 2017;

/

• ASIC capability review, and the review of the adequacy of ASIC's enforcement powers (potentially including stronger penalties, directions orders, banning of senior officials);

• ASlC review of mortgage broker remuneration directed as part of the Government response to the FSI - leading to ASIC review and industry reform package;

• The Productivity Commi.ssion review on access to/use of consumer data (this has led to the open banking and data collection reforms, see below);

• That the industry continue to progress towards comprehensive credit reporting (CCR), in order to improve competition, customer offerings and system stability, and that Government legislate if necessary to enshrine a CCR regime - which the Government has committed to do, in the course of 2018; and

• That a review into the state of competition in financial services sector be conducted every three years. The Productivity Commission's inquiry into Competition in the Australian Financial System commenced in 2017 and is expected to report by mid-2018. This inquiry commenced in 2017 and is expected to report by mid-2018.

Recent Reviews and Reforms

[315] In the last year, regulatory reviews and reforms across the sector continued. A number of reviews were commissioned by the Federal Government into the sector, including:

• The Small .Business and Family Enterprises Ombudsman review into small business lending practices; and

• A number of parliamentary reviews, .including the regular House of Representatives Economics Committee hearings with the major bank CEOs, and others covering issues such as life insurance and rural lending.

[316] In addition to the reviews, we also saw the Government announce a major reform program for the sector as part of its 2017 Budget. This package is aimed to improve accountability and competitiveness in the system. As part of this pack.age, the Government created:

• A Banking Executive Accountability Regime; and

• An enhanced dispute resolution model, the Austral ian Financial Complaints Authority (AFCA).

[317] Other key reforms in recent months included increased whistleblower protections and changes to the taxation of superannuation. We expect this reform momentum to continue into 2018, with more important initiatives to come such as open banking (including the introduction of mandatory comprehensive credit reporting for the four major banks) and data collection.

57 Commonweaan Baoh. of Au.straifa

L\325360228.1

RCD.0001.0003.0061

/ 6. RSE licensees

[318] Set out below are answers to question 4 of the Letter on behalf of all RSE licensees in the Group.

6.1 Use of members' funds

[319] The Group currently has four subsidiary companies that are RSE licensees: CFSIL, Avanteos Investments Limited (AIL), Colonial Mutual Superannuation Pty Ltd (CMS) and Commonwealth Bank Officers Superannuation Corporation Pty Limited (CBOSC), and a further 14 RSEs in total (details available on request).

[320] "Members' funds" in this context means member account balances. Apart from investment, administration and the payment of member benefits, members' funds have been used for insurance related uses; advice related uses; and other costs uses.

[321] For the purposes of our response we have excluded the following uses (on the basis they fall within the 'investment', 'administration' and 'payment of member benefits' uses):

• Administration fees, which include such items as expense recoveries, entry fees, contribution fees, exit fees, managements costs or fees, performance fees, taxes, intra-fund advice and, (except as set out under the heading 'Other costs uses' below ) regulatory levies and Australian Government imposed levies; and

• Investment and transaction related fees, including custodyfees and buy/sell spreads.

[322] Except for Group Super, the approach of the RSE licensees is generally to fund staff (including directors') salaries, member remediation (as required) and advertising from corporate monies or Group revenue rather than directly from members' funds.

[323] In addition, the parent companies of these RSE licensees fund the RSEs' capital and operational financial risk requirements. The RSE licensees do not separately raise amounts from members' funds for that purpose. Group Super is a non-public offer, employer-sponsored fund open only to current and past employees of the Group and their spouses. It is a hybrid fund with assets supporting both the fund's defined benefit obligations and accumulation (defined contribution) accounts. All expenses are paid from the fund, including existing member engagement and marketing activities and are either allocated to the fund's defined benefit surplus or administration fees deducted from defined contribution members' accounts, as it is entitled to under its trust deed.

Insurance related uses

[324] RSEs may offer, and in certain instances are required by law to provide, members with the option of insured benefits covered by a life insurance policy held by the RSE licensee. If RSEs offer insured bene.fits, members' funds can be used to pay insurance premiums (which may include 'Insurance Administration Fees' and 'Insurance Commissions').

[325] The amount of insurance premiums paid depends on the type of insurance provided and the member's personal circumstances (which may include the member's age, gender, health, occupation and, in some cases, smoking status). The premium is deducted from the insured member's account balance held and, where applicable, may be paid by the member's employer to the member's account.

[326] Insurance Administration Fees may be charged by the RSE licensee in relation to the provision of insurance for RSE members. For RSEs where these fees are charged, the RSE licensee is permitted to do so under the RSE's governing rules.

[327] For RSEs that have insurance commissions, such commissions are paid from a member's insurance premiums and do not constitute a separate charge to members' funds. Commissions permitted under FOFA legislation may continue to be paid to financial advi.sers in accordance with FOFA legislation. Insurance Commissions are both upfront and ongoing percentage-based payments to advisers for

sa Com .. "tlonweaith Banh. of AusCrati6

L\325360228.1

RCD.0001.0003.0062

existing Death only, Death and Total and Permanent Disablement or Salary Continuance Insurance (as applicable).

[328] Please refer to table in section 6.4 below for the amounts each of CFSIL, AIL, CMS and CBOSC (respectively) have applied members' funds for insurance related uses in the past 10 years.

Advice related uses

[329] Where a financial adviser is identified relating to a member, members' funds can be used by the RSE licensee to pay 'Plan Service Fees', 'Adviser Service Fees' and 'Licensee Service Fees', depending on the RSE's governing rules. Legislative changes in the past 10 years relating to remuneration for advice and the use of members' funds have been implemented by the RSE licensees.

[330] Plan Service Fees are fees that an employer-sponsor could agree with an adviser providing advice services relating to the employer plan and its members. Plan Service Fees are only payable in relation to one product, offered through the FirstChoice RSE. Since the introduction of the FOFA legislation, there are no new Plan Service Fees arrangements and current arrangements cannot be .increased. Such fees 'grandfathered' under FOFA legislation continue to be paid, but are currently being phased out. All such fees are expected to end in June 2018.

[331] Adviser Service Fees are fees for advice for a member's investment in a superannuation product offered by the RSE and agreed between the member and their adviser.

[332] Licensee Service Fees are fees paid to the adviser's licensee or deal.er group for services they provide to the adviser and are agreed between the member and their adviser.

[333] If applicable and depending on the RSE, Plan Service, Adviser Service and Licensee Service Fees are deducted from the member's account, and are either paid on a one-off or on an ongoing basis (or a combination of both) and can be either a dollar value or a percentage value (or a combination of both). Employer-sponsors can cancel Plan Service Fees at the plan level and the RSE licensee may refuse to deduct this fee. Members can cancel Adviser Service and Licensee Service Fees. The RSE licensee may limit, reduce or refuse to deduct these fees or refuse to record or deal with a member's adviser at any time.

[334] Please refer to table in section 6.4 below for the amounts each of CFSIL, AIL, CMS and CBOSC (respectively) have applied to members' funds for the above advice related uses in the past 10 years.

[335] In addition, where trail commissions were or are still payable in accordance with FOFA legislation, they are not deducted from members' funds but are paid from corporate revenue. As such, trail commissions amounts have not been included in the tables in section 6.4 below.

Other costs us.es

[336] Regulatory levies are levies for purposes including covering some of the RSE's costs of implementing mandatory regulatory reforms introduced by the Australian Government. In certain years these levies were deducted from members' funds as an expense separate from the administration fee. Please refer to the tables in section 6.4, 'Other costs uses' for the amounts CFSIL and CMS have applied to these uses in the past 10 years.

[337] Australian Government imposed levies are used to recover operational costs of APRA and certain costs of some other Commonwealth departments and agencies, or financial assistance funding. In certain years AIL deducted these levies from members' funds as an expense separate from the administration fee. Please refer to in section 6.4 below, 'Other costs uses' for the amounts AIL has applied members' funds for this use in the past 10 years.

6.2 Use of funds in the best interests of members

{338] The RSE licensees consider that the purposes for which members' funds are applied are consistent with the interests of the members of the relevant RSEs. This is on the basis that:

S9 Commonwealth Banh. of Austraha

L\325360228.1

RCD.0001.0003.0063

/ • insurance and advice payments ultimately support member access to important benefits and services

such as insurance cover and financial product advice;

• the other costs identified were consistent with members' interests, as these payments were used to support a legally compliant fund and regulatory purposes such as appropriate industry supervision; and

• they are consistent with the objectives of superannuation and the terms of each trust.

(339] Insurance premiums and the terms of the cover are regularly considered and reviewed by the RSE licensee having regard to factors including member characteristics and the cost of the insurance.

[340] Importantly, the RSE licensee Board must ensure the insurance arrangements, overall, are appropriate and changes to the insurance products and premiums continue to be in the best interests of beneficiaries.

[341] CMLA, as insurer and insurance administrator, is a related company to the RSE licensees. To manage any potential conflict, insurance arrangements are conducted on an arms' length basis and the interests of members are prioritised. The RSE licensee Board regularly utilises specific industry benchmarking of insurance products (and proposed changes) to evidence market competitiveness and comparability of cost and terms.

[342] Where the RSE licensee deducts amounts from a member's account pursuant to either an expense recovery right or an express right to remuneration (arising from the trust deed), the trustee is exercising a personal right. Although technically the 'best interests' test does not apply in this case, member impacts are nevertheless considered in all fee changes.

[343] The RSEs also have processes designed to support other obligations with respect to fees and costs. The trustee must ensure that:

• expenses are reasonable and properly incurred;

• costs are attributed fairly and reasonably between classes of member; and

• any other statutory obligations relating to a specific fee or cost type are met.

(344] Other general duties apply and are observed by each RSE licensee, such as the duties to act fairly and with the requisite care, skill and diligence and to avoid conflicts (including by prioritising the interests of members).

[345] Further, where fees and costs are set, the RSE licensees take a member-focused approach, with various procedures and policies designed to ensure that:

• member impacts (as well as product competitiveness) are considered;

• trustee obligations are met; and

• arrangements are conducted on an arm's length basis.

6.3 Cost centres

[346] The cost centres that make up costs attributed to administration in each of the past 10 years are CFSIL: Cost Centre: dept.012001 Acc.56253 (Administration fees) and Cost Centre: dept.013151 Acc.56274 (APRA levy fee); AIL: Cost Centre: dept. 012513 Ace: 46820 (Administration fees) and Cost Centre: dept.012513 Acc.18088 (APRA levy fee); CMS: Cost Centre - CB001 Expenses - Note that this is a CMLA cost centre code that is used for internal reporting purposes. However, attribution of administration costs is effected via various methods (including with actuarial input) in addition to the use of cost centre codes; CBOSC: 3155 (Mercer); 3150 (CFSIL); 3085 (CBA).

60 Commonwealth Bank of Ausira1io

L\325360228.1

RCD.0001.0003.0064

6.4 Amounts applied

[347] The amounts each of CFSIL, AIL, CMS and CBOSC (respectively) have applied members' funds for insurance related, advice related and other costs uses in the past 10 years are set out in the table below.

Uses Financial Years (ending at 30 June) ($000's)

2008 2009 2010 2011 2012 2013 2014 2015 2016 2017

CFSIL

Insurance 79,332 100,496 117,877 141,329 159,851 179,584 189,900 207, 184 1220,182

# * 1240,232 '

Advice 93,330 85,490 109,016 137,405 160,616 188,424 214,245 236, 119 1242,653

*, ## 1246,039

Other - - - - - - - 19,302 18,968 18,883 * **-'

AIL

Insurance - 1,794 3,158 3,702 4,44$ 5,179 5,779 6,275 6,649 7,070

Advice 20,305 18,082 20,963 26,049 32,597 44,239 58,089 69,904 74,396 82,438

Other - - - - - 759 1,443 1,063 1,077 1,019

CMS

Insurance 58,561 67,419 70,688 77,690 93,087 104,178 112,852 116,969 121,155 95,022

Advice 10,031 7,755 7,511 7,004 6,178 6,130 5,866 5,907 5,130 4,495

Other 629 104 4,930 4,559 /\ - - - - - 4,285

CBOS.C

Insurance 12,100 14,500 14,550 16,224 19,138 21 ,778 26,356 24,603 27,605 30,642

Advice - - - - - - 5 82 366 383

Other - - - - - - - - - -

Notes:

The figures are a sum of the amounts applied by each RSE licensee. A breakdown of this table per RSE is available on request.

CFSIL

# Insurance includes any amounts paid to the insurer, insurance administration fees and insurance commissions paid from premiums.

*All figures are NET of any earning tax deductions (for super only) and the impact of reduced input tax credit (RITC).

** 'Other costs uses' exclude instances where the Financial Assistance Levy or APRA Levy have applied to the RSEs.

&\ Commonwe-atth Banh. of Aus.tr3HB

L\325360228.1

RCD .0001.0003.0065

##- This amount excludes advice uses paid from management costs/fees

AIL

Insurance related uses: Insurance Premiums

Advice related uses: Adviser Service Fees and Licensee Service Fees

Other costs uses: Australian Government imposed levies (APRA levy, Financial assistance levy)

CMS

" Figures show specific SuperStream and Financial Assistance levies and cost recoveries where amounts were deducted by way of a reduction in the unit price of underlying investment options. The amount is the total figure referable to the fund. However .• this total was partially funded by CMLA for one RSE, such that each member would generally have experienced an impact in the range of 0.01% - 0.1% on their investment in the relevant year.

G2 Commonwealth Banh. of Auscraita

L\325360228.1

Q. :J e

(!)

""' c ~ .c -1 c 0 E E 8

alS .ti cc 0 G)

+= E .!l! G) "Cl > G) e E c. II> E 0:::-

RCD.0001.0003.0066

Annexure A - Timeline of issues, responses, reforms and inquiries 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 to current

£. Home insurance: flood deftnition A IT Procurement (Hunter & Waldron) +-------------- Financial actvice: pooradvice----------------1~ ... FX T1"8ding EU (for conduct 2008-13)

.&. Commtnsure heart attack definttK>n +-------------------------financial advice: ongoJngservice--------------------------+------------------------- Weal~package ----------------------------------------------~ +--------------AML/CTP--------------~

~-------------------------------------- Unpaid super --------------------------------------~ +-----------------Consumer Credit Insurance-----------------_.

Sloon Resolution Scheme A Group Customer Relations established

- ----------i A Weal~ Pact<age-remedl~ia~tioo~===========:::!~----------_.

.A !letter customer OUttoO)O_s Program ,A Vision and Values Program ---------------It~ A. Remediation of financial advice: ongoi.ng service -----------1'~

+----------------------------------------RemediationofpoorfinancialadYi1ce-----------------------------------------1~

.A Banl<west aCQ<Jisifion

.A Firslp<Jinl da-..0 & training program for ®mplaints handling

.. Margin lending refoonS

.A IJMJir conlracts

.A National Coosumer Creda Protection refo<ms

_.A M8d<et lmeg,;fy Ru~

Agril>O!iness managed iriVell11nent•scllemeo> Bank mergeh l'inan¢181 c~ S~ &Gu8181ltees Scheme

A ~ll'lunding~_!e~· .I. li'in-'81 ~and

se.(VICes .A GO\lemance, ellldefl.l'l(&

slrucfure of . .$Upeo:anrJ(Jalion'8ys,tero (CboperR~

servi"ces COfl1)etitton within fhe AUstralian banl!iM sect..-

------.A CQflsufrjer CfedH

lnSutagoe_ ~ •l<>W doc' llQ.meloans & T.emlinalioo lees

Risk culture 8SSeSSments (Group Audil & Advisory)-.A Group CU810mer Advocacy function establislJed A

Mandatory ii<sl< assessments for all ..,,,ioyees A IB&M Conduct Operational & Regulat01y RiSll team established .A

.A Empioyre""""'Y'YourVoice'

.A Enhanced small bus. LeMing + A OurCorrrnitments

Risk Management impro11ements £ ____ (;..in_c_1ud_ ing...;;._new,___R_is_k _A;..ppelite_ ._ s_1a_1e_n_ient.....;_o_e1_eg..;;....ati_·oos-',;..Op-'-Ri- ·_sk_&_COfllll_;_ia;..in_ce..;.),._

.A Vision & valuei>introduced updated Groop Whisti-r policy, Speal<UP Program A Enlulncement.-lo ro<p«ate governance approach .A A Review of 5Upe(

ESG Lending commitments .l New bacl<ground che<:king protocols (recruitment) A payments

+ FOFA re{oims.introduced a Credttcarorefonm :& flpod ~ge insulll!lt'e polj_tjearelollllS\

1611°"""9 N~ O~lnsurance review FSC !lpde otEttiics & cooe-0ttooduct tllldaled

Jr. EallyjenniiJrdlon fee IQf residential lpall!!

,A Credii card ream! key Tact-sheets

• .. • •

l2icenCE<J ctedi( a!aSistancef mviders .,,.., ... J.W>g)'Od supe<'"'""" ofcredil represe~ Tem>·dei>Q50IS Fms&C'ci~I ~iee~i:istry 11nietide (Pbase,2) Mv\ce O(> re'fall-o;~re ,pro(joots

+ Privacy Act update<I a eode(if Banliing

Pi:aclice~

Prqposals to lift, prOlessianal. ethlcar and education standardS'in financisJ sen;ee.o

+-- ----- Consumer Credtt lnsmmce Remediation

financial ~p-nal &>E>ducation standam.s ;,,troduced. A Life 'insurance code of practice ,_&

servij:es

New code-~iang practioe SllbmiltedJDASIC A

Sanlung£xeciltMYAa:oonlallility Regine lo beintroduced A

Review oi four major "batlk&

~11\l&lio!I ...

gtJ8Alillee n~ * EDR &·~alnts

L-e<>ding fu.prirniafy productlQn CUS(Ol!IE;rB

l\SIC,,"'lfurj:erne<rt fllview Data availability and ""e b"y Pt"'ltlciNity Comll1iSlion

;. FnnciaJ ~ted:ciime .l Foresbyfnanaged A

.A Life lnsur"°~Ady;ce Womng Group

=nnent <if<:uslomer Ji. framework (Ran_lsay Review} ~an<t .A.

.l Dperr bariklorJ (F ..-ieJI Revi..ai) (ongoing) Cdmpetil;o~;. tl\e·Ailslsalian linoncjal """'em Wbiill"eli'°""" grolecfions

mvestmenlsohemeir; A SalllinyOf flf181;1cial .A

Mviee

... lril'l'*""llatiortof ... FOFA.refi>rms

.A "low do<' oom.. Joens

crijr:Wlal. civil'and adminililralive penalties 1or'Ah~ collar atme

R.,.;ewon~ oolyhomeloons

t • .A

• ...

~eiencyol superanooation S}<lil~ A (ol)Qlolng) COl)S\!{ller ~n l:lfe irisunlnoe induslrY

Weaftt\Maf)&gemellt .Jli:<>.i!'ci CU!tu:e, .conduc;! end :amftltls of1nterest in verllcally-integraled buoi_~Jn fund&-flll*lagemenl Ute· insurance..cta~ Finantialai:Mc<!:lees

. ftir no -secvtce

.A

.A •

.A .. .A. 5'11$11 busi.-.- loans •

(C&mell loqlliiy)

l?rullential inquiry into ~ce. ooft!Jre and a,~nt,abili\Ywi1liinCBA lntereSl.oolyhOme loans lndustcyprac,ti<:es-iit~ ~r<l!ki"ll Mo~e ll<okerreQUl!!notion Antmcial advice: ~ar~ instifutiont\overilee "their adVi5"'JS R~b!e'e<Etie•' ~i<jnreoblgaoons

RC0.0001.0003.0067

/ Annexure B - ASIC Banning Orders and Enforceable Undertakings

Date Advisor Details of Bannina Order 2018 Kimberley Former CFP employee banned for five years for engaging in conduct that was

Holgate likely to mislead by cutting clients' signatures from documents held on file and pasting them onto new documents; not acting in the best interests of her clients when advising they rollover their existing super to a new product issued by CFSIL; not acting in the best interests of her clients by advising them to cancel existing insurance policies and apply for personal insurance issued by Comm Insure; and failing to prioritise the interests of her clients when advising them to acquire financial products which entitled her, her employer and its related entities to a financial benefit.

2017 Koresh Former authorised representative of FWL and CFP banned permanently for Daniel engaging in misleading, deceptive and dishonest conduct and failing to act in his Houghton client's best interest when providing advice. ASIC found that Mr Houghton had

created false documents by cutting and pasting customer signatures onto a letter nominating Mr Houghton as their adviser; completed and submitted insurance application forms on behalf of clients with incorrect information; failed to make reasonable enquires into clients' relevant objectives, financial situation and needs; and failed to conduct a reasonable investigation into financial products that might achieve the objectives of the clients.

2017 Julie Former authorised representative of FWL banned for three years for failing to Hamilton make enquiries into her clients' financial circumstances when recommending

switching of their superannuation and insurance; failing to consider her clients' circumstances when providing advice on superannuation and insurance; failing to give priority to the interests of her clients when providing advice; and failing to disclose fees and charges associated with the implementation of her advice.

2015 Rebecca Former employee of CFP who was the servicing planner of banned former adviser Locksley Jade Zaicew (see below). Ms Locksfey was banned for 18 months for creating

false documents for client files. 2015 Shamie Kent Former employee of CFP banned for eight years for not providing a Statement of

Advice to a client before providing a further financial service; submitting insurance applications and alteration requests that contained incorrect information; writing purported signatures of clients on insurance alteration requests and superannuation withdrawal forms; advising a share brokerage fee that was not properly payable by the client; and charging an excessive adviser fee and representing that the fee would be refunded; and did not take timely steps to refund the fee amountinci to unconscionable conduct.

2015 Stuart Former adviser for CFP banned for five years for failing to provide a statement of Murray advice within the required timeframe on more than 500 occasions despite Jamieson receiving warnings from CFP. ASIC also found that Mr Jamieson engaged in

misleading and deceptive conduct in April 2014 by not disclosing his previous employment with CFP and the investigation into him when applying to become an authorised representative at Securitor Financial Group Limited.

2014 JadeZaicew Former employee of CFP banned for seven years for engaging in misleading and deceptive conduct by conducting unauthorised transactions on several client accounts; including false information in three documents for the purpose of recording client instructions that were not in fact given; and backdating four records of advice contained on client files. ASIC also determined that Mr Zaicew should be banned because he was not a fit and proper person to engage in credit activities In light of the misleading and deceptive conduct he engaged in while at CFP, and he caused his company Lifeguard Private Wealth Pty Ltd to breach the credit legislation by representing on the company website that Lifeguard was able to engage in credit activity in circumstances where it was not licensed to do so.

2012 Rick Former financial planner for CFP permanently banned for failing to comply with Gillespie financial services laws; forging clients' signatures on documents; creating false file

notes· enoaoino in misleadino and deceptive conduct in issuino financial product

u Commonwua1th Ban.._ of Australfa

L\325360228.1

RC0.0001.0003.0068

/ Oate Advisor Details of Bannina Order

information in the form of a marketing letter which contained representations that were false or misleading; providing advice to a client that was not appropriate in the circumstances and charging excessive fees. ·

2012 Simon ASIC accepted an enforceable undertaking from the former senior financial Langton planner for CFP who agreed not to provide financial services for a minimum of two

years after he failed to complete Financial Needs Analysis documentation; allowed clients to sign blank Financial Needs Analysis documentation; failed to make reasonable inquiries in relation to the personal circumstances of clients before implementing advice; failed to provide clients with Statements of Advice; failed to provide Statements of Advice within a reasonable time period; and failed to disclose fees in a Statement of Advice orovided to a client.

2012 Chris Baker ASIC accepted an enforceable undertaking from the former CFP financial planner who agreed not to provide financial services for a minimum of five years after not properly completing a number of CFP's Financial Needs Analysis documents; failing to determine relevant personal circumstances of customers before implementing advice; having a large proportion of clients that were profiled with aggressive risk profil.es; providing property asset allocations to clients which were far above the recommended asset allocation for their risk profile; failing to provide a Statement of Advice document when he was required to do so; and failing to includinq a replacement product advice record in a Statement of Advice.

2012 Jane Duncan Former financial planner for CFP banned for three years for not having a reasonable basis for advice provided; failing to provide a Statement of Advice document to a customer; failing to include the main requirements for a Statement of Advice document; and failing to provide a replacement product advice record where required. ASIC also found that there were instances where Ms Duncan failed to action client instructions and left customers uninsured without their knowledge. Further, ASIC found that Ms Duncan had stored CFP customer files in her motor vehicle.

2012 Anthony Former financial planner for CFP banned permanently for engaging in dishonest Awkar conduct by forging signatures of his clients on documentation such as Statements

of Advice: inducing another person to deal in a financial product by dishonest concealment of material facts; making false statements which were likely to induce persons to apply for financial products; and failing to give Statements of Advice and PDSs to customers. ASIC also found that Mr Awl<ar inserted fictitious information into Financial Needs Analvsis documents relatinq to clients.

2012 Joe Chan ASIC accepted an enforceable undertaking from the former adviser for CFP who agreed not to provide financial services for a minimum of two years after falsely classifying customer files, encouraging customers to purchase insurance by waiving advice fees and providing false information in Statement of Advice documents.

2012 Don Nguyen Former employee of CFP banned for seven years for failing to have a reasonable basis for advice; failing to provide Statements of Advice; failing to provide PDSs; failing to provide additional information when recommending the replacement of one financial product with another; making statements that were false or misleading in a material particular; and inducing clients to deal in financial products by making statements or forecasts that were misleading, false or deceptive. ASIC also found Mr Nguyen's conduct was not isolated and persisted for a period of at least two vears between 2006 and 2008, with multiple clients.

2011 Trevor Carll Former employee of FWL permanently banned for acting dishonestly and in breach of financial services laws between 31 May and 26 July 2005 when he fraudulently caused two of his clients to sign third party security documents that resulted in the lodgement of over $900,000 of the clients' retirement funds as security for a maroin loan facility he operated.

65 Commonwealth Banh o·t A.usu\liia

L\325360228.1 ' - -I l - - - - -

RCD.0001 .0003.0069

I Annexure C - Adverse findings made against the Group

Court .. Tribunal, Reg,l!lator etc. Summary

Jolanta Jaskulska. v Commonwealth Insurance Limited This case concerned a disputed claim under a house and contents insurance policy.

(2724/2008) (Local Court of New South Wales) Commonwealth Insurance Limited (CJL) disputed proof of ownership and refused payment in respect of several items. The Court accepted that CIL had previously admitted ownership of some items and awarded Jaskulska $1 ,280.

Slaveska v Commonwealth Bank of Australia (Credit) This case concerned an allegation that two credit contracts showing the applicant and her husband [2008] VCAT 110 (22 January 2008) (Victorian Civil and as joint and several debtors and the Bank as credit provider, were unjust within the meaning of

Administrative Tribunal) section 70 of the Consumer Credit (Victoria) Code. The Bank was successful in having the proceedings struck ouf due to lack of jurisdiction. While there was no adverse determination against the Bank, the Member was critical of the execution of business purpose declarations, noting that the Bank had not complied with the Code of Banking Practice, and also noted ambiguity in certain of the Bank's loan contracts. Further, the Member recommended the Bank investigate allegations concerning conduct of a certain bank officer.

Solak v Bank of Western Australia Ltd & Ors [2009] VSC This case concerned a claim against Bankwest relating to the granting of a fraudulent mortgage of 82 (Supreme Court of Victoria); Kheirs Financial Services property owned by Solak to Bankwest. Solak sought declarations that the mortgage was void and Pty Ltd and Anor v Aussie Home Loans Pty Ltd and Anor an order securing the discharge of the mortgage. The trial judge held Bankwest to be liable for (2010) 31 VR 46 (Victorian Court of Appeal) 15% of the loss flowing from the fraudulent transaction. The trial judge also decided to apportion

liability as between Kheirs, Bankwest and Aussie and AHL Investments Pty Limited as being 70%, 30% and 0% respectively which informed the costs orders made. The effect of those orders was that the costs of Aussie and AHL were to be paid as to 30% by Bankwest and as to 70% by Kheirs.

The costs orders were overturned on appeal due to the trial judge not undertaking a sufficient adjudication of the third and fourth party proceedings. This resulted in the Court of Appeal not being in a position to adjudicate on liability as between Bankwest, AHL and Aussie and Kheirs. As there was no finding of any disentitling conduct on the party of any of Aussie, AHL or Kheirs in the conduct of the litigation and the claims against them were dismissed, Bankwest was ultimately ordered to pay the costs of Aussie, AHL and Kheirs.

Stevens v Colonial Mutual Ufe Assurance Society & This case concerned a disputed claim under a life insurance policy on the grounds of alleged non-Commonwealth Financial Plannjng Ltd [2012] NSWDC disclosures concerning health issues. Stevens also pursued the financial planner, being an 94 (District Court of New South Wales); Commonwealth employee of CFP, for alleged misleading and deceptive conduct.

66 Commoov-e.alth &ok of Austraha

L\325360228.1

Court, Tribunal, Regulator etc. Financial Planning Ltd v Couper [2013] NSWCA 444 (New South Wales Court of Appeal)

Commonwealth Bank of Australia v Ozden & Anor [2013] VCC 94 (County Court of Victoria); Ozden & Anor v

Commonwealth Bank of Australia [2014] VSCA 127 (Victorian Court of Appeal)

Bank of Western Australia Umite<;f v Leila El-Khoury & Ors [2013] NSWSC 157 (Supreme Court of New South Wales)

Bridget Ann O'Neill v Commonwealth Bank of Australia [2013] NSWSC 836 (Supreme Court of New South Wales)

&7 Cc>rronoowealtfl &ok of Austraha

L\325360228.1

Summary

Stevens w as unsuccessful against the first defendant and was ordered to pay its costs. However, the Court found in favour of Stevens in respect of the second defendant in the sum of $311 , 128.04 inclusive of interest up to the time of judgment.

RCD.0001 .0003.0070

On appeal, the Court of Appeal was of the view that a review of the evidence demonstrated that, to the extent the primary judge's findings were based on the credibility of Mr Stevens and his daughter, they could not by themselves sustain the judgment. However, the Court of Appeal was of the view that the judgment could be upheld and a retrial avoided because a review of the evidence showed that the written advice given by CF P's authorised representative was misleading and deceptive, and caused Mr Stevens to take up the policy.

This case concerned a claim for debt recovery and possession of two security properties.

The Court found for the defendants in part of their counterclaim, holding that the Bank had a duty to cooperate with the defendants in the return of the title to them. The Court found that the defendants had lost the chance of selling, or obtaining finance on, the property and that chance is of value. The Court ordered the Bank to pay the defendants the sum of $5,000. The Bank was otherwise successful in its claim. Ozden unsuccessfully appealed the decision seeking increased quantum.

This case concerned an application for summary judgment against guarantors of allegedly defaulting debtors.

The Court was of the view that it was arguable that the Code of Banking Practice appfied to one of the relevant loans and, if it did, there was no evidence (in the context of a default judgment application) that the Code had been complied with. The Court was of the view that the defendants should not be deprived of the procedural fairness of a final hearing, at which the Code's application and its overall effect, if it applied, could be considered. Summary judgment was not granted and orders were made for further conduct of the proceeding. Ultimately, the dispute was settled.

This case concerned an application for a declaration that O'Neil was entitled to occupy a mortgaged property. The Bank held judgment for possession of the mortgaged property and then took possession of the property by way of eviction.

A tenancy agreement had been entered into after judgment for possession was entered in favour of the Bank. The tenant was not given notice of eviction but would have been entitled to make application under s 125 Residential Tenancies Act 1997 (VIC) had notice been given.

The Court ordered that the tenant w as entitled to occupy the property until the expiry of the

RCD.0001.0003.0071

Court, Tribunal, Regulator etc. Summary residential tenancy agreement. The application for a declaration that applicant was entitled to occupy premises for period of tenancy was granted.

BWA Group Services Pty Ltd: WorkCover -Western This case concerned a letter of caution issued by WorkCover WA that SWAGS did not hold an Australia file numbered 0214-2013-01 / 9498 exemption under the Workers Compensation and Injury Management Act 1981 (WA) from its

(WorkCover - Western Australia) obligation to maintain insurance under the Act.

WorkCover WA subsequently conducted an investigation and found that, despite being an employing entity on 2.2 March 2012 and not exempted from insuring under the Act, SWAGS did not hold a conventional policy of insurance until 4 February 2013.

WorkCover WA reached the view that it was not in the public interest to initiate a formal prosecution.

Graham v Colonial Mutual Life Assurance Society This case concerned a disputed claim under a life insurance policy issued to Graham's late Limited (No 2) [2014] FCA 717 (Federal Court of husband. Despite accepting that the application for insurance was deficient, the Court was not Australia) satisfied that Commlnsure would have offered different terms if it had known the true position with

respect to the insured's health.

The Court awarded Ms Graham the benefit payable under the terms of the policy, interest and costs.

Commonwealth Bank of Australia v Doggett & Ors (2014] This case concerned claims for a debt pursuant to various documents executed by the defendants. VSC 423 (Supreme Court of Victoria); Do.ggett & Anor v The defendants' defence relied on, inter alia, clams that the Bank had breached the Code of Commonwealth Bank of Australia (2015] VSCA 351 Banking Practice. (Victorian Court of Appeal)

The Court of Appeal, upholding the decision at first instance, agreed that the Bank had breached clause 25.1 of the Code, and ought not to have approved the business facility extended to Dogvan007 Pty Ltd (guaranteed by the directors, Doggett and Sullivan) but that correspondence from the Bank had compromised those claims against the Bank for that breach. The Court of Appeal also upheld that the compromise was not vitiated by duress. The appeal was dismissed.

Bankwest a division of Commonwealth Bank of Australia This case concerned claims pursuant to a number of documents, including a guarantee, executed v Kevin Robert Mann [2015] WASC 187 (Supreme Court by Mann. of Western Australia)

In dismissing the application for summary judgment, the Court found that, it was at least arguable that the Bank:

a) had engaged in misleading and deceptive conduct; b) had engaged in unconscionable conduct; and

u Con:unooweilltfl Ban~ of Austraha

L\325360228.1

RCD.0001 .0003.0072

Court, Tribunal, Regulator etc. Summary c) was estopped from enforcing its rights under the various facilities, guarantees, loans and

mortgages.

Commonwealth Bank of Australia v Wood [2016] VSC This case concerned claims pursuant to a number of documents, including a guarantee, executed 264 (Supreme Court of Victoria) by Wood. Wood's defence relied on, inter alia, allegations that the Bank had breached the Code of

Banking Practice. The Court found that the Bank did not comply with the Code. However, it did not accept that Wood would have refused to provide the guarantee had the breaches not occurred. Accordingly , the Bank obtained judgment for the full amount of the claim.

Carmelo Adriano Mastronardo v Commonwealth Bank of This case concerned a claim by the plaintiffs for loss and damage said to have been caused by Australia Trading as BankWest [2017] NSWSC 1052 unconscionable conduct on the part of Bankwest, being repudiating a provision for the release (Supreme Court of New South Wales) from security of real property.

The Court found that Bankwest had repudiated the release provision, however, its conduct did not amount to unconscionable conduct. Despite the repudiation, the Court found that the plaintiffs could not show that they had suffered any damage. Accordingly, the Court found that the Bank was entitled to a money sum and orders for possession of real property.

Commonwealth Bank of Australia v Stephens [2017] This case concerned claims pursuant to a number of documents, including two loan agreements VSC 385 (Supreme Court of Victoria) and a mortgage, executed by Stephens.

Despite the Bank being successful in its claim, the Court noted that there were aspects of the Bank's conduct that was less than satisfactory, however, it was not unconscionable. The judgment also notes some aspects of the Bank's lending practices that could have been handled better by the Bank. Notwithstanding the conduct and practice, the Court was satisfied the loan agreements and mortgage were enforceable against Stephens.

69 Commonv.ealtfl &nk of Ausualia

L\325360228.1

RC0.0001.0003.0073

Annexure D - Glossary

Term Definition AIL Avanteos Investments Limited ACCC Australian Competition and Consumer Commission AML Anti-Money Launderino APRA Australian Prudential Regulation Authority ASIC Australian Securities and Investments Commission Aussie Aussie Home Loans or AHL Investments Pty Limited AUSTRAC Australian Transaction Reports and Analysis Centre Bank Commonwealth Bank of Australia B&PB Business & Private Banking, a business unit of the Bank BWFA BW Financial Advice Limited CBOSC Commonwealth Bank Officers Superannuation Corporation Pty Limited CCMC Code Compliance Monitoring Committee CCP Credit Card Plus CFP Commonwealth Financial Planning Limited CFSIL Colonial First State Investments Limited CGI Colonial Geared Investments CMI Challenger Managed Investments Limited CMLA Colonial Mutual Life Assurance Society Limited CMS Colonial Mutual Superannuation Pty Limited CRM Customer Relationship Manaoement Comm Sec Commonwealth Securities Limited Count Count Financial Limited CTF Counter Terrorism Financinq EU Enforceable Undertaking FOS Financial Ombudsman Service FOFA Future of Financial Advice FWL Financial Wisdom limited FX Fore'ion Exchanoe Group The Commonwealth Bank of Australia and its associated Australian entities GCR Group Customer Relations IB&M Institutional Bankino and Markets, a business unit of the Bank Letter Letter from the Honourable KM Hayne AC QC dated 15 December 2017 Letters Patent Letters Patent dated 14 December 2017 OAR program Ooen Advice Review program PDS Product Disclosure Statement RBS Retail Bankino Services, a business unit of the Bank RSE Registrable Superannuation Entity SIS Act Suoerannuation lndustrv Suoervision Act 1993 (Cth) Storm Storm Financial Limited (in liquidation)

TO Cum;nonweatth Banti of Auslfaiff!

Ll.32536022.8.1

Date post:	11-Aug-2020
Category:	Documents
Upload:	others
View:	1 times
Download:	0 times

Royal Commission into Misconduct in the Banking ...€¦ · number of its subsidiaries (Aussie Home...

Documents