Contains Confidential Information ANZ.800.376.0061

6. Operational Risk &. Compliance Update Wealth Australia

Restricted

Tony Arnold Wealth Head of Operational Risk & Compliance

18 August 2016

FOR NOTING

Restricted

BRCC

Page 1 of 12

Key Areas of Focus

OverviewArea

Impacted

Operational and Compliance Risk Internal Audit

• An internal audit review is underway across ANZ Group to review the processes in place to manage the

Operational & Compliance Risk Frameworks. The review is looking at how the second line Risk Teams

within each Division provide oversight and execute their review & challenge activities.

• The Wealth Risk Team has had initial planning discussions with the Internal Audit Team and has

provided an overview of the review & challenge activities already in place.

• It has been advised the Internal Audit Team will be looking at risk management within Insurance and

Direct Channels & Marketing.

• Insurance

and Direct

Channels &

Marketing.

FY 16 In-Use Programme of Work

• Individual sessions have been held with the Wealth Risk Team In Use Champions to review the current

status of each Business Unit within Wealth Australia, with respect to meeting the In Use requirements

for FY16. These sessions were chaired by the Head of Operational and Compliance Risk.

• In Use Champions are now working with each Business Unit to complete outstanding actions to uplift

scores by the end of August 2016. A final series of calibration meetings will then be held and a final

report produced for each Business Unit.

• All

Businesses

Control Testing Assurance Programme

• FY16 testing is progressing well. 68% of controls across Wealth have been tested (these metrics

exclude Technology controls) as at the end of June 2016 with 3 months left to test the remaining 32%.

Only 9% of controls tested to date have been deemed as “ineffective”.

• All

Businesses

ANZ.800.376.0062

Restricted

BRCC

Page 2 of 12

Wealth Australia Key Control Effectiveness Testing Results as at 30 June 2016

Graph 1: Controls Tested / Not Tested in FY 2016

Graph 2: Key Control Effectiveness in FY 2016

71%

29%

81%66% 68%

29%

71%

19%34% 32%

0%

20%

40%

60%

80%

100%

ANZSI A&OMC Insurance P&I Wealth Ops

% Tested % Not Tested

63%

19%

76%

57% 55%

8%

10%

5%

9% 13%

33%

11% 4%

29%38%

17%23%

28%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

ANZSI A&OMC Insurance P&I Wealth Ops

Reset for FY2016

No Result in COR

Ineffective

Effective

ANZ.800.376.0063

Restricted

BRCC

Page 3 of 12

Wealth Australia Key Control Effectiveness Testing Results as at 30 June 2016

Graph 3: Control Testing Quality Assurance – 1 October 15 to 30 June 16

Graph 4: Common Key Themes Across Wealth Australia – 1 October 15 to 30 June 16

5

3

3

4

2

1

1

2

2

2

1

1

1

5

1

1

2

2

2

1

1

1

2

2

0 5 10 15 20

ANZSI

P&I

Insurance

Ops

AOM

Number of scripts selected showing key theme

B

u

s

i

n

e

s

s

U

n

i

t

Incomplete COR Data

Link of control to risk unclear

Test script incomplete/references other scripts

Control Objectives Not Tested/Incorrectly identified

Control Tested Not Deemed a Key Control

Enhancement required to test attributes/assessment andexpected outcomesInadequate sample sizes/incorrect assessment methodselected/sample sizes not justifiedTest evidence not retained, unverifiable or do not support theconclusions drawnTest conclusions not in line with observations, expectedoutcomes or appear incomplete

35%

2%2%6%

19%

11%

4%

8%

Incomplete COR Data

Link of control to risk unclear

Test script incomplete/references other scripts

Control Objectives Not Tested/Incorrectly identified

Control Tested Not Deemed a Key Control

Enhancement required to test attributes/assessment andexpected outcomesInadequate sample sizes/incorrect assessment methodselected/sample sizes not justifiedTest evidence not retained, unverifiable or do not support theconclusions drawnTest conclusions not in line with observations, expectedoutcomes or appear incomplete

Table 1: Control Testing Quality Assurance Volumes

BU # of Controls Reviewed

ANZSI 5

P&I 3

Insurance 3

Ops 4

AOM 2

Total: 17

ANZ.800.376.0064

Restricted

BRCC

Page 4 of 12

Targeted Reviews

Reports Issued Since the Last Reporting Period

• FY16: 3 reports (YTD: 8)

1. Regulatory Returns [Wealth Finance] This was a joint review with Enterprise Controls and Oversight.Remediation schedule is underway with a focus on:

- Ensuring alignment of Wealth Regulatory Reporting risk and compliance management with ORMMF: There is abank wide focus on determining if a risk around regulatory returns should be added to the applicable riskregisters in COR. It has been recommended we re-visit if our applicable Business Units should add the risk,noting it was being tracked through our obligation registers.

- Strengthening controls governing the Wealth Regulatory Returns preparation process.

2. Maintenance of Customer and Reference Data [ANZ Share Investing] This was a joint review with EnterpriseControls and Oversight. The scope covered the assessment of the adequacy of controls in place for managingcustomer non-value data maintenance (adding, amending and editing). Remediation schedule is underway with afocus on:

- Implementing a sample review of any changes made to customer non-value data against the original sourcedocument, to ensure the data is updated accurately in ANZ systems.

- Addressing additional enhancements to the QC process.

3. Return to Sender Mails [Insurance and Pensions and Investments (P&I)] The scope covered theassessment of the adequacy of controls in place for managing Return to Sender (RTS) Mail. Remediation schedule isunderway with a focus on:

- Enhancing the RTS process for dual accounts members to ensure there are clear instructions for Operations inwhat circumstances ‘RTS flag’ should be removed or status should be changed from ‘lost’ to ‘found’.

- Defining clearer monitoring and oversight accountability.

• FY15: The 1 remaining report - BDMs and Alignment with FOFA – has been finalised with remediation scheduleunderway. Action plans arising from all other FY15 reports are complete.

ANZ.800.376.0065

Restricted

BRCC

Page 5 of 12

Targeted Reviews (Cont.)

FY16 Targeted Reviews in Progress

Review Name Business Unit Stage Target End Date

Business Specific Review

1. Advice Assurance File Selection

Advice & Open Markets

Final Report August

2. Prime Access Review (pre-audit)

Draft Report August3. Non-Applicable Rating Review in Advice Assurance Audits

4. Role of Supervisor (FSP, M3, RI and ANZ Financial Planning) (pre-audit)

5. Annual Statement Pensions and Investmentsand Insurance

Scoping September

Divisional Thematic Review

6. Customer Instructions All Business Units Final Report August

FY16 Targeted Reviews in the Coming Three Months

Targeted Review Topic Business Unit

Business Specific Review

1. Advice Assurance - Systemic Issue ReportingAdvice and Open Markets

2. Grow for Advice (Project FIAT) (this is requested by the business)

3. Reinsurance Insurance

4. Product Disclosure Statement (PDS) Sign-off Pensions and Investments and Insurance

Divisional Thematic Review

5. Project Risk Management All Business Units

Joint Review

6. Offshoring / Outsourcing Governance (with Enterprise Controls and Oversight) Insurance, Pensions and Investments and ANZSI

ANZ.800.376.0066

Restricted

BRCC

Page 6 of 12

Regulatory Engagement Executive Summary

The external review of compliance arrangements for OnePath by PWC, as requested by ASIC, has been completed. Refer to AgendaItem 15.

Wealth Australia continues to consult with ASIC on remediation of individual planners and in relation to Prime Access remediation.

Key Engagements Scheduled for 2016

• ASX issued Final Report on 19 July 2016 following on-site review in January 2016. Further action includes reviews to be performedby ANZSI due 30 November 2016. Accumulation Account incident referred to ASX Enforcement.

• ASIC meetings every 2-3 weeks on an ongoing basis in relation to its “Bad Apples” and client remediation project. ASIC’s firstpublic report is due for release in August / September 2016.

• ASIC has also commenced a “Big 4 & AMP” review in relation to Adviser Service Fee issues. ANZ are liaising on various reviewsbeing conducted. ASIC have advised they intend to issue their first public statement or report around end of July.

• Proactive engagement with ASIC & APRA on future products and services: opportunities such as Grow for Advice; Direct Insurancesales model.

Regulator Matters Under Management

Wealth Australia is continuing to manage numerous regulatory investigations and self reported matters. As at 4 August 2016, wehave a total of 35 reported breaches under management. Table 2 (below) shows the total breaches per business unit. Slides 7 – 9show the breaches and open regulatory matters in more detail.

Table 2: Open Reported Breaches Per Business Unit as at 4 August 2016

APRA/ASIC Pension & Investments

Insurance Aligned & Open Market

Pensions & Investments /

Insurance

ANZ SI/ Investment Lending

Breaches 8 1 23 1 2

ANZ.800.376.0067

ANZ.800.376.0068

Contains Confidential Information

Open Breach Reports

# Regulator Matter Account~ble Date Identified Date Due For Executive / Reported Closure

1

2

3

4

5

6

7

8

9

10

11

12

13

ASIC j APRA ilure to allocate default member contributions

viser Service Fees (ASF) continued to be deducted where a ASIC j APRA Inancial Adviser was no longer attached to the member's

ASIC j APRA

APRA

ASIC

APRA

ASIC

ASIC

ASIC

ASIC

ASIC

ASIC

ASIC

nvestment account.

ilure to apply ATO members contributions within regulatory meframe.

ilure to comply with the 3 day rollover limit

ncorrect consolidated tax statements provided to several MIS nitholders

stemic errors with respect to the provision of insurance cover

ilure to apply discounts outlined in promotional material to ucts for staff members.

ZFP misrepresentation of fees, provision of

M3 adviser misconduct. Impersonating clients

ANZFP adviser fraudulent conduct, failure to provide

I Confidential AMZFP adviser fraudulent conduct.

. * Currently forms part of the Advice Remediation Team (ART) open pipeline. • /\ Ongoing investigations with ART (including a Targeted Review)

Restricted

P Mullin 22 December 2014 Phase 1 - Complete Ph 2-

P Mullin

G Hosking

G Hosking

P Mullin

P Mullin

G Pearce

G Pearce

D Whereat

D Whereat

OPCjOPFM 13 February 2015

OPL 1 August 2015

6 August 2015

11 April 2014

13 February 2015

25 February 2015

July 2015

August 2013

1 December 2015

19 November 2014

D Whereat 19 November 2014

D Whereat 11 November 2014

D Whereat 11 November 2014

30 June 2016

On-going

On-going

Awaiting closure

September 2016

Final reconciliation check rior to closin

On-going*

On-going*

On-going*

On-going*

On-going*

On-going*

BRCC Page 7 of 12

ANZ.800.376.0069 Contains Confidential Information

Open Breach Reports (Cont.)

P adviser failed to appropriately obtain Remediation closed.

14 ASIC D Whereat 10 July 2015 ASIC continues to ppropriate qualifications and forgery investi

15 ASIC ANZFP adviser falsified a document. D Whereat 20 August 2015 On-going*

16 ASIC ANZFP adviser falsified signatures. D Whereat 18 August 2015 On-going*

17 ASIC M3 adviser failed to provide SOAs D Whereat 24 Sept 2014 On-going*

18 ASIC M3 adviser appeared to have falsified a document. D Whereat 19 September

On-going* 2015

19 ASIC D Whereat 13/11/15 On-going*

20 ASIC M3 adviser falsified signatures. D Whereat 24/12/15 On-going A

Awaiting client 21 ASIC M3 adviser committed fraud D Whereat 8/1/16 agreement to

22 ASIC RI adviser with advice compliance issues D Whereat 4/2/16 On-going*

23 ASIC RI adviser with advice compliance issues D Whereat 4/2/16 On-going*

24 ASIC P. Mullin June 2015 Appeal Panel. Awaiting

Determination

25 ASX P Mullin 20 April 2016 Referred to ASX

enforcement

26 ASIC D Whereat 25 August 2014 On-going*

27 ASIC D Whereat 30 June 2015 On-going*

28 ASIC D Whereat 7 Nov 2015 On-going A

29 ASIC P Mullin 14 Aug 2015 On-going

P Mullin 8 March 2016 On-going

ne.

BRCC Restricted Page 8 of 12

Contains Confidential Information

Open Breach Reports (Cont.) I Open Regulator Matters

31 ASIC

32 ASIC

33 ASIC

34 ASIC

35 ASIC

Notification of trust Account Reconciliation deficiency - ANZSI

2 ASX X On site visit - ANZSI - Final Report issued

3 ASIC vice remediation Team - provision of draft Remediation tools

4 ASIC

5 ASIC IC Ongoing Service Fee Industry Review/Surveillance

6 ASIC Life Insurance Review

. * Currently forms part of the Advice Remediation Team (ART) open pipeline. • /\ Ongoing investigations with ART (including a Targeted Review)

Restricted

P Mullin

D Whereat

D Whereat

D Whereat

P Mullin

P Mullin/G

D Whereat

D Whereat/ S Ford

D Whereat/

G Pearce

20 July 2016

20 July 2016

2 August 2016

19 May 2016

January 2015

On-going

On-going

On-going

4 May

ANZ.800.376.0070

Awaiting closure

On-going*

On-going A

Ongoing A

30 Nov 2016

Await ASIC feedback

Await ASIC feedback

Await ASIC feedback

Ongoing

BRCC Page 9 of 12

Restricted

BRCC

Page 10 of 12

Compliance Regulatory Change

Emerging Changes

• Life Insurance Framework: Bill lapsed. However, commitment to reforms still strong across industry and Canberra. Wealth Australia will proceed with updates to life insurance product development and distribution in line with proposed changes.

• Adviser Professional Standards: Exposure draft released with amended transitional requirements for attaining higher educational requirements for new and existing advisers. Consultation closes end of May 2016. Wealth is continuing to work with the industry to ensure there is sufficient representation of the impacts to our salaried and aligned planners. Once legislated, high impact on Advice business is anticipated.

• Attribution Managed Investment Trust Tax Regime Changes for Investment Trusts: The changes codify industry practice and provide greater certainty and reduce complexity on the tax treatment of unit trusts across the industry. The changes in tax treatment of managed investment trusts applies to assessments for income years from 1 Jul 2016. Implementation is underway, led by Wealth Tax, CIO and Legal.

Updates on Compliance Projects

• MySuper Transition: The second phase of the MySuper transition is the transfer of applicable members from two legacy products (Integra and ASA) to the SmartChoice product. This is on track for completion by Nov 2016.

• Stronger Super Disclosure Requirements: This project continues to be impacted by changing legislative requirements and compliance dates. In particular due to the lapse of the Bill to introduce portfolio holdings and product dashboard. ASIC has extended the implementation date to Jul 2017. Work on known requirements is tracking amber due to complexity of changes and fee disclosure requirements is tracking red due to complexity of application to Wealth legacy products.

• Tax Agents Service (TASA): Ongoing deliverables are tracking green. Transition phase for TASA registration has commenced. Continued project focus on creating the framework and Licensee guidance material for Aligned Dealer Group supervision model. Way forward for ANZBGL TASA compliance and supervision model is currently being worked through.

• SuperStream Update: The next phase of the SuperStream project is now underway and relates to changes in rollover data standards, with implementation dates in Q4 2016. Completion of the development is not achievable through current testing window and the project is currently considering available options through ASP working group.

• ASX Trade Platform Upgrade: ASX is upgrading its trading interfaces. This will require upgrades to trading interfaces and remaining ASX interfaces for ANZ Share Investing. ASX has advised that the upgrade go-live has been pushed out from Sept 2016 to Feb 2017 at the earliest. Planning will be completed this month and build commences Jun 2016 with expected completion by end of Nov 2016.

ANZ.800.376.0071

Restricted

BRCC

Page 11 of 12

AML & Sanctions Wealth Update

Audit Issue Rating Status

KYC Governance, Oversight and Monitoring (2016)

2 Audit items being completed

AML/Sanctions High Risk Customer Management

Audit in progress In progress

AML/CTF – Key Operational Activities Know Your Customer (KYC) Compliance

*PEP name alerts remain high due to the full screen of domestic Politically Exposed Persons (PEPs) as required by new AML/CTF legislation. **6 ANZSI exits occurred for the quarter relating to high risk customers.***SMRs reported to AUSTRAC in June primarily relate to large cash deposits to ANZSI accounts.

• Target ‘Overall KYC Compliance Rate’ for individuals is 95%• Target ‘Overall KYC Compliance Rate’ for non-individuals is 100% • P&I individual compliance rate errors primarily relate to the loading stage.• Since January 2016 the MLRO team has had to continually check the work of the QC

teams and this has evidenced that the QC teams knowledge of how to QC non-individuals requires improvement. If the MLRO did not check the QC teams work and request remediation, the statistics above would not be as good.

PEP & High Risk Customer (HRC) Enhanced Customer Due Diligence (ECDD)*

Initiatives

* Low risk domestic PEPs are not required to have ECDD conducted, hence are not reported in this section.

AML/CTF Current State Assessment for Wealth• The assessment has been completed and the results will be communicated to

business stakeholder in late July 2016.

ANZSI PEP Screening (35,000 records)• This Audit item Ex.32 is now closed • Outstanding records have been screened against PEP / Black lists in NetReveal

(screening system). 497 names have been flagged as potential matches. They will now be investigated to de-identify those potential matches.

GIA Audits (open) Project/Industry Insights / Regulatory Update

AUSTRAC CDD Project• Implementation of ANZSI system CDD changes expected Q4 2016• CDD Phase 2 (i.e. Gatekeeper feed into iKnow) analysis being completed. AUSTRAC Risk Assessment on Superannuation • AUSTRAC has advised that the final report will be released in late August 2016AUSTRAC Risk Assessment on Financial Planners & Stockbroking Sectors• ANZ met with AUSTRAC as part of the their field work. The primary purpose was to

obtain industry feedback as to associated risks in these two sectors.

ANZ.800.376.0072

Restricted

BRCC

Page 12 of 12

Appendix 1. Regulator Engagement Schedule

Category Activity Frequency Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16

AP

RA

APRA ANZ / APRA Liaison Quarterly 28-Apr-16

APRA Senior Leader Liaison Meeting Ad-Hoc 02-Aug-16

APRAMeeting with the Board of OPC / OFM

Annual

APRAANZ Wealth Prudential Consultation – for all AREs

Annual

APRA Meeting with the Board of OPL/OPGI Annual

APRAMeeting with the Board and Committee Chairs of OPC / OFM

Annual

APRAMeeting with the Board and Committee Chairs of OPL / OPGI

Annual

APRA APRA Liaison Meeting - ANZLMI Annual 15-Feb-16

APRAAPRA/ASIC meeting on Stronger Super

Ad-Hoc

AS

IC

ASICANZ Wealth (ANZW) & ASIC Liaison Meeting

02-Aug-16

ASIC ASIC meeting on Shine Ad-Hoc

ASICReturn to Sender and Client Contact Meeting

Ad-Hoc

ASIC Project Gold As Necessary 14-Apr-16 27-May-16

ASICPrivate Bank Membership Package update meeting with ASIC in Melbourne

Ad-Hoc 12-Feb-16

ASICASIC Compliance/Remediation Project

Every 3-4 weeks

4-Feb-1622-Feb-16

02-Mar-1617-Mar-16

07-Apr-1629-Apr-16

18-May-1627-May-16

09-Jun-1620-Jun-16

28-Jul-16

ASIC ASIC Liaison Meeting - ANZSI Annual 29-Feb-16

ASIC ASIC Industry Liaison - Insurance Ad-Hoc 22-Jun-16

ASICASIC industry liaison - Client Account Hacking

Ad-Hoc 25-Feb-16

AS

X

ASX ASX On-site Review - ANZSI Ad-Hoc 01-Apr-16 31-May-16

ANZ.800.376.0073