The National Bank of Australia is among the top most banks in Australia. The Bank was established 150 years ago and since then the bank has been serving a large number of customers across the country. Today, the Bank has over 35000 employees, 10 million customers and over 800 branches across Australia. Also known as the National Australia Bank, it is the biggest business bank that has been supporting SMEs and corporates to start, function well and grow considerably. It has funded a large number of infrastructural projects over time. Some of these include, schools, roads and hospitals etc. The administration of the NAB believes in innovating the services it has been offering consistently with the provision of the best in class services to customers (NAB Official Website, 2016).
With headquarters in Australia and a strong leadership team, the NAB has grown considerably in the past few decades. The bank has a well defined corporate responsibility policy and a strong Human Resource Management. The primary goals and objectives of the bank include the provision of better services for individuals, businesses, the economy and the community as a whole. The values of the bank include motivating its employees, provide excellent services and products to customers, formation of a will to win, ensuring the right thing is done and showing respect for the customers. The Bank is very passionate for the Values that it has set in for the people (NAB Official Website, 2016).
The Vision of the Bank includes transforming customers into advocates of the Bank, increasing engagement of the people and getting an attractive return on equity. The Strategy of the bank includes increasing the amount of Australian Banking operational expenses and hiring the ideal number of employees to serve the varied segments. In addition to this, the strategy also highlights the hiring of best bankers to serve priority segment customers, raising the amount of marketing spend, laying target on priority segments and putting the focus again on big projects and initiatives. Furthermore, a line of broad strategies have also been laid by the bank through making it simpler for customers to get services or products from the bank, increasing the depth of bank and customer relationships, providing innovative solutions, driving the performance, ensuring the execution is done well and the transformation of the processes in such a manner that they are faster and more reliable (National Australia Bank, 2015).
The internal environment of the company is healthy. The bank has taken up a number of initiatives to promote the wellbeing of employees. Some of the primary strategies adopted by the bank include development of employees, training, increasing diversity, planning and development of successors and proposing of graduate programs for the talents students. Along with this, the bank has also been promoting ethical code of conduct and ensuring mental health and well being of one and all. The board of directors of the company also showcases diversity and healthy lifestyle (National Australia Bank, 2015).
With regards to the external environment of the Bank, digital transformations are a challenge in which the company operates. Along with this, the bank has been facing fierce competition from other private and public banks. It is noted that regulatory change and maintenance of funding index has been an issue for the company for quite some time now. Furthermore, it is extremely crucial to manage the non core businesses of the bank that have been giving a considerable amount of support to the organization. Lastly, there is a dire need for transformation of technology and integration of some of the recent technological advancements in order to get the best out of the market (National Australia Bank, 2014).
According to the Annual Report of the National Australia Bank, the bank offers the dividends to its shareholders in a number of ways. The distribution of dividends has been done religiously and consistently, giving a stronger image to the bank as a whole. Some notable names have been identified in the list of the stakeholders at the NAB. The stakeholders of the bank have a considerable amount of say in the overall functioning and have an impact on the strategic direction of the bank as well.
The Bank has both Internal and External stakeholders. For the external stakeholders, the information about the company is made available in the website and the annual review, however, the internal stakeholders are informed through the intranet of the bank. With regards to the identification of the stakeholders, the bank clearly mentions them as individuals, group of people and companies who are affected by the activities of the bank’s products or services. A strong communication channel is maintained between all internal and external stakeholders of the company and consistent reports on the Corporate Responsibility are also shared. Apart from this, the bank also holds an Annual Stakeholder Engagement Program to invite issues and discussions related to the business of the company (National Australia Bank Limited, 2015).
Some of the key stakeholders of the company include, customers, employees and contractors of the bank, investors (who have a share in the company, funding managers and superannuation funds), analysts, governmental regulatory bodies, associations, industry associations, suppliers, NGOs and community partners of the bank and the media in general (NAB Official Website, 2016).
Risk and Opportunities
Risk Management Fundamental Steps
NAB is committed to maintaining an ongoing focus on risks and managing them actively. With the help of Risk Committee the NAB Board oversees the risk management framework. The Risk Committee is made up of non- executive board of directors who are independent. The Board of Directors at NAB are accountable for systematic functioning of the Organisation and manage risks. These risks are managed with the help of a pattern called“Three Lines of Defence’. They are: Line Management, Risk and Internal Audit. The Line management handles the risk that comes from within the business (Internal Risks),
In the second model, the management is accountable for ensuring that risks and the environment are appropriately handled, make policies and develop tools to manage the risks, they monitor and challenge the team to perform keeping in mind the risks involved and minimise them. The team also informs the team on minimum standard expected and provide in-depth understanding. The function of the internal audit is to monitor the first and second line risks and a periodic review of the same. They also evaluate the general efficacy, manage the risks and the environment as well as encourage self- assessment.
Below are a list of nine risk categories which can potentially harm the company’s image. These risks are connected to each other therefore the management evaluates them collectively from time to time in order to deliver optimal customer satisfaction.
Credit Risk: Credit risks are those where a party or customer fails to meet the standards of NAB based on their accepted terms and conditions.
Operational Risks: These risks occur when the functions of the organisation are inadequate. Theses risks may also occur as a result of external aspects and people.
Compliance Risk: When there is a failure to comply with company laws, regulations, licensing conditions, code of conducts in the industry which are self regulatory, internal policies various processes and framework.
Balance Sheet and Liquidity Risk: This involves risks related to the book activities in NAB. It includes various other external aspects such as foreign exchange, interest rates, foreign equity, providing funds and liquid assets.
Traded Market Risk: These risks are caused by uncertainties in the market trends, foreign exchange, interest rates and credit spreads which finally has a harmful effect on NAB’s book trading activities.
Life Insurance Risk: When the bank has to pay a higher amount to its customers ,from that which is collected as premiums as well as the income earned from investments this becomes a big reason to worry and can cause considerable damage to NAB.
Regulatory Risk: This happens when the legal changes are not accurately monitored. This affects NAB’s relationship with the regulators. As a result they fail to help the Regulatory board in developing upcoming legislative activities and make the necessary changes.
Defined benefit pension risk: This happens when there is a deficit in the pension schemes that are given as benefits. This deficit happens when the assets of the pension are lower than the existing pension requirements.
Strategic Risks: These are positioning strategies that the organisation makes depending on the expectation in future environmental changes. Then there are executory risks where the company fails to execute the strategies planned.
The following table showcases the degree of risks and a detailed classification of the risks on certain grounds:
Likelihood (Low/ Medium/ High)
Magnitude (Low/ Medium / High)
Recommendation to reduce/ mitigate
Constant monitoring of environmental changes
Traded Market Risks
Fall in interest rates
Evaluating Market trends constantly
Impact Company’s image and Revenue
Constant communication and expectations of the Management
Regulatory risk can be analysed and discussed at length in order to understand how this can impact the company and its reputation. Regulatory Risks are risks that are connected to the laws made by the government or any Regulatory body. These changes can be in the form of increasing the costs for a firm in order to continue to operate, policies that can decrease the attractiveness of the offers of the bank. The regulatory body can decide on the interest rate that banks must charge their customers or limit the margin that investment accounts can possess. There may be regulations in the manner in which the banks can operate, these regulations have major consequences to the business. Their revenue gets affected, the banks can lose their customers as a result of change in policies that decrease the attractiveness of the packages.
Then there are risks involved in ignoring regulatory changes.Ignorance can not be accepted as an excuse to fail to meet regulatory rules. If the company does not stand to meet the new policy changes by the Regulatory body it can damage their name publicly because the government may take legal proceedings against the bank. This is a serious risk, therefore it is important that the Bank makes sure that they comply with government policies and updated laws at all given time to avoid making such blunders. (NAB official website)
Control Strategy and Action Plan
Operational risks are those where the roles are not well defined. When a company does not have their regulations in place for an appropriate functioning or a well defined list of who your potential customers for credit loans must be, then the bank suffers a great deal. Let us look at a few control strategies in order to mitigate the risks and its influence on the bank.
Governance: The Board of directors define main objectives of the bank and monitors its effectiveness, by evaluating if these objectives are in place. They also oversee its progress in achieving these objectives, periodically. A complete operational risk culture is discussed in the bank which enables them to follow a roadmap to implementing these risk management strategies. When the risk strategy is successfully executed it results in the bank employees to be consciously incorporate risk awareness in every aspect of the operations in the bank. Strategy, Structure and Execution is set by good governance.
Strategy: The operational risk strategy formulated by the bank helps the proper workings of the bank in other management divisions and gives a clear direction about the policies, procedures for a regular risk management process.
Appetite and Policy: The real sign of an ideal policy structure is to make sure that the behaviour of the bank is in correspondence with risk appetite. Having a strategy ensures well informed business practices and bank’s investments.
Clear Definition and Communication Policy: It is important for the top management to have a strategy in hand. Identifying risks, developing policies, assessing, deciding and implementing must be done at every levels. Furthermore the management must see to it that these decisions, assessments and policies with regard to operational risks are communicated to the rest of the employees.
Periodic Evaluations based on Internal/ External changes:Regular assessment and evaluation will improve risk performance on a superior level. A thorough review of the policies must be done based on internal operations and external factors must be done to ensure that the bank is being taken in the right direction.
Structure: A complete risk scenario must be present while making the structure for operational risk management.Providing a hierarchical structure that holds the ongoing risk processes, different forms of measurement models to evaluate the regulatory and economic assets, developing risk assessment theories, risk information collected through individual assessment throughout the organisation etc; are all ways to handle risks throughout the organisation.
Execution: Once the structure has been formulated, the time comes to finally implement those concepts into action plans. This will include, firstly, identifying the operational risk on a regular basis, after identifying the risks a target for tolerance level of risks must be established.
Finally the risk factors are mitigated and a procedure to internally control operation is established in a way that the risk tolerance is reduced to an accepted level. Following which regular monitoring and evaluation must be done and then to check how effective the risk management strategy has been (MetricStream, n.d.).
Monitoring, Review Plan
Elements of Monitoring and Review
Let us look at what some of the elements are:
Reporting to others: There must be a clear hierarchy of activities in the monitoring and reviewing process. Once the information on a certain risks, say, operational risk is gathered, then these aspects need to be included in the governance in order to create openness and accountability.
Involve stakeholders: It is important to engage stakeholders in every decision making activities, making them a part of the monitoring and reviewing process in order to achieve success. The benefits of the monitoring procedures on operational risks or any other risk must be clearly communicated to the stakeholders. This will enable them to provide complete support and a chance to willingly participate. When stakeholders are informed and allowed access to such strategies, it adds credibility to the policies.
Monitor Progress: Constant monitoring allows the bank to access appropriate information which enable the management to check the progress as well as review and make adjustments to the implementation as required. It is crucial to track the implementation process regularly therefore the implementation plans must define the kind of data that would be required and the procedure to be used. Taking advice from experts during the data collection process will add credibility to the methodology.
Review Regularly: Reviewing is a critical aspect of the mentoring process. It helps to evaluate the manner of implementation with regard to important issues. Reviewing is necessary in operational risk managements, checking governance effectiveness and also policy outcomes. Once the review is done, the findings can be used to improve the situations through better implementation.
Evaluate the end result: In order to determine the success of all the strategies and planning that has gone into risk management strategies and plans it is important to assess the end result. The proof of effectiveness of the implementation would be visible in the end results.
In order to know if the structure developed is working for the bank or not or if they are being implemented or not, A regular monitoring is vital. In addition periodic reviews help the organisation to march towards the right direction. Appropriate monitoring and reviewing warns the organisation about the upcoming issues, encourage better performance induce accountability.
Let us examine the strategies for Monitoring.
Strategies to achieve Success
Evaluation Questions: Monitoring should make us ask some very significant questions such as, “Are we doing the right thing?”, “Is it being done in the right manner?” and finally, “Are there better ways of doing it”. These questions will evaluate the effectiveness of policies in respect to its impact on the world and its outcome on the target beneficiary. They also evaluate on the processes through which the outcomes are being achieved. Finally, they cause the organisation to examine healthy practices,sustainability and other alternative options to achieving the expected outcomes.
Understanding the goals: In the planning process, the goals and the results of implementing the policies related to the risks must be clearly discussed and arrived at a consensus. In order to be successful in the implementation process it is important to understand how successful outcomes look like.
Inviting Experts: Monitoring and Reviewing must be considered critical to implementation. Roles must be clearly allocated to the chief participants who will hold accountability and work in collaboration. In the planning processes it is important to decide the people who will be involved in the reviewing process and who will handle the information collected. Evaluation activities must be taken into consideration while governance arrangements are being made. As mentioned above the participation of every stakeholder will make the process credible.
Apply the Results: Post review, these findings must be used in the best manner possible. Depending on how the recommendations are being used and in which context, the results must be specific to target audience. The application of the findings must be correspondent to the initial goal of the Organisation. This process will help to recognise if any initiative must be discontinued or if corrections are required.
Review and Monitoring helps to improve the policy decisions in future, recognise areas that require more focus and how certain measures are sustainable for the external as well in internal environment. They help to understand in which direction an initiative is moving forward and reasons for celebrating milestones (Australian Government, 2013).
Enterprise Risk Management Plan
Banks are exposed to several risks such as the growing competition from other credit units and unwarranted changes in interest rates.Banks are subject to Regulatory law changes and technological advancements. Keeping these factors in mind we will propose a Risk management plan that will help the Bank in its operations with regards to these risks.
Internal Control and Risk Management: Proper risk management policies and internal control is key to any successful Banking system which is safeguarded. An effective plan will help the bank to internally control and safeguard the Bank’s resources, create dependable financial reports and ensure compliance with laws. This will help to avoid errors as well as enable timely detection of errors if they do surface.
General Control Environment: The general control environment sets the mood in the Bank and causes the people to be conscious about control. It is the root of all internal control aspects which provides regularity and a proper structure. An Effective General control environment is set by responsible Management team and Board of Directors through their integrity, efficiency and their participation in the business aspects of the Bank. In order to have a good risk management programme, a healthy and stable general control environment is necessary. If it is ineffective then the financial aspects and approvals of the bank suffers. The level of control consciousness of the senior management also decides the functioning of certain control activities.
Specific Internal Control Environment: On establishment of a stable General Control Environment, Specific Control Environment must be developed in order to handle the occurrence and the potential damage from losses. Specific Control can be divided into two broad categories; Preventive and Detective. Preventive measures are assurance of valid transactions being processed and various other forms of controls such as: Authorised transaction limits, transactions being approved by supervisors, duties being divided and rotated, reviewing and testing scheduled and unscheduled transactions, protection of information through the computer by protecting it with passwords.
Detective Controls on the other hand assures that errors are detected and is solved. Some of the measures include: General ledger and subsidiaries are reconciled, checks and deposit forms accounted for, file maintenance review and transaction outcomes and day-to-day comparison of financial outcomes etc (Abound Resources, 2011)
Recommendations and Conclusion
Banking strategies and risk management has become a vital topic worldwide since 2008 and is not peculiar to banks or financial professors alone. Most of the risk management reports by major international institutions such as OECD, European Union and the Basel Committee, all focus on just one thing, that they will never allow such a situation again with regard to risk management. However, the matter of importance is not to avoid risks but to understand the level of tolerance of risk. No business can avoid risks but they can definitely minimise those risks and also minimise its impact on the bank.
Organisations typically face risks at three different levels:
Internal Risks: These are risks that can be fully prevented and are under the control of the bank. The bank must chalk out the right level of evaluation and implementation of their goals in order to maintain harmony within the organisation.
External risks: There is less that the bank can do with regard to external factors causing risks to the bank such as a change in the financial markets, value of currency dropping which can affect the credit system in the bank etc.
Strategy Risks: There are some risks that the bank voluntarily takes such as credit risks. Even though there are chances of a huge loss the possibilities of high returns are exceptional. However risks in this category can be avoided to some extent by conducting a thorough research on the person’s credit ratings, his job, bank statements and an evaluation of his financial condition as well as the company he is working for. Knowing these details can give the bank an idea on the customer’s future ability to make payments to the bank.
Finally, it is important that NAB focuses more on their internal risks and strategies in order to manage risks since these are two areas they have a control over. There is little or no room for control over the external factors, however NAB can plan their way forward based on a thorough evaluation of market trends, international financial market trends and global economic condition. Such an assessment will ensure smooth operation of the Bank.
Abound Resources. 2011. Sample Financial Institution Risk Management Policy. [Available https://cdn2.hubspot.net/hub/166442/file-18460940-pdf/docs/sample_credit_union_-_risk_management_policy_program.pdf%3Ft%3D1422311019000] [Accessed 14 October, 2016]
Australian Government. 2013. Cabinet Implementation Toolkit. 5. Monitoring, Review and Evaluation. [Available https://www.dpmc.gov.au/sites/default/files/files/pmc/implementation-toolkit-5-monitoring.pdf] [Accessed 14 October, 2016]
INSEAD. Banking Strategies and Risk Management. [Available https://www.insead.edu/executive-education/interviews/banking/banking-strategies-risk-management] [Accessed 14 October, 2016]
Kaplan. R. S and Mikes. A. 2012. Managing Risks: A New Framework. [Available https://hbr.org/2012/06/managing-risks-a-new-framework] [ Accessed 14 October, 2016]
MetricStream. n.d. Operational Risk Management (ORM) Framework in Banks and Financial Institutions. [Available https://www.metricstream.com/solution_briefs/ORM.htm] [Accessed 13 October, 2016]
MITRE. Risk Mitigation Planning, Implementation and Progress Monitoring. [Available https://www.mitre.org/publications/systems-engineering-guide/acquisition-systems-engineering/risk-management/risk-mitigation-planning-implementation-and-progress-monitoring] [Accessed 14 October, 2016]
Accessed 14 October, 2016]
NAB Official Website. 2016. Our Values. Retrieved from: https://www.nab.com.au/about-us/corporate-responsibility/responsibility-management-of-our-business/high-performing-diverse-and-inclusive-workforce/our-values
NAB Official Website. 2016. About Us. Retrieved from: https://www.nab.com.au/about-us
NAB Official Website. 2016. Stakeholder Engagement. Retrieved from: https://www.nab.com.au/about-us/corporate-responsibility/responsibility-management-of-our-business/stakeholder-engagement
National Australia Bank. 2015. Annual Review 2015. Retrieved from: https://www.nab.com.au/content/dam/nabrwd/About-Us/shareholder%20centre/documents/annual-review-interactive.pdf
National Australia Bank. 2014. Annual Review 2014: Examples Database Retrieved from: https://examples.integratedreporting.org/fragment/310
National Australia Bank Limited. 2015. Group Corporate Responsibility Policy: Group Risk Return Management Committee. Retrieved from: https://www.nab.com.au/content/dam/nabrwd/About-Us/nab-group-corporate-responsibility-policy.pdf