You can tell when Rowena Orr, QC, is reaching the peak of her frustration with a witness when she asks this question: “Are you sure that’s the evidence you want to give?”
Orr, the senior counsel assisting the commission, was being made to work very hard by Allianz’s chief risk officer, Lori Callahan, herself a lawyer.
Callahan’s evidence was delivered in a confident American accent, and her mantra was context, context, context.
Many of her answers about Allianz’s past misconduct – and there was plenty of it, ranging from the use of misleading and deceptive statements in advertising through to its failure to report breaches to the corporate regulator – involved a description of the actions she, as chief risk officer since last December, had taken to lift the standard of compliance in Allianz.
Callahan has much work to do. As an internal workshop earlier this year found, Allianz’s own risk and compliance staff reported that there was no reporting or monitoring of compliance practices, not enough resources in compliance and a defensive, black-letter approach.
Callahan insisted she had helped to drive widespread change in many areas which had alleviated many of these concerns.
One example of this action was an independent report Callahan commissioned from Deloitte into incidents that led to a number of breach reports to ASIC.
The draft was delivered on July 9 this year, and did not make for pretty reading. It included findings such as that the “compliance function has no formal or recognised authority”.
Callahan’s response? She rang Deloitte on the day and asked them to immediately withdraw the report, arguing that many of the actions it suggested as remedies were under way, and should have been classified as such.
It was not, as Callahan admitted to Orr, “her finest moment”. She did backtrack at the time, and the report has made it to the Allianz board.
The growing frustration of Orr and Commissioner Ken Hayne bubbled up when Orr put one of her final propositions to Callahan.
Did the Allianz executive agree that the processes inside Allianz were not adequate to ensure the company met its requirement to report breaches to ASIC in a timely fashion?
Callahan admitted there had been a failure of the process in some instances, but said she couldn’t agree there was “wholesale failure”.
Orr invited Callahan to consider her answer and the evidence she’d been shown. “We’ve seen multiple instances of your processes failing.”
Orr had to ask the question a third time and then to her surprise, Callahan said she did believe the processes were adequate.
“Are you sure that’s the evidence you want to give, Ms Callahan, when you’ve explained that you’ve made such significant changes since the end of last year, including establishing for the first time in May this year a breach review committee?”
Callahan set off on an answer about breach committees. Orr asked the question again.
“I think the processes were adequate. The adherences to those processes is where I think the failure has occurred,” Callahan said.
Orr pushed on. “Is Allianz now reporting significant breaches to ASIC within 10 business days as required in the (Corporations Act).”
Callahan insisted it was.
But Orr then took her to a risk committee report from July 2018 that listed four breaches not reported to ASIC within the 10-day timeframe, and a number of others under assessment.
Callahan could confirm only one of these six outstanding matters had been reported to ASIC as a breach.
Before Callahan could step down, Hayne himself asked a typically pointed question. The Australian Prudential Regulation Authority required Allianz to examine the “embedment and effectiveness of the governance, culture and accountability across Allianz”.
The tendering of that apparently independent Deloitte report, its tough contents, and Callahan’s decision to retract it “go centrally, do they not, to questions of governance, culture and accountability?”
“Yes, I think they do,” Callahan replied.
It was perhaps her most important answer of the day, and certainly one of her most succinct.