BOQ Initial Submission Dated 29 January 2018 [RCD.0001.0005.0002]

RCD.0001 .0005.0002

Bank of Queensland Limited IT"> POSSIBlE to Level 6, 100 Skyring Terrace NEWSTEAD QLO 4006 LOVE A6ANk GPO Box 898 BRISBANE QLD 4001 www.boq.com.au

29 January 2018 CONFIDENTIAL

BY EMAIL: FSRCSolioitor@roya1comm 1ssion.gov.au

ihe HonoL1rable Kenneth Hayne AC QC

Dear Commissioner

Royal Commission into Miscondu<:t in the Banking, Superannuation and Pihancial Services Industry (Royal G::ommission)

We refer to your letter dated 15 December 2017, which was recetyed by the Chief Executive Offii;::er and the General Counsel of Bank of Queensland Lirnited ( BOQ) on 19 December 2017. The letter encloses questions to Which a response was requested by 29 January 2018 (Questions).

BOQ wishes to support the Royal Commission in its work and to establish a co-operative and productive rela1ionship w ith it for that purpose. BOQ intends by this letter to provide a response that is thorough and useful to the Royal Commission, haVing regard to the scope of the questions, the time available to prepare the response and the legal constraints and considerations that are relevant to its content We would welcome the opportuhity to meet with the Royal Commission to discuss in more detail any of the matters the subject of this response.

Backgro und of BOQ

1. By way of context, we thought it may help to set out a few preliminary details about BOQ. Further useful information can .be found in the latest Annual Report http·//WWW . bog.corn . au/u ploadedFi lestS hareh older/ Ann ua I repo rts/B00-2017- Annual Report. pdf. If it would assist the Royal Commission to have further information on the structure of BOO and its operations ahd systems, please let us know.

2. To summarise:

(a) BOQ was established in 1874 as the Br isbane Permanent Senefit Building anq Investment society. In 1.887 it converted into a bank but did not become a trading bank until 1942, In 1970 it oJficially became BOQ and was listed on the ASX in 1971.

(b) BOQ's primary business is taking deposits and lending to retail and commercial customers. BOQ is not a vertfcally integrated bUs1ness and does not own a mortgag~ broker, operate a wealth divisJon or provide ffnancial planning services. 1

( c) BOQ is an ASX100 listed company and has a market .share2 of 1.4% ( ca!et1lated by reference to total managed domestic asset balances), BOQ's housing loan book

1 Whne SOQ does not run a financial planning business. there are·eight emp'loyees within the Group Treasury function who are accredited to provide tier 1.actl/lce. This service Is not promoted and i.s used from time to time for certain customers seeking a mo.re sophisticated pack019e of banking products. 2 Market .share refers to tho dome$1io banklng markot shafe detailed in tho Credit Suisse, Bank Market Shares. (4 JanuafY 2018). RCD.0001.0005.0003

CONFIDENTIAL

represents 1.8% of the domestic banking housfng loan market.3 As at 24 January 2018, BOQ's market capitalisation was $4.84 billion, making it Australia's ninth largest authorised deposit-taking institution (ADI) by that measure. As at November 2017, BOQ had a Main Financial Institution Net Promoter Score4 of 15, the third highest of any Australian ADI.

(d) BOQ's business lines include retail banking 1 business banking, agribusiness and financial markets, equipment, debtor & vendor finance and general insurance and certain 11f€ products. BOQ primarily distributes these products through its corporate and owner"manager {OM) franchised branch network.

{e) There are currently 187 BOQ branches and centres across Australia.5 The below table details the number of branches within BOQ's network by State:

Transaction State Branches Service Centre Total Centre QLD 104 2 7 113 NSW 27 27 ACT 2 2 VIC 20 20 WA 21 21 TAS 2 2 SA 1 1 NT 1 1 Total 178 2 7 187

(f) More than 3,200 staff work for BOQ.5 The below table sets out the number of BOQ employees and contractors by State/Country:

STATE Employee Contractor OM Employees Grand Total. ACT 6 8 14 NSW 473 3 113 589 NT 1 6 7 NZ ·3 3 QLD 1370 117 515 2002 SA 16 16 TAS 1'4 14 VIC 139 86 225 WA 281 68 349 Total 2289 120 810 3219

~ Credit Suisse, Bank Markel Shares (4 January 2018). 4 The Net Promoter Score is a measu~e of customers' willingness to recommend a bank's products or servfces to others. 5 As at 24 January 2018. 6 As at 24 January 2018.

2 RCD.0001.0005.0004

CONFIDENTIAL

(g) A unique feature of BOQ is its OM branch (OMB) model, which comprises around two thirds of BOQ's total branch network. Under this model, an OM enters into an agreement with BOQ to own and operate a BOQ branch as a small business. OMs tend to have strong ties to the local community in which they operate. Experience indicates that the model of having highly-dedicated small business owners with this level of community connection and customer focus is an appealing approach to banking for many customers, and one which they see as an important relationship differentiator from the much larger Australian banks. The average OM tenure is seven years, providing continuity of service and a consistent personal connection for the local community.

3. BOQ is a bank that is evolving in its systems and practices to meet the growing challenges of modern banking and to improve customer interactions, security and the quality of its services. BOQ's strategy has four strategic pillars, including "Customer in Charge", which focuses on meeting its customers' needs and delivering a seamless customer experience.

4. As the issues of focus for the Royal Commission include conduct, practices, behaviours, activities, culture and governance of entities and the industry, we have provided a high level summary of the systems and processes that help BOQ identify, remedy and prevent misconduct or performance that are or may be inconsistent with professional or community standards and expectations:

(a) The board of BOQ operates in an oversight capacity to assist BOQ to achieve its strategic objectives while complying with regulatory and ethical standards. As part of its oversight role, the board monitors the effectiveness of the BOQ Group's governance practices, oversees regulatory compliance, ensures that the BOQ Group observes appropriate ethical standards and monitors and influences the BOQ Group's values to maintain a culture that supports the BOQ Group's ability to operate consistently within its risk appetite and to deliver fair and balanced outcomes. The majority of the board of BOQ, and the Chairman of BOQ, are independent.

(b) The BOQ Group has a Risk Management Strategy (RMS) which guides the Bank's approach to risk and compliance management, and its approach to monitoring and supervision (M&S) activities. BOQ regularly reviews and tests the design adequacy and operational effectiveness of its risk and compliance frameworks to ensure they remain fit for purpose and are appropriate for the Bank's operating environment.

(c) BOQ's M&S framework includes business-unit plans (detailing monitoring and supervision activities and legal and regulatory requirements), a first line of defence risk manager within each major business line, system generated reporting to monitor completion and trend results of monitoring and supervision activities and ongoing coaching, training and consequence management processes. The M&S framework also provides a control structure to assess BOQ's compliance with its obligations and to manage any key operational and compliance risks. The control structure also includes a second line of defence conducted by internal Group Risk teams including Group Compliance and Group Operational Risk. It also includes the third line of defence of Group Assurance which undertakes internal audits and reviews.

(d) BOQ continues to embed the M&S framework and maintains executive oversight of the framework's operating effectiveness. Initiatives to enhance risk and compliance awareness and promote risk conscious behaviours continue. BOQ also adopts management review and challenge of the M&S framework and deploys ongoing training and coaching for management and staff on their roles and responsibilities in relation to the control environment.

(e) BOQ has established a close working relationship with all key regulators and law enforcement authorities. In recent years BOQ has proactively sought to advise key regulators in a timely, transparent and open manner of any material issues that arise, whether reportable or not. This a key feature of the culture within BOQ today.

3 RCD.0001.0005.0005

CONFIDENTIAL

5. We enclose a list of entities comprising the BOQ Group as at 25 January 2018 at Annexure A.

Scope of the BOQ response

6. The Questions seek information in relation to "misconduct", which is a defined term in the Terms of Reference dated 14 December 2017, as well as details of any conduct, practice, behaviour or business activity that has fallen below community standards or expectations over the past ten years.

7. The records set to be reviewed to respond to the Questions is vast. At a practical level, BOQ's records are not set up in a manner that readily allows searches to be undertaken that match all elements of the criteria that the Questions would require BOQ to apply in order to provide a full and accurate response for the ten year period without very considerable record collation, conversion and review work that would require a far longer period to complete than the time available. By way of example, to check all of the past and current employee files for the personnel who have worked for the various BOQ Group entities over the past ten years for instances where any of them may have breached a community standard or expectation has simply not been possible in the time available. It presents a very significant burden for any organisation. The same issue applies to the assessment of "misconduct" (applying the various elements of the specific definition of that term in the Terms of Reference), for this and other areas.

8. As a result, while BOQ has attempted to undertake a thorough review in the time available in preparing its response, BOQ has sought to focus on matters of a certain materiality threshold that have been able to be identified from searches to date.

9. BOQ has also taken the approach of grouping any misconduct of a similar kind or nature, which can sensibly be dealt with together, so as to avoid repetition and in the hope this assists the Royal Commission.

10. We would be happy to discuss the approach taken on BOQ's response with the Royal Commission if that would assist, and to discuss how we might supplement any searches or information gathering to assist the Royal Commission.

11. As you would also appreciate, there are constraints on what might be included in a voluntary response - even to a Royal Commission - bearing in mind obligations that BOQ has under, among other things, privacy laws and other legislation including as may be imposed by regulators, confidentiality obligations arising in contract or under the general law, and insurance considerations. In relation to the latter, and in providing the BOQ response in this correspondence to the Questions, BOQ makes no comment on whether (or to what extent) it or others may have any responsibility or liability in law for any conduct set out in this document. This response from BOQ is therefore not intended to operate - and does not operate - as an admission or acceptance of any liability in law. Rather, it is made for the sole purpose of furthering the objects of the Royal Commission, and assisting it to limit the scope of its necessary factual inquiries. BOQ remains committed to supporting the Royal Commission in that endeavour.

12. Further, there are matters in this response that are currently the subject of inquiry, investigation or action by a law enforcement authority or a criminal or civil proceeding. We have identified those matters as requested by Question 3(a). Given the status of those matters, the written responses in relation to them are circumspect. We would invite the opportunity to meet with the Royal Commission to discuss these matters in more detail after, where appropriate, notifying the relevant regulatory or law enforcement authority.

4 RCD.0001.0005.0006

CONFIDENTIAL

Confidentiality

13. This document contains confidential and commercially sensitive information. We provide the document on the basis that it will be kept confidential.

14. Similarly, no waiver of legal privilege is intended by the provision of the information in this correspondence. If the Royal Commission intends to publish this document to third parties we request the opportunity to be heard on that matter prior to it doing so on reasonable notice.

BOQ responses to Questions

15. In response to Question 4, we confirm that neither BOQ nor any of its associated entities is, or has a connection (other than an incidental connection) to, an RSE licensee of a registrable superannuation entity (as defined in the Superannuation Industry (Supervision) Act 1993 (Cth)).

16. We set out below BOQ's responses in relation to Questions 1 to 3 below grouped as referred to above.

Storm Financial

The conduct

17. Storm Financial Limited (Storm Financial) was a privately owned financial planning business founded by Emmanuel Cassimatis and Julie Cassimatis. Storm Financial was based in Townsville, with offices across Queensland, New South Wales and Victoria.

18. Storm Financial had an investment strategy that involved advising its clients to leverage their assets through acquiring debt, from various banks, through home loans and margin loans to fund investments in the stock market. Stock market investments were often by way of some form of indexed fund or managed investment scheme offered by Storm Financial. The decline in the share market during September to December 2008 substantially impaired the investments which then impacted the clients' ability to service their loans. 7

19. BOQ dealt with Storm Financial and its clients in relation to home equity loans. Storm Financial would send a quotation request for a Storm Financial client who wished to access equity in their home to invest in Storm Financial products to a number of banks. BOQ would provide a quote to provide the Storm Financial client with the loan. Home equity loans are standard bank products allowing people to access equity in their own homes for other purposes, including for investments.

20. The share market decline had the effect that some Storm Financial clients were unable to make monthly home loan repayments and as a result were in arrears on those repayments.

Inquiries, investigations or proceedings

ASIC enforcement actions

21. On 22 December 2010, ASIC filed proceedings in the Federal Court of Australia against BOQ, the owner and franchisee of the BOQ's North Ward branch, Senrac Pty Limited (Senrac) and Macquarie Bank Limited (MBL). These proceedings were brought by ASIC in its own name and, pursuant to s 12GM of the Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act), on behalf of two former Storm Financial investors, Mr and Mrs Doyle (Doyle proceedings).

7 The Storm Financial business model is described in Parliamentary Joint Committee on Corporations and Financial Services, Parliament of Australia, Inquiry into Financial Products and Services (2009) ch 3.

5 RCD.0001.0005.0007

CONFIDENTIAL

22. Mr and Mrs Doyle were retirees who were advised by Storm Financial to invest in registered managed investment schemes operated by Storm Financial (Storm Australian Indexed Trusts) and, in particular, to invest in a specific type of trust called a "Double Geared Investment". Storm advised Mr and Mrs Doyle to cash in their superannuation and to borrow funds from BOQ by way of an investment home loan and to borrow funds from MBL by way of a margin loan in order to increase the cash funds available to them for investment. Storm Financial subsequently collapsed and Mr and Mrs Doyle lost their investment.

23. In these proceedings ASIC alleged claims against BOQ and MBL based on breach of contract (the 2004 Code of Banking Practice formed part of BOQ's home loan contracts and the 1993 Code of Banking Practice formed part of MBL's margin loan contracts), unconscionable conduct (pursuant to the ASIC Act, the Trade Practices Act 1974 (Cth) and Fair Trading Act 1989 (Qld)) and liability as linked credit providers. The last claim involved the Australian Securities and Investment Commission (ASIC) alleging that BOQ and MBL were linked credit providers of Storm Financial pursuant to s 73 of the Trade Practices Act 1974 (Cth) and therefore were jointly liable with Storm Financial for loss and damage suffered by the two investors. 8 The case against Senrac was based on its involvement in BOQ's alleged contraventions.

24. These proceedings were settled, without admission, by BOQ, Senrac and MBL who agreed to pay $1.1 million, which fully compensated Mr and Mrs Doyle for their financial loss arising from their Storm Financial investments.

25. On 22 December 2010, ASIC also filed proceedings in the Federal Court of Australia alleging that the conduct of the Storm Financial model amounted to the operation of a managed investment scheme that was required to be registered under the Corporations Act 2001 (Cth) and was not registered in contravention of s 601 ED(5). ASIC further alleged that Storm Financial operated the managed investment scheme and that Commonwealth Bank of Australia (CBA), BOQ and MBL were knowingly concerned in the operation of that managed investment scheme. 9 These proceeding were referred to as ASIC's unregistered managed investment scheme (UMIS proceedings).

26. On 22 September 2014 ASIC's proceedings against BOQ were resolved in conjunction with a related class action (discussed below).

Class Action and Other Civil Litigation

27. BOQ was also the subject of a class action in relation to the collapse of Storm Financial, Lee v Bank of Queensland, which was commenced on 5 December 2012 (Lee class action. 10 The causes of action included in the class action were effectively a combination of those in the Doyle and UMIS proceedings.

28. The Lee class action was commenced on 5 December 2010 by Mr and Mrs Lee on behalf of themselves and 392 group members who had borrowed money from BOQ in the period between 28 November 2002 and 2 December 2008 in order to invest in a Storm Financial branded index share fund in accordance with financial advice given by Storm Financial. 11

29. The proceedings were settled for $19,639,694 of which $2,675,000 was to be used for legal costs. Group members were required to elect whether to claim compensation or remain on the current terms and conditions of their loans (the latter having been previously renegotiated with BOQ in some cases). The class action was settled on the basis of no admission of liability.

8 Australian Securities and Investments Commission v Bank of Queensland Ltd (2011) 211 FCR 412, 414 [4], 415-418 [9]-[13] (Foster J). 9 Australian Securities and Investments Commission v Storm Financial Ltd (in liq) [No 2] [2011] FCA 858 (2 August 2011), [2], [4] (Reeves J). 1°Commonwealth Courts Portal, Lee v Bank of Queensland, Federal Court of Australia File QUO 732 of 2012. 11 Lee v Bank of Queensland Ltd (2014) 103 ACSR 436, 439 [2] (Collier J).

6 RCD.0001.0005.0008

CONFIDENTIAL

30. The Lee class action settlement employed the ASIC compensation model that ASIC had developed in conjunction with external forensic accountants to calculate Storm Financial investors' losses. The Federal Court of Australia determined that the settlement was fair and reasonable and approved it. 12 It found the ASIC model used for that purpose to be a "fair and reasonable tool for calculating losses of group members". 13 BOQ had also previously provided compensation to some investors in accordance with Financial Ombudsman determinations. 14

31. Two individual civil proceedings were commenced against BOQ in relation to Storm Financial. Proceedings were commenced in the Supreme Court of Queensland by Ms Helen Rubin and in the Supreme Court of New South Wales by Mr Mark Schabas. The proceedings relied on causes of action based on breach of contract, negligence, misleading or deceptive conduct and unconscionable conduct. The Schabas proceeding also alleged an unjust contract. Both proceedings settled without admission of liability and are subject to deeds of settlement that include requirements for confidentiality.

Parliamentary Joint Committee on Corporations and Financial Services Inquiry into financial products and services in Australia

32. BOQ addressed its relationship with Storm Financial in its submission to the Inquiry into Financial Products and Services in Australia dated 11 September 2009 (Inquiry). Mr David Liddy, Managing Director and Chief Executive Officer, Bank of Queensland and Mr Ram Kangatharan, Chief Financial Officer, Bank of Queensland were witnesses before the Inquiry on 16 September 2009.

Framework in which conduct occurred

33. The conduct occurred in a setting where investors used a financial adviser or planner as their primary source of financial advice. Financial advisers acted as the primary, and often sole, communication channel between banks and borrowers. Both the banks and borrowers relied on the financial advisers holding Australian Financial Services Licences (AFSL) and being regulated by ASIC. The experience with Storm Financial demonstrated that such an industry practice carried with it risks as the banks, including BOQ, were unable to confirm information directly with borrowers.

34. The conduct also occurred where loan serviceability was examined but not as strictly or conservatively as would have been needed to take account of stock market declines associated with the Global Financial Crisis (GFC).

Remediation and prevention

35. In addition to what has been referred to above, other remediation and prevention measures included the following.

Hardship Assistance Package

36. BOQ provides hardship assistance to customers in financial difficulty. Following the Storm Financial collapse, BOQ invited any customer experiencing financial hardship to contact the Bank directly to discuss assistance options. Examples of the assistance offered included concessional interest rates, restructured loans to extend the period of repayment and repayment holidays.

37. BOQ has not undertaken its usual collections activities for the Storm Financial customers, despite a small number of customers remaining in arrears for many years. BOQ has maintained this strategy irrespective of whether the customer is complying with their hardship arrangements. Any customer identified as being impacted by Storm Financial has been flagged and also excluded from any automated collection strategies.

12 Lee v Bank of Queensland Ltd (2014) 103 ACSR 436, 451 [57] (Collier J). 13 Lee v Bank of Queensland Ltd (2014) 103 ACSR 436, 448 [39] (Collier J). 14 ASIC, 'ASIC and Bank of Queensland Reach Storm Financial Settlement' (Media Release, 14-244MR, 22 September 2014).

7 RCD.0001.0005.0009

CONFIDENTIAL

38. At the time of the settlement of the Lee class action, BOQ had offered the following hardship arrangements:

(a) life time tenancies (0% interest for life) in respect of 11 accounts;

(b) life time RBA cash rate in respect of 17 accounts; and

Compensation

39. BOQ paid compensation as part of the settlement of the proceedings outline above.

Internal Review

40. In 2009, BOQ undertook a review of all Storm Financial-related matters. The two main themes that arose as a result of the review were the lack of a direct relationship between the BOQ and its customers, and income used in loan applications.

41. At the time, BOQ's policy was that all loan applicants were to be interviewed by bank staff. However, the policy did not address the situation typified by Storm Financial, namely where customers directed BOQ (via a signed authority) to deal directly with an advisor. Some customers when approached referred BOQ back to Storm Financial. As a consequence paperwork was often sent to the customer via Storm Financial, with the result that BOQ did not always have direct contact with the customer. This created a risk that the advisor could inaccurately complete loan applications and other documentation.

42. Between 2009 and 2010, and in light of Storm Financial and the deteriorating economic conditions, BOQ made changes across a number of its key retail credit policies. These changes tightened BOQ's lending criteria and applied greater conservatism to the assessment of affordability - for example, the buffer for serviceability calculations was raised from 1.50% above the standard variable home loan rate to 2.00% above the standard variable home loan rate. BOQ also introduced a mandatory requirement that all lending files held in branch must hold a fully completed and signed lending application and privacy consent form.

43. In 2010, BOQ established the Credit Policy Committee to strengthen the governance process for credit policy management, and implemented a structured oversight and review model for credit policies.

44. In assessing loan serviceability, BOQ takes into consideration the usual income sources such as salary and other income. Where an investment loan is concerned, BOQ uses a conservative portion of the projected income from the investment. In the case of the Storm Financial investment plan, BOQ included a reduced estimate of the total returns forecast by Storm Financial (as the customer's financial advisor).

45. While bank practices vary from bank to bank, it is standard industry practice to include at least part of the future income from investments in assessing the serviceability of an investment loan. For example, projected rentals form part of the assessed serviceability of an investment housing loan. Similarly, a conservative estimate of historical and forecast income from a small business would be included in assessing the serviceability of a small business investment loan. Without at least some recognition of expected income from the business, many loans to small and medium sized businesses would never take place. Nevertheless, in light of the GFC and the experience with Storm Financial, BOQ reviewed its policy on income calculation for future investment lending.

8 RCD.0001.0005.0010

CONFIDENTIAL

Money Market Deposit Accounts administered by DOH Graham Limited for clients of Sherwin Financial Planners Pty Ltd

The conduct

46. BOQ has, since 1998, offered a product known as a Money Market Deposit Account (MMDA) which is managed and administered on behalf of BOQ by DOH Graham Limited (DOH). DOH is a funds management and administration company which holds its own AFSL.

47. Clients of a Brisbane-based financial planning company, Sherwin Financial Planners Pty Ltd (in liquidation) (Sherwin Financial Planners), opened approximately 450 MMDAs with DOH during the period from 2004 to 2012. Sherwin Financial Planners was part of a group of companies known as the "Sherwin Group" which included, among others, Wickham Securities Limited (Wickham Securities), a debenture company based in Brisbane. The Sherwin Group was controlled by Mr Bradley Sherwin.

48. On 21 December 2012, Wickham Securities was placed in administration and on 6 February 2013 it was placed in liquidation. A further seven companies comprising the Sherwin Group, including Sherwin Financial Planners, were placed into administration on 24 January 2013 and liquidation on 27 February 2013.

Inquiries, investigations or proceedings

49. In January 2013, ASIC commenced an investigation into the affairs of the Sherwin Group. As a result of that investigation, ASIC cancelled the registration of Mr Brian Kingston (the former auditor of Wickham Securities), permanently banned Mr Sherwin from providing financial services, and charged Mr Sherwin and Mr Garth Robertson (former Chief Executive Officer of Wickham Securities) with a range of criminal offences in relation to misconduct in the Sherwin Group, including fraud.

50. In late 2016, Mr Robertson was sentenced to five years imprisonment (suspended after 20 months for a period of five years) after pleading guilty to various charges brought by ASIC, including fraud. In November 2017, Mr Sherwin pleaded guilty to 24 fraud charges and one related charge brought against him by ASIC. He was sentenced to ten years' imprisonment with a non-parole period of four years.

51. Separately, in about 2013, ASIC commenced an investigation into the operation of the MMDAs held by clients of Sherwin Financial Planners by DOH on behalf of BOQ. The investigation remains ongoing. No prosecution has been brought against either DOH or BOQ by ASIC. A separate investigation was undertaken by AUSTRAC in relation to BOQ's policies and procedures for the MMDA. BOQ has completed all actions required to be undertaken by it as part of the AUSTRAC investigation. In July 2015, a class action was commenced by Graeme and Marion Clarke (as trustees of the G & M Clarke Superannuation Fund) against Sandhurst Trustees Limited in the Federal Court of Australia. The proceeding is a closed class action on behalf of group members who were holders of notes issued by Wickham Securities. Sandhurst Trustees Limited was the trustee for holders of notes issued by Wickham Securities. (BOQ, for clarity, was not a party to these proceedings.) BOQ understands that the parties in the class action have recently (in late December 2017) reached agreement in relation to a settlement, which is subject to Court approval.

52. In March 2016, Petersen Superannuation Fund Pty Ltd (Petersen), a former client of Sherwin Financial Planners, commenced a representative proceeding in the Federal Court of Australia against BOQ and DOH. The proceeding is an open class action brought on behalf of clients of Sherwin Financial Planners who deposited funds in an MMDA and have been unable to recover some or all of the funds deposited. The claims made by Petersen in the class action are in summary:

(a) claims for breach of contract expressed in various ways but to the effect that DOH acted on instructions received from Sherwin Financial Planners by email in circumstances where that manner of giving instructions was not permissible pursuant to the terms of the contract entered into by Petersen, BOQ and DOH (being the

9 RCD.0001.0005.0011

CONFIDENTIAL

contract comprised by the application form completed by Petersen and the Product Disclosure Statement for the MMDA), and BOQ is liable as DDH's principal for those breaches;

(b) claims for breach of contract expressed in various ways but to the effect that DOH failed to question instructions given to it by Sherwin Financial Planners in circumstances giving rise to the possibility that fraud was being committed on the MMDAs, and BOQ is liable as DDH's principal for those breaches; and

(c) claims that DOH (and BOQ, by virtue of being DDH's principal) knowingly assisted in Sherwin Financial Planners' breaches of fiduciary duties.

53. BOQ and DOH deny the claims made against them and are defending the class action.

54. A court-ordered mediation is scheduled to occur in the proceedings by 31 January 2018. The proceedings are listed for hearing before Yates J commencing on 12 March 2018.

55. Given the ongoing investigations and proceedings referred to above, BOQ is not a position to respond to the remaining questions in writing as they pertain to this matter. That said, BOQ welcomes the opportunity to discuss these matters with the Royal Commission at an appropriate time following notification to relevant regulators and other interested parties as required.

Product-related issues

The conduct

56. In 2012, BOQ identified that a number of customers' Mortgage Offset Accounts (MOAs) were not linked to a home loan account for the period intended. This meant that the customer may not have received the benefit of lower interest charged on the loan account for the period where the MOA was not correctly linked.

57. In 2013, BOQ identified that (a) a number of customers were not receiving bonus interest on deposits to which they were entitled for four months from the opening of a WebSavings account; and (b) a number of customers were being incorrectly charged annual package fees.

58. In July 2013, following the identification of these issues, BOQ initiated a Product Review Program (PRP) to undertake a wider review of BOQ's products to identify any additional issues and to ensure effective remediation of impacted customers and implementation of solutions to prevent future re-occurrence.

59. In addition to the three issues noted above, the PRP identified, remediated and addressed re occurrence of the following issues:

(a) BOQ Dealer Finance (BOQF) - BOQF identified two issues occurring with the processing of its dealer finance early termination pay-outs which resulted in: (a) BOQF overcharging or under-refunding customers due to interest being charged up until the day before the next instalment due date when quoting an early buyout figure; and (b) Consumer Credit Insurance (CCI) rebates not credited upon early termination;

(b) Term Deposits - BOQ identified that some customers were not receiving interest on the correct dates and/or not receiving the correct amount of interest in respect of Term Deposit products;

(c) Lending - BOQ offers discounts on business and retail loans, lines of credit and overdraft rates as part of promotional offers and package discounts. BOQ identified that in some cases the interest rate being charged was incorrect at origination or at product switch due to errors in the account set up process;

10 RCD.0001.0005.0012

CONFIDENTIAL

(d) Deposit and Transaction Accounts - BOQ allows customers to switch their transaction account interest rates. When a customer had an interest plan/product switch processed, and a transaction occurred which had an effective date that predated the switch processing date, the transaction would be calculated using the current interest plan instead of the interest plan that applied at the effective date. BOQ identified that this could disadvantage impacted customers in a falling interest rate environment;

(e) Staff Personal Loan Package - In 2012, BOQ changed staff interest rates on personal loans to reference the Australian Tax Office Fringe Benefits Tax interest rate, which was a lower rate at the time. The new rate should have taken effect from 1 April 2013. However, the rate was not applied until 11 April 2013 and therefore staff were paying a higher interest rate for a period of 10 days;

(f) Bridging Finance Accounts - The bridging finance product was introduced on 4 February 2008 to replace the previous overdraft products offered to retail customers for bridging finance purposes. BOQ identified that the product was set up in the banking system with an incorrect charge plan resulting in a fee of $4 being incorrectly charged to customers;

(g) Standard Loan Accounts Incorrect Switch Fees - BOQ charges a switching fee to retail and business loans when the loan is changed to another product. BOQ identified that the switching fee was incorrectly charged for automatic loan product switches and within retail package loan switches. In these instances, switching fees were incorrectly charged;

(h) Business ACA Fee - BOQ customers that hold a Business First Lending Package are entitled to a discount on the Agreed Credit Advance (ACA) fee on their business overdraft facility. BOQ identified that ACA fees were not being correctly discounted on a number of overdraft facilities;

(i) St Andrew's CCI Under-Refund - BOQ identified that selected Corporate Partners incorrectly calculated refunds on single premium consumer credit insurance (CCI) policies that were subject to cancellation before the period of cover had expired and that refunds had been calculated incorrectly without reference to the correct interest model. This resulted in a number of customers being under-refunded for amounts ranging from $10.18 to $2,439.84;

(j) MBF I HLF - BOQ historically charged a Mortgage Benefit Fee (MBF) to customers who benefited from a linkage to a MOA facility. From September 2014, customers were no longer charged a MBF. BOQ currently charges a Home Loan Fee (HLF) to all non-packaged retail home loan customers. In relation to both fee types, BOQ identified that customers were incorrectly charged; and

(k) Ultimate Accounts - an ultimate account is a savings account with some accounts being used as part of an offset facility. BOQ identified that from May 2004 onwards, a number of customers with ultimate accounts did not receive the appropriate credit interest upon valid termination of the offset facility.

60. The impact on customers of the issues outlined above varied from:

(a) very minor (such as the Staff Personal Loan Package issue referred to at paragraph 59(e) which affected approximately 115 accounts with a total impact of approximately $290);

(b) to more significant (such as the BOO Dealer Finance issue referred to at paragraph 59(a) which affected approximately 14,000 accounts with a total impact of approximately $3.5 million).

61. In total, the issues identified above affected a total of approximately 112,000 accounts and had a total impact on customers of approximately $27 million.

11 RCD.0001.0005.0013

CONFIDENTIAL

62. The PRP also investigated a number of other product related issues where it was found that no remediation was required.

63. In November 2015, separately and following the completion of the PRP, BOQ identified that some not-for-profit (NFP) customers had not received the interest rate benefits and fee benefits to which they were entitled. This issue affected approximately 3,900 accounts established between May 2004 and December 2015, and had a total customer impact of approximately $923,000.

Inquiries, investigations or proceedings

64. From mid-July 2012, BOQ self-disclosed matters in relation to these issues and the PRP to ASIC. This disclosure continued on an ongoing basis until the completion of the PRP. BOQ worked with ASIC to resolve any concerns about remediation of impacted customers and prevention of recurrence.

65. On 21 March 2016, BOQ self-disclosed the issue identified in respect of NFP customers and its plan to rectify the breach, and has discussed the matter with ASIC during quarterly stakeholder engagement meetings.

66. On 30 June 2017, BOQ provided further validation requested by ASIC in relation to the PRP and has not received any further requests from ASIC since that time.

67. On 20 September 2017, BOQ provided ASIC with an update on its remediation program and has not received any further request or enquiry from ASIC.

Framework in which conduct occurred

68. BOQ's investigation and root cause analysis found that these issues were caused by the highly manual approach in the product operation environment and open architecture software systems used up until this time.

69. While this environment may have been historically fit for purpose, the change and growth of products had resulted in the software and process issues which ultimately impacted BOQ's products and therefore its customers.

Remediation and prevention

70. BOQ remediated the issues by making payment in full to all impacted customers, including interest for the time value of money.

71. In total, BOQ made payments of $26.96 million in relation to 112, 105 accounts as part of the PRP. BOQ made additional payments of approximately $923,000 to NFP customers.

72. In addition to remediating the effect on impacted customers, BOQ recognised that its core banking systems and processes could not immediately be transformed and therefore opted to implement manual processes, detect controls, prevent controls and permanent solutions (together, Controls) to mitigate the issues from re-occurring.

73. BOQ's approach to designing Controls involved establishing and documenting the roles of Evaluator (performs the Control), Approver (reviews the accuracy and completeness of the Evaluator's work) and Monitor (is accountable for the Control's operating effectiveness).

74. BOQ disclosed the Controls to ASIC and, following correspondence and further work by BOQ (including independent validation), no further request or enquiry has been received from ASIC.

75. BOQ has received independent external assurance of the BOQ compliance systems and detection controls implemented in relation to the products the subject of the PRP.

76. To ensure that all NFP customers receive the relevant interest rate and fee benefits, BOQ has implemented a product control process to review new NFP accounts on a weekly basis to

12 RCD.0001.0005.0014

CONFIDENTIAL

confirm the correct benefits are being applied. In January 2016, BOQ issued an Operational Communication to remind frontline staff of the benefits and the process required to apply them to NFP accounts during the account opening process. An Information Guide was also published for staff reference.

Henderson Poverty Index I Customer Living Expenses

The conduct

77. A number of benchmarks are used throughout the finance and banking industry to help determine customer living expenses for the purposes of assessing serviceability of loans.

78. Prior to 24 November 2014, BOQ's policy was to use the Henderson Poverty Index (HPI) as a baseline for customers' minimum cost of living (from October 2012 an additional buffer of 10% was applied on top of the HPI). This baseline, together with the customer's additional living expenses identified through a review of customer's transaction account statements (and discussed with the customer if, for example, a discrepancy was identified) was used to assess customer living expenses and calculate serviceability using BOQ's serviceability worksheet calculator. From February 2013, this calculator was updated every 6 months with HPI updates, interest rate buffer updates, and tax rate updates.

79. The HPI was developed in the early 1970s by Professor Ronald Henderson, while undertaking the 'Australian Government Commission of Inquiry into Poverty' and estimates how much money individuals and families of different sizes need to cover essential living costs. The HPI represents a very basic living standard.

80. From about 2012, a number of banks began replacing HPI with the Household Expenditure Measure (HEM). HEM is believed to provide a more refined and accurate estimation of living expenses.

81. In 2012, BOQ was subject to the Australian Prudential Regulation Authority's (APRA) industry-wide Targeted Review of Serviceability (Targeted Review). In August 2012, BOQ received its draft Targeted Review report which included recommendations relating to the assessment of living expenses, interest rate buffers and credit policy enhancements. In relation to assessment of living expenses, the report noted:

(a) BOQ's continued use of HPI, stating "BOQ may wish to consider adopting HEM to align with latest trends in industry practice"; and

(b) that "usual industry practice requires general living expenses to be provided by borrowers as the customer declared living expenses during the loan application process. BOQ's current practice of not requiring borrowers to provide details of general living expenses as part of the loan application process is not aligned with industry practice."

82. In September 2012, BOQ's Retail Credit unit commenced a review of BOQ's home loan policy to address the recommendations from the Targeted Review report. The resulting policy changes, as they relate to assessing living expenses, are outlined below. In summary, however, BOQ:

(a) transitioned from HPI to HEM benchmarking for the assessment of living expenses (formally proposed and approved January 2014, implemented 24 November 2014); and

(b) adopted the higher of customer declared expenses (the collection of which was now required as part of BOQ's loan application document) or HEM for the assessment of living expenses (formally proposed December 2014, approved February 2015, implemented 18 May 2015).

13 RCD.0001.0005.0015

CONFIDENTIAL

83. In November 2014, ASIC updated Regulatory Guide 209 Credit licensing: Responsible lending conduct (RG 209) to clarify that the use of benchmarks is "not a replacement for inquiries about the consumer's current income and expenses or an assessment based on the consumer's verified income and expenses."

84. On 10 March 2015, ASIC informed BOQ of its concern that BOQ was failing to meet its obligations under s 130 of the National Consumer Credit Protection Act 2009 (Cth) by using HPI as a proxy figure to estimate customer living expenses rather than asking loan applicants about their actual expenses (ie customer declared expenses). ASIC stated that while "[t]his does not necessarily mean that the loans are unsuitable ... in AS IC's view this indicates that the inquiries and verification carried out by BOQ are insufficient to assess whether the loan in suitable or not." ASIC referred to RG209 in its letter.

85. On 8 April 2015, BOQ responded to ASIC that it would be adjusting its policy so that customer declared expenses will be compared against HEM and the higher of either the customer declared expenses or HEM would then be used as the figure for living expenses when undertaking the serviceability assessment (see above). BOQ set out in this letter the living expenses to be requested of customers in the lending application form.

86. On 24 April 2015, at a meeting between ASIC and BOQ, ASIC noted that BOQ's move to compare and use the higher of HEM and customer declared expenses brought BOQ in line with AS IC's view as expressed in RG 209.

87. On 25 May 2015, ASIC issued a media release concerning BOQ's policy change to compare customer declared expenses to HEM, and acknowledged the co-operation of BOQ in resolving this issue.

Inquiries, investigations or proceedings

88. There were no inquiries, investigations or proceedings in relation to the conduct outlined above.

Framework in which conduct occurred

89. The utilisation of HPI (with an additional buffer of 10% and together with additional customer living expenses identified during the loan application process) to assess serviceability, instead of collecting and utilising customer declared expenses, was BOQ policy.

90. BOQ's use of HPI benchmarking for mortgage servicing purposes was consistent with industry practice in Australia. An industry trend emerged in about 2012 as a range of banks within Australia moved from HPI to HEM benchmarking.

91. From 2012 onwards, BOQ acknowledged that usual industry practice was to obtain customers' general living expenses during the loan application process (ie customer declared expenses) and that BOQ's practice of not collecting customer declared expenses as part of the loan application process was not aligned with this practice. BOQ notes, however, that peer analysis conducted in 2014 as part of BOQ's Targeted Review (see above) indicated that the adoption of discretionary customer declared expenses in serviceability calculations was not consistent across the industry.

92. BOQ did not identify any ulterior purposes for the use of HPI in assessing customer expenses. The practice resulted from the implementation of what was then BOQ policy.

Remediation and prevention

Customer remediation - HP! Retrospective Review Program

93. On 21 May 2015, ASIC wrote to BOQ requesting a proposal for how BOQ intended to review home loan borrowers in default and hardship to ensure they had not been disadvantaged by a loan provided prior to the changes in BOQ's serviceability policy (see above). BOQ had

14 RCD.0001.0005.0016

CONFIDENTIAL

previously stated that it was prepared to review its processes for monitoring customers in late stage arrears.

94. On 4 August 2015, following comments from ASIC on an earlier draft proposal, BOQ provided ASIC with its Proposed Late Stage Arrears and Hardship Review Process. BOQ's subsequent HPI Retrospective Review Program was conducted pursuant to this 4 August proposal.

95. In summary, the HPI Retrospective Review Program consisted of the following key steps:

(a) Determination of In-Scope and Out-of-Scope Customers

(i) In-scope customers were customers whose loans were approved between 1 January 2011 and 18 May 2015, or settled between 1 January 2011 and 1 September 2015, and who were in late stage arrears (meaning 60 days or 3 months) or where a hardship application has been received by BOQ on or after 9 September 2015.

(ii) Out-of-scope customers were customers who were in late stage arrears or hardship due to a change in circumstances such as death, illness, loss of employment, change of employment or relationship/marital changes.

(b) Retrospective Assessment (including Retail Credit Hindsight Review)

(i) Serviceability was retrospectively assessed using the higher of customer declared expenses or HEM to determine if a negative servicing position existed.

(ii) A Review Panel was established to review this initial retrospective assessment.

( c) Recommendation of remediation, where required.

(i) Where it was assessed by the Review Panel that a customer had been disadvantaged due to BOQ's use of HPI, the Panel assessed what (if any) remediation should be provided to the customer in accordance with BOQ policy.

(ii) The overall aim of remediation was to place customers substantially in the same position they would have been in had it not been for the disadvantage caused by BOQ's previous lending policy. Remediation depended on the circumstances of individual customers and issues identified. In providing a recommendation for remediation to a customer, the Review Panel had regard to applicable FOS principles including (but not limited to) compensation for direct financial loss or other non-financial loss arising from the disadvantage caused by the HPI and BOQ's obligations as an Australian Financial Services Licensee.

(iii) Possible remediation options considered by BOQ included forgoing a portion of interest received on the loan account on the basis that it did not demonstrate good industry practice; apportionment of interest and fees; working with the customer to reach a suitable payment arrangement; no interest/discounted interest for any repayment arrangement; and entering into an agreement with the customer that limited the amount that BOQ could recover when the customer's property was sold.

15 RCD.0001.0005.0017

CONFIDENTIAL

(d) Implementation of remediation.

96. Over the course of the HPI Retrospective Review Program, 1,804 customers were identified as potentially within scope by reason of being in late stage arrears or having submitted a hardship application.

97. Of those customers, 1,590 were determined to be out-of-scope. Of the 214 customers deemed to be in-scope for retrospective assessment, 65 customers were subsequently referred for review by the Review Panel of which 17 were recommended for remediation. The total value of remediation by BOQ to the 17 customers disadvantaged by BOQ's reliance on HPI was $458,076.07.

Prevention - Changes to BOQ policy

98. The Targeted Review resulted in a number of recommendations being made to BOQ relating to the assessment of living expenses.

99. In June 2013, BOQ's Retail Credit team commenced an assessment of BOQ's approach to serviceability to address issues identified in the Targeted Review.

100. In January 2014, the Executive Committee approved a proposal for Phase One of the Serviceability Refresh, which included the:

(a) transition from HPI to HEM, categorised by geography and income for the calculation of living expenses; and

(b) commencement of the capture of serviceability data for APRA reporting purposes.

101. Phase One was implemented on 24 November 2014.

102. Phase Two of the Serviceability Refresh was considered by the Committee in December 2014 and included a proposal to change BOQ policy to adopt the higher of customer declared expenses or HEM for the assessment of living expenses and serviceability. The proposal was ultimately approved in February 2015.

103. On 18 May 2015, BOQ amended its serviceability policy to adopt the higher of customer declared expenses (the collection of which was now required as part of BOQ's loan application document) or HEM for the assessment of living expenses as the basis of the serviceability calculation. Where appropriate, further enquiries are made to clarify discrepancies that are detected.

Prevention - Communication and education

104. From 31 October 2015, the Serviceability Worksheet Guide was updated and a learning module was developed on "How to use serviceability worksheet". The module was made available in "GROW", BOQ's Learning & Development platform, to a targeted audience (ie Lenders, Retail Lending Support, Credit Assessment, and Broker Sales Unit). Completion of this GROW Module was a mandatory requirement for the targeted audience.

105. A communication plan was developed and implemented, which included two phases of communication:

(a) The first communication was effective 3 November 2014, and notified the targeted audience of the requirement to complete the GROW Module and attached a Learning Brief which detailed the key changes.

(b) The second communication was effective 24 November 2014, and detailed the associated changes to the Home Loan and the Personal Lending Policy.

16 RCD.0001.0005.0018

CONFIDENTIAL

Conduct in the branch network

The conduct

106. As described above, BOQ has a network of corporate and OM branches. Consistent with the wider banking industry, the number of branches in the BOQ network has been declining in recent years. Currently, BOQ has 187 branches and centres in Australia (including 75 corporate branches and 103 0 M branches).

107. Like all banks with a branch network, BOQ has identified a number of instances where persons within its branch network have, or are suspected to have, engaged in misconduct or conduct that falls below community standards or expectations. This conduct ranges from bullying and breach of BOQ policies to forgery and theft. BOQ has during the period terminated a number of employees and OMB agreements for a range of conduct issues.

108. We do not propose to traverse the details of each of the issues which occur at a branch level in this response due to confidentiality obligations and privacy concerns. Should the Royal Commission require further information, BOQ is prepared to arrange a meeting to discuss these issues.

Inquiries, investigations or proceedings

109. BOQ has referred a number of matters involving possible misconduct to the appropriate regulators or law enforcement authorities, and has cooperated fully with any subsequent investigations. A number of these investigations are ongoing.

Framework in which conduct occurred

110. In all banking organisations, there is a risk that, despite the best efforts made to deter, detect and prevent misconduct it may nevertheless on rare occasions occur at a branch level by reason of failures to comply with a bank's policies, procedures or systems, or the deliberate actions of individuals in taking steps to circumvent them. BOQ is constantly seeking to improve its policies, procedures and systems to mitigate this risk.

Remediation and prevention

Remediation of customers

111. In circumstances where customers have been affected as a result of the issues that can arise at a branch level, BOQ has, in appropriate circumstances, taken steps to remediate the affected customers. These steps include:

(a) reimbursement of funds transferred without authority;

(b) reimbursement of interest and fees; and

Action taken in response to identified issues

112. Where BOQ becomes aware or has reason to suspect that an employee of a BOQ corporate branch has engaged in any conduct that may give rise to concern, it investigates and addresses the issue in accordance with BOQ's policies.

113. Where BOQ becomes aware or has reason to suspect that a person employed in an OM branch has engaged in any conduct that may give rise to concern, BOQ's Franchise Services team deals with such matters in accordance with BOQ's Consequence Management Procedure (CMP). The CMP applies when an OM has not followed BOQ's policies and procedures and BOQ wishes to sanction the OM in an appropriate, fair and consistent manner.

17 RCD.0001.0005.0019

CONFIDENTIAL

114. The attendees at the Consequence Management meetings make determinations of the appropriate consequence based on factors including self-reporting of the issue, the context of the behaviour, past behaviour and legal or regulatory factors. The consequence is determined by agreement between meeting attendees, which includes representatives from Franchise Services, Group Compliance, Legal, Group Operational Risk and Group Security and Business Resilience.

115. Where the OM fails to remedy a breach, or the breach is irremediable, BOQ will consider exercising its rights to terminate the OM agreement by which the branch is operated or otherwise bringing the relationship with the OM to an end.

116. In addition, BOQ's Group Security and Business Resilience unit conducts investigations into allegations of serious misconduct that may occur at a branch level.

Prevention of future issues

117. Over the past ten years, BOQ has been continually strengthening its policies, procedures and systems to reduce instances of misconduct occurring within its branch network. Examples of steps taken are set out below.

Owner Manager Branch (OMB) Accreditation Process

118. In 2008, the OMB Accreditation Process was amended to incorporate more comprehensive background and credit checks, a fit and proper person questionnaire, reference checks, and detailed reviews of business plans supplied by OM candidates.

119. Since 2008, BOQ has further refined the OM B Accreditation Process on a number of occasions. In late 2014, the OMB Accreditation & Renewal Policy was amended to introduce the following requirements:

(a) a requirement for four senior managers within the Group Risk division and three senior managers from the Retail Banking division to sign off on new OMB candidates. If approval is not unanimous, the accreditation decision is escalated to the Group Executive Retail Banking and the Chief Risk Officer; and

(b) a requirement for BOQ to conduct the same checks for OMBs when renewing OMB Agreements as for new OM candidates, including current background and credit history checks and fit and proper person questionnaires.

OMB agreement

120. In 2014, BOQ updated its standard OMB agreement across a number of areas, incorporating clearer financial consequences for OM non-compliance and defining "no commission transactions" for the OM. BOQ started using the updated agreement at the start of 2015.

121. The predominant drivers for this change were:

(a) The introduction of the new Franchising Code of Conduct (Code) which took effect from 1 January 2015, and required BOQ to review the OMB agreement for compliance with the Code.

(b) The desire to enhance the OMB needs based sales and service model to facilitate appropriate customer cross-sell opportunities, which (consequently) required the implementation of an aligned commission model. This model adopted a balanced scorecard approach, assessing the OM's performance (and commission opportunity) across a number of metrics including those relating to appropriate risk and compliance behaviours.

(c) A bank-wide focus on "doing the right thing", which resulted in linking the CMP with the OM's balanced scorecard. This had the effect of reducing the OMs' commission

18 RCD.0001.0005.0020

CONFIDENTIAL

opportunities where breaches of policies or procedures occur. Since implementing this change, BOQ has observed a significant reduction in the number of breach notices issued and a considerable uplift in OMB audit results.

Monitoring of branches

122. BOQ monitors the OMBs in accordance with its M&S framework. This monitoring includes specific activities for the OMs (reflecting the nature of their relationship with BOQ) including:

(a) a requirement for all OMs to complete an OMB Annual Review questionnaire, that incorporates a compliance attestation. Any issues or concerns arising from an Annual Review are escalated accordingly.

(b) a quarterly OM review process that includes compliance, conflicts and governance checks as well as training and coaching exercises.

(c) a quarterly OM financial strength assessment, based on the branch's overall performance and the OM entity's financial information. BOQ also reviews information as part of the BOQ half-year and end-of-year audited financial statements.

Management of branch issues

123. Since 2008, the CMP has continued to evolve. It now involves representatives from various key departments and meets more regularly to ensure prompt determination and application of breach consequences.

124. In 2012-2013, BOQ established OMB Interlock meetings, as a monthly forum between the Retail and Group Risk teams to discuss matters of non-compliance or OM financial stress and determine agreed actions to resolve these issues.

125. BOQ has also established an Ethics Committee to consider and determine, amongst other issues, matters of an ethical nature within the branch network.

Training

126. Since 2008, BOQ has maintained training and coaching programs for its retail branch staff. More recently, BOQ's training initiatives have included the introduction of:

(a) retail branch coaches (RBC) to help improve the skills and capability of branch staff, and provide ongoing risk and compliance support (including targeted coaching programs). BOQ collects feedback from the RBC to help inform process improvements and identify required system enhancements;

(b) a 12 month coaching program called Fitter4Biz to build branches' capability to run a sustainable business. Fitter4Biz provided branch staff with guidance on core business functions such as business and strategic planning, risk management, financial management and decision-making, and management and leadership operations; and

(c) the Customer Heartbeat program in order to drive a common approach to service excellence across BOQ. Customer Heartbeat is a behaviour and mindset training approach which focuses on developing a customer centric culture through regular coaching and feedback sessions, and sharing learnings with peers.

19 RCD.0001.0005.0021

CONFIDENTIAL

Anti-Money Laundering I Counter-Terrorism Financing (AML I CTF)

The conduct

127. As with all financial institutions, BOQ faces a risk of customers potentially engaging in money laundering or terrorism financing. BOQ is committed to meeting its obligations under Australian law to deter, detect and prevent such conduct.

128. Since 1 January 2008, a number of circumstances have given rise to action within BOQ in relation to AML I CTF matters. The circumstances are described generally below.

Branch conduct

129. BOQ has over the past ten years identified circumstances in which individuals at branches engaged, or were suspected to have engaged, in conduct giving rise to possible AML/CTF risk including:

(a) collecting insufficient customer identification for certain accounts;

(b) structuring cash deposits to avoid triggering reporting thresholds under s 43 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth);

(d) associating with suspected criminal enterprises.

130. These circumstances did not result in any loss to customers, however have been reported to AUSTRAC (where applicable) in accordance with BOQ's AML/CTF obligations.

Money Market Deposit Accounts (MMDA) and DOH accounts

131. As explained in the section relating to MMDA accounts and DOH, following the collapse of the Sherwin Group, AUSTRAC undertook an investigation in relation to M MDA accounts and AML/CTF.

Threshold Transaction Reporting

132. Between 2010 and 2016, BOQ used an automated transaction monitoring system called 'SAS AML' which obtained data from BOQ's core banking system. In 2015, BOQ discovered that certain transactions recorded in BOQ's core banking system were not replicated in SAS AML. BOQ promptly initiated an investigation to determine the cause and extent of the issue.

133. The investigation revealed that:

(a) transactions that occurred on the day of account closure were not flowing through to SAS AML; and

(b) a small number of technical transaction codes were being rejected by SAS AML.

134. As a result, Threshold Transaction Reports (TT Rs) were not lodged for approximately 3, 700 cash transactions for amounts over $10,000 between 2010 and 2015.

135. This matter was remediated under the supervision of AUSTRAC and a new monitoring tool was implemented using the services of lndue Pty Ltd. The TT Rs for the 3, 700 cash transactions were subsequently lodged with AUST RAC (as referred to in paragraph 141 ).

Inquiries, investigations or proceedings

136. In response to the AUSTRAC investigation in relation to MMDA accounts, in September 2015 BOQ commenced an AML Money Market Deposits Account project. The project strengthened 20 RCD.0001.0005.0022

CONFIDENTIAL

controls, documentation, processes and procedures for AML/CTF compliance with reference to MMDA.

137. Given the ongoing investigations and proceedings referred to above, BOQ is not in a position to detail the AUSTRAC investigation in relation to MMDA and DOH in writing but welcomes the opportunity to discuss these matters with the Royal Commission following any required notification to the relevant regulators.

138. In addition, BOQ promptly informed AUSTRAC when it became aware of the TTR issue outlined above, and wrote to AUSTRAC detailing the outcome of its investigation and planned steps to resolve the issue in October 2015. BOQ subsequently provided AUSTRAC with regular updates on the progress of this resolution.

Framework in which conduct occurred

139. The risks associated with money laundering and terrorism financing are present across the banking industry.

Remediation and prevention

140. The circumstances outlined above did not require any remediation in respect of customers as they did not have any impact on customers of BOQ.

141. In respect of the TTR issue discussed above, BOQ identified the cash transactions for amounts over $10,000 that had not been captured in SAS AML and lodged TTRs for each of these transactions in early 2016.

142. Further, in July 2016 BOQ implemented a new automated transaction monitoring system called PRM supplied by lndue Limited. PRM is a more advanced AML/CTF system which allows the implementation of rules that are better suited to BOQ's operating environment. PRM also allows BOQ to merge other parts of the BOQ business into the automated transaction monitoring system.

143. BOQ has also taken actions to improve its processes and controls in relation to AML to ensure compliance with AML/CTF requirements and to avoid any circumstances of concern arising, namely:

(a) In September 2015 BOQ commenced a specific project in relation to AML and MMDA.

(b) In March 2016, BOQ commenced a broader "Everything That's AML" Program (ETA). AUST RAC has been updated on the ET A project deliverables and status of the project as it progresses. The progress is described in summary below.

(c) The primary objective of the ETA is to develop and implement an enhanced and robust operating model allowing improved governance for compliance with the AML/CTF requirements. This includes approval and implementation of an updated AML/CTF Program.

(d) The ETA project has completed:

(i) phase 1, which delivered a review of BOQ's current AML Program and a gap analysis; and

(ii) phase 2, which delivered program, process and system enhancements and developments identified in phase 1.

( e) The ET A project has now delivered the following outcomes:

(i) review of AML/CTF program and controls;

21 RCD.0001.0005.0023

CONFIDENTIAL

(ii) design and implementation of frameworks and controls;

(iii) design and implementation of technical solutions for customer risk rating and ongoing customer due diligence for customers in the BOQ core banking system; and

(iv) integration of all BOQ entities into the one AML tool for automated transaction monitoring.

(f) Phase 3 of the ET A project commenced in December 2017 and will deliver further enhancements by October 2018, including enhanced employee due diligence and training (which is currently in progress) and the extension of ongoing customer due diligence to all BOQ customers.

Human Resources

The conduct

144. Like any organisation, BOQ has identified instances over the past ten years where its employees, OMs or the OM's employees have engaged in various forms of misconduct or conduct that has fallen below community standards or expectations. These include bullying and theft.

145. We have not attempted to traverse the details of employee-related conduct in this correspondence for the reasons mentioned earlier and also due to confidentiality obligations and privacy concerns. If it would assist to meet to discuss this further, please do not hesitate to let us know.

Framework in which conduct occurred

146. BOQ requires its employees, OMs and the OM's employees to comply with a number of policies and standards, including the BOQ Code of Conduct. Notwithstanding this, employee related misconduct is present across the finance and banking industry, and, indeed, across all large enterprises.

Remediation and prevention

147. Human Resources addresses issues relating to employee conduct under BOQ's Performance Management Standard.

148. Where a BOQ employee is failing to meet the required standard of conduct or behaviour, an informal counselling process is often the first step, however this is dependent upon the nature of breach. Where relevant, this involves the employee's manager informing the employee of the issue, allowing the employee to respond and developing a plan to remedy the situation.

149. If insufficient improvement is identified, or the matter is a serious conduct breach, the manager may commence formal performance management in consultation with Human Resources. This will include issuing the employee with a Notice of Formal Meeting outlining the allegations. At the Formal Meeting, the employee is given the opportunity to respond to the allegations.

22 RCD.0001.0005.0024

CONFIDENTIAL

150. Where Human Resources and the employee's manager consider that the employee's response to the allegations does not adequately explain or excuse their behaviour, potential outcomes may include:

(a) further investigation;

(b) training and coaching;

(d) a formal warning letter (First, First and Final or Second and Final); or

(e) termination of employment.

151. BOQ has also taken continual steps to improve its procedures, policies and systems to prevent employee-related misconduct. These steps include:

(a) BOQ requires all employees to comply with its Code of Conduct (as well as a suite of policies and procedures). In addition to the steps taken under the Performance Management Standard outlined above, breaches of the Code of Conduct may impact the employee's performance review and any incentive payments. The Code of Conduct has been in place for over 15 years and is reviewed and updated on an annual basis.

(b) In early 2015, BOQ established an Ethics Committee, chaired by the Chief Risk Officer. The Ethics Committee meets monthly to review and discuss specific ethical issues as they arise, and to analyse trends to identify and address future risks.

152. Upon the commencement of employment and thereafter on an annual basis, all employees, OMs and employees of OMs, are required to undertake a compulsory suite of training which clearly outlines the standards of behaviour required by all. Each module has an assessment component and all employees must successfully complete these. Where an employee has not completed their training they are ineligible for any bonus payments that may otherwise have been paid.

153. Various programmes are in place to celebrate and communicate examples of good conduct, such as the Prove Its Possible Awards, which celebrate employees who strongly demonstrate the BOQ values of Integrity, Collaboration, Impact and Passion.

Financial Ombudsman Service Complaints

The conduct

154. Approximately 3,200 external dispute resolution cases involving the Financial Ombudsman Service (FOS) have been brought against BOQ in the period 2009 to 2017 (records were not, in the time available to provide this response, identified for 2008).

155. The matters the subject of FOS complaints range from issues that, even if substantiated, would not respond to Questions 1 and 2 through to cases involving allegations in relation to responsible lending, misleading and deceptive conduct, transfers without customer authority, and poor administration causing delays in settlement.

Framework in which issue occurred

156. All financial services and credit licensees are required to have a compliant dispute resolution system in place that provides for escalation of customer disputes to an external dispute resolution body. BOQ has such a system.

23 RCD.0001.0005.0025

CONFIDENTIAL

Remediation and prevention

157. BOQ compensated each customer affected in the cases where FOS ruled in the customer's favour. This compensation involved:

(a) refunding interest, fees and any other charges;

(b) reducing the principal lending amount; and/or

158. BOQ employees or Owner Managers identified as or suspected of engaging in the misconduct outlined at paragraph 155 above are investigated and disciplined in accordance with BOQ's Performance Management Policy or CMP (which are discussed in the Human Resources and Conduct in Branch Network sections).

159. In March 2017, BOQ appointed a Customer Advocate who, amongst other things, will examine BOQ's complaints handling procedures and provide recommendations for improvement.

St Andrew's and Distribution Arrangements

160. St Andrew's Australia Services Pty Ltd, St Andrew's Life Insurance Pty Limited and St Andrew's Insurance (Australia) Pty Ltd (collectively, St Andrew's) are subsidiaries of BOQ. St Andrew's manufactures and/or distributes various insurance products through BOQ and a range of third parties.

161. As noted at paragraph 11 above, BOQ is constrained in providing this response by confidentiality obligations to third parties arising in contract. Contractual confidentiality obligations of this kind are contained in the arrangements between St Andrew's and third party distributors of its products.

162. The confidentiality provisions do not apply to disclosures required by law or by regulators. Where issues have arisen in relation to any St Andrew's products manufactured for or distributed by third parties, St Andrew's has complied with its mandatory reporting obligations and with any requirements or requests from regulators. St Andrew's has also engaged with the relevant third parties in connection with any requirements or requests from regulators.

163. BOQ and St Andrew's have been enhancing the oversight of the third party distributors with which they have arrangements to aid in the prevention and/or early detection of any issues associated with selling practices or other conduct.

164. BOQ and St Andrew's would welcome the opportunity to provide further detail of issues that have arisen in relation to third party distributors in circumstances which will not risk the breach of any contractual confidentiality obligations.

0 MB Litigation

165. As explained above, BOQ's branch network is comprised of both corporate branches and franchises, referred to as OMBs. The manager of each OMB is required to be a director and shareholder of the franchisee corporation.

166. Between 2006 and 2014, disputes arose between BOQ and a small proportion of OMBs in relation to the relationship between BOQ and those OMBs. The disputes did not concern any conduct directed towards customers. BOQ is including these disputes in this response to the Royal Commission for the sake of completeness given that they are on the public record and, while they are commercial disputes in nature, they did contain some allegations of misconduct.

24 RCD.0001.0005.0026

CONFIDENTIAL

167. The disputes gave rise to three sets of proceedings:

(a) proceedings brought by 11 New South Wales OMBs in various courts (including the Supreme Court of Queensland, the Federal Court of Australia and the Industrial Relations Court) and cross vested to the Supreme Court of New South Wales ( NSW OMB proceedings);

(b) proceedings brought by the Owner Managers of the Geelong branch in the Supreme Court of Victoria (Geelong proceedings); and

(c) Proceedings brought by the Owner Manager of the Hawthorn branch in the Federal Court of Australia (Hawthorn proceedings).

168. The allegations in the NSW OMB proceedings largely related to alleged conduct before 1 January 2008, particularly alleged conduct in re lation to the establishment of the relevant branches. The proceed ings also included limited allegations in relation to conduct occurring after 1 January 2008, namely that BOQ had engaged in unconscionable conduct in its dealings with a number of Owner Managers, in some cases after 1 January 2008. All allegations made against BOQ in the NSW OMB proceedings. were found to be unsubstantiated at trial. 15 This was affirmed on appeal 16

169. In the Geelong and Hawthorn proceedings, there were allegations that BOQ in dealings with Owner Managers in respect of the tvvo branches had engaged in:

(a) misleading and deceptive conduct;

(b) unconscionable conduct; and/or

170. The allegations in the Geelong Proceedings were found to be unsubstantiated,17 while the dispute in relation to the Hawthorn branch did not proceed to trial.

If it would assist the Royal Commission, we vvould welcome the opportunity meet to discuss in more detail any of the matters the subject of this response.

The Royal Commission may contact Michelle Thomsen, General Counsel and - if it requires fu rther information.

Yours faithfully

Jon Sutton Michelle Thomsen Managing Director and Chief Executive Officer General Coun sel

15 Traderight (NSIA? Ptd Ltd vBank of Queensland Limited [2014) NSWSC 55.

•• Traderight (NSW) Pty Lid v Bank of Queensland Ltd [2015) NSWCA 94.

17 Ellis and MacFayden v Bank of Queensland (2015) VSC 2.

25 RCD.0001.0005.0027

CONFIDENTIAL

Annexure A

List of entities comprising BOQ as at 25 January 2018

St Andrew's Australia Services Bank of Queensland Limited BQL. Management Pty. Ltd. Pty Ltd ACN: 009 656 7 40 ACN: 081 052 342 ACN: 097 464 616 ABN: 32 009 656 7 40 ABN: 87 081 052 342 ABN: 75 097 464 616

BOQ Asset Finance & Leasing Pty St Andrew's Insurance BQ.L Nominees Pty. Ltd. Ltd (Australia) Pty Ltd ACN: 009 704 081 ACN: 07 4 206 634 ACN: 075 044 656 ABN: 33 009 704 081 ABN: 79 07 4 206 634 ABN: 89 075 044 656

St Andrew's Life Insurance Pty BOQF Cashflow Finance Pty Ltd BQL Properties Pty Ltd Ltd ACN: 062 762 921 ACN: 009 953 806 ACN: 105 176 243 ABN: 68 062 762 921 ABN: 72 009 953 806 ABN: 98 105 176 243

Home Credit Management Pty Virgin Money (Australia) Pty BOQ Credit Pty Limited Ltd Limited ACN: 080 151 266 ACN: 009 108 123 ACN: 103 478 897 ABN: 92 080 151 266 ABN: 84 009 108 123 ABN: 75 103 478 897

Home Financial Planning Pty Virgin Money Financial BOQ Equipment Finance Limited Ltd Services Pty Ltd ACN: 008 492 582/ NZ: 960402 ACN: 009 055 136 ACN: 113 285 395 ABN: 78 008 492 582 ABN: 92 009 055 136 ABN: 51 113 285 395

Virgin Money Home Loans Pty BOQ Finance (Aust) Limited Hunter Leasing Pty Ltd Limited ACN: 065 745 735 ACN: 001 112 607 ACN: 117 183 623 ABN: 56 065 7 45 735 ABN: 90 001 112 607 ABN: 81117183623

Newcourt Financial (Australia) BOQ Funding Pty Limited Alliance Premium Funding Pty Limited ACN: 079 936 495 Limited ACN: 069 951 051 ABN: 35 079 936 495 NZ Company Number: 5705689 ABN: 20 069 951 051

Pioneer Permanent Pty Ltd BOQ Home Pty Ltd BOQ Finance (NZ) Limited ACN: 087 652 042 ACN: 051 900 380 NZ Company Number: 708549 ABN: 36 087 652 042 ABN: 72 051 900 380 Queensland Electronic BOQ Share Plans Nominee Pty Ltd Switching Pty. Ltd. ACN: 102 803 261 ACN: 003 027 503 ABN: 87 102 803 261 ABN: 11 003 027 503

StateWest Financial Planning BOQ Specialist (Aust) Limited Pty Ltd ACN: 071 292 594 ACN: 009 137 508 ABN: 55 071 292 594 ABN: 32 009 137 508

StateWest Financial Services BOQ Specialist Pty Ltd Pty Ltd ACN: 110 704 464 ACN: 087 651 885 ABN: 94 110 704 464 ABN: 71 087 651 885