Representative Supervision & Monitoring Framework

Publish Date 1/03/2017

Version No. 6.0.0

Status Final

Document Owner Maria Lykouras General Manager, Advice Licensee Services

Security Classification Confidential

CBA.0001.0080.1306

CBA.0001.0080.1307

Approver/Reviewer List

Name Position & Business Unit Responsibility Maria Lykouras General Manager, Advice Licensee Services, Wealth Approver

Management Advice

Therese Nguyen Head of Risk Management & Compliance, Financial Wisdom, Reviewer Wealth Management Advice

Lisa Chambers Executive Manager CFP Advice Support, Commonwealth Reviewer Financial Planning, Wealth Management Advice

Amanda Penkin Senior Executive Risk Management and Compliance, Count Reviewer Financial, Wealth Management Advice

Tracey Henry Executive Manager Advice Solutions, Advice Licensee Reviewer Services, Wealth Management Advice

Paula Draney Executive Manager Quality Advice Assurance, Advice Reviewer Licensee Services, Wealth Management Advice

Renita Vink Executive Manager, Business Delivery, Advice Licensee Reviewer Services, Wealth Management Advice

Eve Ishak Executive Manager, Compliance, Wealth Risk Management Reviewer

W illiam Fitzgerald Senior Manager, Advice Governance, Advice Licensee Reviewer Services

Jennifer Heasman Executive Manager Operational Risk, Advice Licensee Reviewer Services, Wealth Management Advice

Vers ion Contro l

Vers ion No. Issue Date Author Changes

Version 1.0.0 19 July 2012 B. Pietsch n/a

Version 1.0.1 - B. Pietsch 1. Section 1 - Updated to include how the

document wi ll evolve through the lifetime of Program SAM and refreshed each year by

the Business owner 2. Section 2.2 - Definition of Quality Advice

deleted 3. Appendix - removed

Version 2.0.0 1 August 2012 B. Pietsch 1. Minor amendments and updates resulting from Licensee Board discussion

Version 3.0.0 02 Sept 2013 B. Pietsch Annual review and update

Version 4.0.0 31 Oct 2014 B. Pietsch Annual review and update, including Count

Version 5.0.0 31 October J Heasman Annual review and update. 2015

Version 6.0.0 1 March 2017 J Heasman Annual review and update which was due on 31 October 2016, however due to the depth of the review and sign off process it was protracted.

Table of Contents

Table of Contents ....................................................................................................................................................... 3

1. Context ......................................................................................................................................................... 4

2. Purpose and Definition .......................................................................................................................... 4

2.1. Framework purpose .................................................................................................................................... 4

3. Scope ............................................................................................................................................................ 5

4. Framework Principles ............................................................................................................................ 5

4.1. Alignment to Group Standards ................................................................................................................ 6

5. Supervision and Monitoring (SAM) Framework .......................................................................... 6

5.1. Governance ................................................................................................................................................... 6

5.1.1. Policy Framework 6

5.1.2. Risk Appetite Statement 7 5.1.3. Operating Model 7 5.1.4. Licensee Standards 7 5.1.5. Process Management 7 5.1.6. Roles and Responsibilities 8

5.2. Management, Measurement and Systems .......................................................................................... 9

5.2.1. Support Profiles 9 5.2.2. Adviser Support Activities (ASA) 10 5.2.3. Customer Experience testing 11 5.2.4. Conflicts of Interest and conflicted remuneration management 12 5.2.5. Pre-vet and Paraplanning 12 5.2.6. Key Risk Indicators (KRIs) 13 5.2.7. Risk & Control Self-Assessment (RCSA) and Control Assurance Program (CAP) 13 5.2.8. Instance, Issue, Incident and Breach Process (IIIB) 14

5.3. Review and Reporting .............................................................................................................................. 14

5.3.1. Analysis and investigation 14 5.3.2. Reporting to Committees, Boards and Forums 14

5.4. People ............................................................................................................................. 15

5.5. Culture ............................................................................................................................ 15

Appendix A: Glossary ............................................................................................................................................. 1

CBA.0001.0080.1308

1. Context

The vision of the Wealth Management Advice (WM Advice) business is to provide quality advice to customers, by helping secure and enhance their financial wellbeing. To achieve this vision it is essential that an effective risk management framework is embedded to assist in managing internal and external risks, with a view to reduce and manage any adverse impacts on customers, operations and reputation. A key component of the risk management framework within WM Advice is the Representative Supervision & Monitoring Framework (the “Framework”). The Framework supports the strategy of WM Advice through the articulation of minimum standards for those activities which are to be performed in order to monitor and supervise Representatives of the WM Advice Licensees (the “Licensees”) and operations of the businesses.

The Licensees have general obligations under s.912A(1) of the Corporations Act 2001 (Corporations Act). These general obligations are clarified in ASIC Regulatory Guide RG104, as it applies to the framework and the requirement to monitor and supervise representatives.

The Framework is subject to periodic review. The review will consider any changes in the nature, scale and complexity of the WM Advice business; including changes in the operating and regulatory environment and CBA Group (“Group”) requirements.

2. Purpose and Definition

2.1. Framework purpose

The purpose of the Framework is to provide a method for supervising and monitoring representative activities and their WM Advice customer interactions and allows the business to effectively manage risks associated with the provision of advice. The Framework is closely aligned to the Group Operational Risk Management Framework (ORMF) and Group Compliance Risk Management Framework (CRMF) and has been developed with a focus on the four pillars:

1. Governance

2. Management Measurement and Systems

3. Review and Reporting

4. People and Culture

This Framework outlines each of the pillars (as described in figure 1 below) including the techniques and tools designed to adequately supervise and monitor Representative advisers (including servicing planners where relevant). The Framework is the totality of the people, processes, procedures, policies and systems to monitor and supervise the activities of the Representatives in WM Advice. Key terms used in this Framework are documented in Appendix A.

CBA.0001.0080.1309

Figure 1: Adviser Supervision and Monitoring Framework

3. Scope

This Framework applies to the WM Advice businesses covering the following Australian Financial Services Licensees and Business areas:

1. Commonwealth Financial Planning Limited (CFPL), inclusive of Video Conferencing and Advice Essentials (AE)

2. Commonwealth Financial Planning – Pathways (CFP Pathways) 3. Count Financial Limited (Count)1 4. Financial Wisdom Limited (FWL) 5. Advice Licensee Services (ALS)

4. Framework Principles

This Framework is based on the following principles: 1. Foster quality advice outcomes and promote a risk aware culture

2. Operate within the approved risk appetite

3. Provide a qualitative and quantitative view of Representatives for WM Advice

4. Apply a risk-based approach to supervision and monitoring activities

5. Deliver effective risk management

1 Finconnect (who holds an Australian Credit Licence) a wholly owned subsidiary of Count and is not included in this document as the Framework relates to WM Advice AFS Licensees. Finconnect has similar but separate monitoring and supervision arrangements in line with ACL requirements.

CBA.0001.0080.1310

6. Provide reporting to Senior Management, the Licensee Risk Committee and Licensee Advice Boards on the output and execution of the Framework.

4.1. Alignment to Group Standards

Key Group documents that support the Framework include, but not limited to: 1. Operational Risk Management Framework (ORMF)

2. Compliance Risk Management Framework (CRMF)

3. Wealth Management Advice Risk Appetite Statement

4. Wealth Management Advice Risk Management Strategy

5. ORMF How to Guide

6. RCSA Fast Facts

7. CAP Information Pack

8. Issue Management Quick Reference Guide

9. Standard Operating Procedures

5. Supervision and Monitoring (SAM) Framework

This section details the pillars of the ORMF and CRMF and the individual components that make up the SAM Framework.

5.1. Governance

The Governance Framework defines how stakeholders within the Group have oversight of the activities of WM Advice, including supervision and monitoring of Representatives. The accountabilities for the various governance committees are defined in Charters, with work plans defining the regular reporting requirements. The Governance Framework is subject to annual review and approval by the Advice Licensee Board.

The Governance Framework also contains the set of policies and standards that deliver a robust set of boundaries, guidelines and reference points for WM Advice. This includes, but is not limited to, the Risk Appetite Statement (RAS).

5.1.1. Policy Framework

There are key policies (“the Policy Framework”) in place to govern the Licensee businesses and manage key operational and regulatory risks.

The Policy Framework for WM Advice has been articulated through:

Group and Wealth Management policies, standards and frameworks; and Policies or addendums specific to the Licensees where there are requirements not covered under

existing Group or Wealth Management policies, standards, frameworks or addendums. Significant policies within the WM Advice policy framework must be endorsed by the Licensee Risk Committee and approved by the Advice Licensee Board. The EGM WM Advice or the relevant General Manager within WM Advice may approve policies which principally relate to operational requirements of the business. The Policy Framework is reviewed on an annual basis by Wealth Risk Management (WRM) Advice on behalf of the business.

CBA.0001.0080.1311

5.1.2. Risk Appetite Statement WM Advice has a Risk Appetite Statement (RAS) in place. The RAS sets out the principles and boundaries that guide business decision making and effectively manage risk.

Supporting the practical application of the RAS is a set of specific risk limits and tolerances to guide the business in carrying out its operations. These limits and tolerances are established and managed at the Licensee Risk Committee (LRC) level and monitored through Key Risk Indicators (KRIs) and other reporting mechanisms to various stakeholders including the Advice Licensee Board.

In accordance with Group policy, the RAS must be refreshed on an annual basis and the business must monitor material risks arising from business objectives, strategy and the external business and regulatory environment.

5.1.3. Operating Model The Operating Model is a means of defining and communicating a common view of how WM Advice will operate to effectively deliver its strategy, enable business planning and provide management with a consistent and co-ordinated view of its operations.

Key elements of the Operating Model include:

1. Channels, segments and Licensees

2. Organisation structure and related business functions and process

3. High level accountabilities

4. Supporting tools, management and governing functions.

The Operating Model defines how the Adviser Supervision and Monitoring (SAM) Framework and Risk Frameworks relate to each other and are executed in day to day functions within WM Advice.

5.1.4. Licensee Standards The Licensee Standards are a set of principles and standards that apply to all Representatives.

The Licensee Standards provide guidance to Representatives in relation to the provision of quality advice to their customers. The standards are aligned to the relevant financial services laws and obligations that are specific to the WM Advice Licensees, including internal policies, standards and frameworks.

For CFPL, Count, CFP Pathways and FWL, the EGM WM Advice is accountable for the Licensee Standards and the General Manager (GM) Advice Licensee Services is responsible for developing and maintaining the Standards in conjunction with the GM/CEO of each of the Licensees.

The Licensee Standards are reviewed periodically in accordance with the Licensee Standards Review Schedule, which is maintained by Advice Licensee Services (ALS). Reviews may be required outside of the annual review schedule in the event that there is a significant change to financial services laws and regulations, relevant policies and procedures, or significant changes to the business environment.

The GM of ALS is responsible for maintaining a Licensee Standards Review Register, and any changes required to the Licensee Standards.

5.1.5. Process Management Process management underpins the Framework and the ORMF by providing a means of communicating, embedding and controlling key supervision and monitoring processes throughout Wealth Management Advice. Throughout the WM Advice business both the Licensees and ALS have SOPs which outline in more detail how the various supervision and monitoring processes are practically applied.

CBA.0001.0080.1312

CBA.0001 .0080.1313

Processes, including Standard Operating Procedures (SOPs) are reviewed periodically to ensure they remain up-to-date and meet the requirements of the Framework.

5.1.6. Roles and Responsibilities WM Advice makes a firm commitment to each and every customer to provide quality advice. There is an ongoing commitment required from all Authorised Representatives to professionalism and integrity.

Supervising and monitoring representative activit ies, their conduct and their WM Advice customer interactions, allows the business to effectively manage risks associated with the provision of advice. Participation in the supervision and monitoring of representatives is the responsibility of every member of WM Advice to reduce and manage any adverse impacts on customers, operations and reputation.

The WM Advice Leadership team comprised of the EGM of WMA and the respective GM/CE O's, together set and led strategy, frameworks, policies and resources to support the provision of quality advice to customers and are accountable as a Leadership Team and Responsible Managers for the AFS Licences, for their application.

The individual members of CFPL Advice Support, FWL and Count Risk Management and Compliance teams, along with the various Advice Licensee Services teams such as FirstTech, Quality Advice Assurance, PD Operations, Paraplanning, Advice Research and Operational Risk are responsible for the development, execution reporting and continuous improvement of the Supervision and Monitoring (SAM) activities on a regular basis. In addition, Advice Licensee Services perform Key Controls on behalf of the WMA Licensees which are refreshed and reviewed as part of the annual Risk and Control Self-Assessment (RCSA refer to 5.2.7) and also form part of the Controls Assessment Program (CAP refer to 5.2.7).

The primary responsibilities for each key supervision and monitoring activity are set out in the respective operational procedures for that Licensee or Advice Licensee Services team and together the component parts form the Supervision and Monitoring Framework. Below is a list of the respective teams and their applicable operational procedures for which they are responsible and within them are the roles and responsibilities as they apply to this Supervision and Monitoring (SAM) Framework.

Business team Ooerational Policy I Procedure Policy I Procedure Location Quality Advice Assurance Adviser Remediation Operational Policy Group Knowledge

Adviser Support Activities (Bank) Operational Procedure Adviser Suaaort Activities <Non-Bank) Ooerational Procedure

ALS Operational Risk Adviser Early Warning (AEWS) Policy Group Knowledge Adviser Early Warning (AEWS) Operational Procedure Conflict of Interest Operational Procedure Instance. Issue. Incident and Breach Management Operational Procedure Supervision and Monitorina (SAM) Framework

ALS lnvestiaations lnvestiaations Operational Procedure Group Knowledae ALS Business Delivery Mystery Shoooing Operational Procedure Group Knowledge Advice Research Non-Aooroved Products List Operational Procedure Group Knowledge ALS Paraplanning Adviser Paraplanning and pre-vet obligations Operational Group Knowledge

Procedure

CBA.0001.0080.1314

Business Unit Operational Policy I Procedure Policy I Procedure Location ALS Professional Adviser Education Operational Procedure Group Knowledge Development Adviser on-boarding, Maintenance and off-boarding (non-salaried

FWL) Operational Procedure Adviser on-boarding, Maintenance and off-boarding (non-salaried CFP Pathways) Operational Procedure Adviser on-boarding, Maintenance and off-boarding (salaried AE and CFPL) Ocerational Procedure

Licensee Standards Licensee Standards Governance Policy Group Knowledge Financial Wisdom Financial Wisdom AFSL Compliance Standard Operating FWL intranet

Procedure and related Standard Operating Procedures Financial Wisdom Licensee Standards Licensee Intranet

FirstTech Standard Ooeratino Procedures FirstTech Productivitv Hub Count Financial Count AFSL Compliance Standard Operating Procedure and Count Productivity Hub

related Standard Operating Procedures Count Licensee Standards Licensee intranet

CFPL CFPL Licensee Standards Licensee intranet Standard Ooeratino Procedures FPM portal and CFPL intranet

CFP Pathways CFP Pathways Licensee Standards Licensee intranet Standard Ooeratino Procedures

Table 1: Key functions and their respective Operational Procedures

5.2. Management, Measurement and Systems

The Management, Measurement and Systems component of the Framework defines how the WM Advice business supervise and monitor their controls, activities and processes to ensure they are complying with their obligations.

5.2.1. Support Profiles

Support profiles (referred to in the Connect system as Support Needs) are a key component of the Framework and exist to enable the business to identify Representatives that may benefit from a greater level of support. This ensures that organisational resources are directed to the areas where they are most needed in order to support the delivery of quality advice. Support profiles are conducted as follows:

Adviser Support Profiles (for employed and self-employed advisers/planners) Practice Support Profiles (for Count only)

Depending on whether the Representative is employed or self-employed, the type and/or level of data available will vary.

The support profile will combine various sources of qualitative and quantitative data and calculate a support rating according to certain parameters, in accordance with the Risk Appetite Statement (RAS). The quantitative data points are collated from numerous other data sources depending on applicability. e.g. results of previous support activities, Adviser Early Warning System (AEWS), instances, material issues in RisklnSite, customer complaints, customer remediation, one off approvals, adviser queries or consequence management activities. Qualitative assessments are based on what is known or suspected; the experience of the Representative; and feedback received from managers, the Paraplanning and Prevet team, the QAA team and other stakeholders as relevant.

In addition to the above information, for self-employed Representatives, the Adviser and Practice Support Profiles are determined through additional collection of quantitative and qualitative data sources including the Corporate I Authorised Representative Attestation, the PDM Supervision Checklist completed by the Practice Development Manager, and the Business Principal Checklist completed by the Practice Principal. (NB As noted above, practice support profiles are for Count only. In addition, CFP Pathway's PDM's use the full QAA checklist, rather than the PDM Supervision and Business Principal Checklists)

CBA.0001.0080.1315

The Adviser Support Need (ASN) rating determines the type and minimum supervision and monitoring activities required for a Representative, as described in section 5.2.2. The supervision and monitoring activity utilises a risk-based approach to ensure that outcomes which present the greatest risk to the business receive the highest level of focus.

The indicative categories which exist within the profile, for both employed and self-employed Representatives includes:

High need

Medium need

Low Need

Due to one or more factors the Representative requires a higher type and or frequency of support activity to ensure that they are able to deliver quality advice.

Due to one or more factors the Representative requires a mid-range type and I or frequency of support activity to ensure that they are able to deliver quality advice.

Due to one or more factors the Representative requires a low level of support to ensure that they are able to deliver quality advice .

previous review)

4 6

2 6

· Refer to Adviser Support Activities (ASA) Operational Procedures (Bank and Non-bank) for further details. A Where an adviser has less than 6 files available for review since the prior annual audit, all available client files will be reviewed. Note: these categorisations do not necessarily mean that a Representative presents a level of risk to the business that is outside of risk appetite.

The risks associated with a particular Representative can change significantly over time. The Adviser Support Profile is dynamic as it is used to continuously re-assess the level of risk, and change the frequency and nature of supervision and monitoring to effectively manage the risk.

5.2.2. Adviser Support Activities (ASA)

Adviser support activities encompass a mix of activities such as interview observations, file reviews and coaching/training for CFPL and CFP Pathways Representatives. Adviser support activities for FWL and Count consist of activities such as file reviews, PDM file checks and coaching/training. Coaching and training support may consist of guidance on advice strategies and considerations, education on advice documentation and process as well as requiring representatives to undertake refresher training on applicable Licensee Standards.

Representatives are supported by the advice support and risk and compliance teams within the applicable licensees as well as either their FPM or PDM who also participate in delivering adviser support activities. Representatives in all licensees have access to the ALS Licensee Standards, QAA and FirstTech teams in respect to responding to any advice, strategy or process queries (Member Services rather than Licensee Standards in Count).

Count has implemented a process where each Senior Executive has a standing agenda item for meetings with their team so that team members can raise and discuss any concerns that relate to Representatives. Each month, there is a Representative High Focus adviser meeting where significant concerns regarding particular advisers are discussed. Note: any high risk Representative concerns are discussed with Risk Management and Compliance as they occur and do not need to wait for formal meetings. Priority QAA reviews can be requested for high concern Representatives. Additional information in respect to Adviser Support Activit ies can be found in the respective Operational Procedure for Bank or Non-Bank.

For Financial Wisdom and Count, further detail on support activities conducted in accordance with this Framework can be found in the Financial Wisdom / Count AFSL Compliance Standard Operating Procedure and related SOPs. 5.2.2.1. Interview Observations

For CFPL and CFP Pathways, observations are a critical technique in assessing Representative skills in interacting with customers from a qualitative perspective. Observations are carried out by placing an experienced line manager or a QAA in the interview with a customer to observe and assess the Representative’s skills.

The emphasis of interview observations includes:

1. Use of questioning skills to identify the customer’s financial needs

2. Appropriateness and breadth of questioning to gather information for analysis of customer needs

3. Techniques used to test the customer’s understanding of financial planning concepts.

The results of interview observations are formally recorded and lead into a coaching discussion with the Representative. Where there are concerns these are raised formally (according to IIIB policy) and corrective actions such as training or further coaching are managed to completion. Further information on Adviser Support Activities can be found in the Adviser Support Activities Operational Procedures (Bank). 5.2.2.2 File Reviews

A sample of customer files, the number of which is dependent on the Adviser Support Profile, is used to assess the compliance of Representatives with key applicable regulatory obligations, professional standards and business rules, including policies and licensee standards. The selection of customer files for review is informed by Licensee Head Office input, adviser specialisations, data from internal systems and commissions data. The frequency, timing and number of file reviews also is dependent upon the Adviser Support Profile outcomes and specialist accreditations.

Low level and non-significant concerns identified in the course of the file review process are recorded in the Connect system in order to trigger action plans and ensure remediation of identified concerns can be tracked. Count and FWL Representatives with a low advice quality outcome, an additional review of 6 files will occur within 3 months after the action items from the previous review have been completed. As CFPL and CFP Pathways reviews occur quarterly, all representatives are reviewed and those with successive low advice outcomes will be escalated to the licensee for consequence management or further investigation. More significant issues identified in the course of the file review process may be escalated through the Instance, Incident, Issue and Breach (IIIB) process for validation, assessment and resolution and recorded in RiskInSite if required. 5.2.3. Customer Experience testing To complement the review of customer interactions through interview observations, Licensees will also carry out independent qualitative customer experience testing.

There are two main methods which will be undertaken: mystery shopping (all WM Advice Licensees) and customer surveys (for CFPL and CFP Pathways only).

Mystery Shopping is the practice of using individuals looking for financial advice or who have a current financial adviser but would consider changing as shadow shoppers to engage Representatives from nominated Licensees. The mystery shoppers go through the process of making an appointment, meeting with a Representative, discussing their situation, outlining the next steps, assessing the financial adviser’s/planner’s abilities and deciding whether to progress to the next stage of the advice process. The

CBA.0001.0080.1316

mystery shoppers then participate in a survey that provides first hand data relating to their overall experience. The results of the mystery shopping exercise will be available to line managers and the Quality Advice Assurance team to provide input into a Representative’s Adviser Support Profile where relevant and inform required coaching activities. Mystery shopping may also highlight areas of concern in relation to a Representative, practice or Licensee requiring further investigation and escalation. The brief for the third party mystery shopping vendor will be developed to take into consideration known areas of concern in the industry, Group standards, and Licensee Standards and any areas of concern or gaps in intelligence not available from other techniques. 5.2.4. Conflicts of Interest and conflicted remuneration management Monitoring of Conflicts of Interest and the receipt of various forms of potentially conflicted remuneration is conducted within Wealth Management Advice by the Advice Licensee Services (ALS) Operational Risk team on behalf of the Licensees (except Finconnect). Below are high level outlines of each of the processes.

5.2.4.1. Conflicts of Interest and Conflicted Remuneration disclosure Benefits disclosed in WM Advice conflict registers are reconciled on a 6 monthly basis to the registers of our Partners in Education. Instances are raised by the Licensees for benefits that are unable to be reconciled, explained or cause the recipient to exceed the legislated $300 limit. The ALS Operational Risk team also performs non-compliance hotspot analysis and identifies the non-disclosure of repeated low value benefit receipt from the same source. Outcomes of the analysis are reported on a 6 monthly basis to each Licensee Risk Senior Manager. 5.2.4.2. Adviser Pass-through Payments to Financial Wisdom and Count Practices are confirmed to be not passed through to avoid potentially causing conflict within practices or to advisers. 5.2.4.3. Ban on Conflicted Commission (BCC) All transactions paid to advisers are monitored to confirm the grandfathering provisions continue to be complied with. Any transactions unable to be confirmed as not conflicted are forwarded to the relevant product provider to confirm whether or not they are conflicted. 5.2.4.4. Volume Based Transactions Monitoring is conducted to confirm payments received by Licensees based on the volume of business written are compliant with grandfathering provisions within the legislation. ALS Operational Risk maintain a Standard Operating Procedure and ‘How To’ document for each process.

5.2.5. Pre-vet and Paraplanning

5.2.5.1. Pre-Vet WM Advice Paraplanning Team is responsible for vetting certain advice prior to presentation to the customer. This process is designed to ensure that the advice provided is appropriate by adhering to licensee standards/business rules and where any training needs or issues are identified, appropriate feedback and coaching is provided to address and capability or skill gaps.

The Pre-Vet Policy may apply in the following situations:

new planners - joining the Licensee from a non CBA Wealth Management Licensee returning planners - following an extended period of leave greater than twelve months (Manager

discretion).

CBA.0001.0080.1317

consequence management – an adviser may be required to submit advice to Pre-Vet as a result of identified risks or concerns.

specialist accreditations and complex advice – advisers are required to submit advice to Pre-Vet where providing advice in specialist or complex advice areas.

Advisers on Pre-Vet for particular advice types are required to submit all advice for those advice types for assessment. An adviser will remain on Pre-Vet for that advice category until deemed competent by the Pre-Vet team. 5.2.5.2. Paraplanning WM Advice Paraplanning Team may produce Statements of Advice on behalf of Advisers across all Licensees. The WM Paraplanning team helps ensure that personal advice being provided adheres to licensee standards/business rules and where any inaccurate or incomplete information is identified, which could impact the appropriateness of advice, appropriate feedback and coaching is provided to the adviser to address.

CFP Pathways, Financial Wisdom and Count are not mandated to use WM Advice Paraplanning services to produce their SoAs and may engage the services of a Paraplanner within their own practice or use an external Paraplanning service provider. Commonwealth Financial Planning are not permitted to engage the services of a contract or external Paraplanner to create a Statement of Advice (SoA). The Paraplanning team will only generate SoAs and does not create Records of Advice (RoAs) or other advice documents.

5.2.6. Key Risk Indicators (KRIs) KRIs is a measure that monitor changes in the internal and external business environment and the quality of controls. They play an important role by indicating potential high risk areas and providing a warning to Senior Management that risk or control issues may exist within the business and require timely and corrective action. In each case, the tolerances set for KRIs are informed by Group and the Business Unit (BU) RAS.

The KRI tolerance measures are as follows:

1. Green - Acceptable

2. Amber - Watching brief required

3. Red - Unacceptable.

Periodic reporting on KRI monitoring outcomes is tabled at the Wealth Management Advice Leadership Team (ALT) and the Licensee Risk Committee. Where a tolerance level is exceeded, action must be taken to escalate, report and rectify in order to bring the risk within tolerance.

KRI’s must be reviewed at least annually or if there is a significant change in business process, operating activity or risk profile.

5.2.7. Risk & Control Self-Assessment (RCSA) and Control Assurance Program (CAP) The Risk and Control Self-Assessment (RCSA) is a forward-looking assessment process used to identify the operational and compliance risks that exist within the businesses and the evaluation of those risks and key controls. The Controls Assurance Program (CAP) provides assurance over the design and operating effectiveness of key controls that have been identified through the RCSA process.

WM Advice must perform a RCSA for each of the Licensees and support areas. The RCSA documents key processes and assesses the risks and controls within each Licensee’s risk profile. The assessment of risks is undertaken by applying the Group Risk Assessment (5X5) Matrix and the risk rating captured in RiskInSite.

CBA.0001.0080.1318

All areas within WM Advice must review their risk profiles at least annually, or where there is a material change. Updates to the risk profile are made in RiskInSite.

The Controls Assurance Program (CAP) is a process where controls are evaluated for design and operating effectiveness. Through this process, periodic control testing is undertaken on key controls to validate their design and operating effectiveness and to identify any areas of concern that require remediation. The testing frequency is determined by the control method and frequency which the control is performed. Where CAP testing results drive an increase or decrease in the effectiveness rating of a control, the relevant risk owner(s) must be notified to ensure residual risk ratings are still appropriate. All licensees and Advice Licensee Services participate in the RCSA and CAP processes.

5.2.8. Instance, Issue, Incident and Breach Process (IIIB) The Instance, Issue, Incident and Breach (IIIB) process exists to ensure that appropriate and robust procedures are in place for the identification, analysis, recording and management, notification and escalation, and rectification of non-compliance. Management of IIIB can include, but is not limited to, Representative remediation (including potential consequence management), changes to processes, and customer remediation. All licensees and Advice Licensee Services (ALS) apply the IIIB Procedure.

5.3. Review and Reporting

The review and reporting component of the Framework describes a set of analytics, data reports and management reports that confirm supervision and monitoring activities have been appropriately carried out. More importantly, the reporting of supervision and monitoring activity will provide management with information as to the effectiveness of the control environment within the business. 5.3.1. Analysis and investigation The Advice Licensee Services Investigations Team provides a targeted and/or thematic review and investigation service and is skilled in the examination of, and research and enquiry into, a broad range of advice related issues. 5.3.2. Attestations Planner attestations for CFPL are conducted on a half yearly basis. The recipients of the certifications confirm that they have made reasonable enquiries to understand and obtain assurance from their management teams of the operating environment. Attestations for FWL and CFP Pathways are conducted annually, in November for Representatives and in March for practice principles. In addition, the respective PDM’s complete a checklist attestation in March as noted in the Support Profiles section above. 5.3.3. Reporting to Committees, Boards and Forums To maintain an effective risk management framework, the business is responsible for monitoring their internal control environment. Monitoring must be integrated as part of business activities and the results communicated through regular reporting. Reporting activities at all management levels are required to ensure relevant risk and compliance management information is captured, analysed and distributed appropriately across the Group. This will assist management with issue and incident management and contribute to effective decision-making in a timely manner.

The business must provide relevant reports to Management, WM Advice governance forums (Licensee Risk Committee (LRC), Licensee Boards) and the Group on a regular and timely basis to enable Management, the Licensee Boards and/or Board Committees to gain assurance on the overall

CBA.0001.0080.1319

effectiveness of the management of the key risks and controls. Monitoring and Supervision outcomes from the QAA review are communicated to the representative, his/her Line Manager and the respective Licensee Advice Support or Risk and Compliance teams and also to the ALS Operational Risk team to be considered as part of the IIIB process.

Key risk information is made available to management and Governance Committees to ensure transparency risks are known and can be effectively managed. In doing so, WM Advice must adhere to the Group’s escalation and reporting requirements.

5.4. People

WM Advice requires Representatives and staff to maintain a high level of accountability, including the key attributes of honesty, integrity and trust. Representatives are required to adhere to the Group’s Statement of Professional Practice.

Two key components to maintaining high standards for Representatives are Professional Development and Performance Management (for WM Advice staff that supervise and monitor advisers and CFPL planners) or Consequence Management (for Count, Pathways and FWL advisers).

The key principles to Performance Management / Consequence Management for WM Advice Representatives includes:

1. Joint accountability between Financial Planning Managers / Practice Development Managers/ and

Representatives.

2. Performance targets that are clear on what is expected of our salaried Representatives, how they will be measured and how they will be tracked.

3. Aligns with the Group and Advice business culture and values.

4. Encourages frequent, honest feedback and coaching on performance and behaviours.

5. Consequence management for non-adherence to supervision and monitoring requirements.

To ensure a high performance culture across WM Advice, the Performance Management / Consequence Management process must be followed and adhered to in a consistent manner.

Professional Development is key in ensuring Representatives meet a high standard of education and maintain currency of technical knowledge, build new skills and grow their capabilities. Training plans are in place for Representatives that provide ongoing training in key knowledge areas of advice. Specialist accreditations are also available for Representatives in specialised advice areas. Reporting of ongoing training and accreditations is provided to WM Advice on a quarterly basis, which allows for monitoring the continuous education of Representatives. Another element of the professional standards requirements for Representatives is the obligation to hold a current membership of an approved financial services industry association. Being a member of a professional body requires Representatives to make a commitment to meeting the relevant Code of Conduct or Standards of the association that they join and act in accordance with the professional obligations. A list of approved associations can be found in the Adviser Education & Registrations Licensee Standard.

5.5. Culture

The WM Advice culture is to balance reward against taking risks that are within appetite, to support the Group’s aspiration of achieving sustainable growth in shareholder value at a rate equal to or above the best of its peers. This desired culture is underpinned by a belief that risk management adds value to WM Advice and that individuals personally perform an important role in identifying and managing risk. Each

CBA.0001.0080.1320

individual has accountability for identifying and managing risk. The roles and accountabilities for managing risk within the business are defined using the ‘Three Lines of Defence’ model. The ability to identify, measure and manage risk of all types is a critical success factor for WM Advice. Success is not only measured by the creation of sustainable shareholder value but also by a reputation for customer service and integrity as a trusted financial services provider.

To achieve this, WM Advice will:

1. Promote and reinforce a “safe to speak up” culture that encourages and welcomes rapid escalation of

risks and issues.

2. Take full ownership of risk within the business that is consistent with the Group’s ‘Three Lines of Defence’ model for risk accountability.

3. Strive to operate responsibly, provide customers with quality advice, meet customer service standards and maintain high professional standards and business ethics.

4. Diligently strive to protect and enhance the reputation of the business, being intolerant of regulatory and compliance breaches.

5. Create awareness among employees of the material risks associated with the provision of advice.

6. Develop KPIs and agreements that are intended to motivate Representatives and adviser support teams to provide quality advice to customers.

7. Employ performance/consequence management for non-adherence to supervision and monitoring requirements as they have the potential to damage the relationship with our customers and our reputation.

CBA.0001.0080.1321

CBA.0001.0080.1322

Appendix A: Glossary

The table below provides a description of acronyms, abbreviations and systems that are used in this document.

Acronym I Description or Meaning

Abbreviation

AFSL Australian Financial Services Licence

Connect Wealth Management Advice team system used to store instance data

EGM Executive General Manager

FPM Financial Planning Manager

lllB Instance, Issue, Incident and Breach process

Line Manager A person who has staff reporting to them and may include an Executive Manager, Area Business Coordinators of Advisers, FPM, PDM and line managers of support staff.

PDM Practice Development Manager

QAA Quality Advice Assurance

A person or corporate who is authorised by the applicable Licensee and includes the following:

• Financial Planner

• Financial Adviser Representative

• Corporate Authorised Representative

• Authorised Representative

• Sub-authorised Representative

• Accounting Authorised Representative

Risk lnSite Group compliance system for maintaining Incident and Issues

SAM Supervision and Monitoring

WRMAdvice Wealth Risk Management Advice

For an explanation of additional acronyms used in this document, please refer to the CBA Glossary (Wiki).