Press releases
Upholding Individual Accountability to Promote Risk Culture and Conduct in Financial Institutions
KUALA LUMPUR, 11 October 2024 – In an era of heightened scrutiny and global regulatory shifts, individual accountability in financial institutions is increasingly critical. Recent scandals, ranging from corporate misconduct to financial mismanagement, reveal the devastating consequences when those at the top fail to implement reasonable steps or maintain proper oversight.
This spans from high profile cases such as the collapse of Lehman Brothers, which played a major role in the 2008 financial crisis; the London Whale incident, where JPMorgan Chase incurred $6.2 billion in trading losses due to risky derivatives trading; and the Wells Fargo account fraud scandal, where employees created millions of unauthorised accounts to meet sales targets, resulting in customers being charged fees on accounts they never opened.
Estimates suggest that affected customers collectively lost hundreds of millions of dollars due to unauthorised transactions and fees stemming from such scandals. These scandals exemplify how the lack of accountability can culminate in severe repercussions for both the financial institutions and the public.
Locally, recent enforcements by Bank Negara Malaysia (BNM) highlight the critical role of individual accountability within financial institutions, particularly in light of fines imposed on 18 banks for non-compliance with the Financial Services Act 2013 (FSA) and the Islamic Financial Services Act 2013 (IFSA). In 2024 alone, BNM has taken 5 enforcement actions, resulting in penalties totaling RM 9.8 million, with the highest penalty being RM 2.1 million issued to a single bank1. These penalties, which stem from a range of misconduct—including failures in timely data submissions, anti-money laundering compliance, and technical non-conformities—underscore the need for clear accountability at all levels of leadership. As the focus on personal responsibility intensifies, the financial services industry contends with a new challenge - creating a culture where clear accountability is embedded at every leadership level.
“The financial services industry is one of the most tightly regulated sectors. Regulations are in place to ensure that we operate responsibly, protect public interest, and prevent systemic failures. However, regulation alone is not enough. Trust in our institutions depends heavily on the understanding that there are clear lines of responsibility — that the right individuals are accountable for critical decisions.” shared Datuk (Dr) Nora Abd Manaf, former Group Chief Human Capital Officer Maybank, in her keynote address at Deloitte Malaysia's Regulatory Talk.
Held recently at the Deloitte Kuala Lumpur office, the session provided a platform for industry leaders to explore the requirements of the BNM Responsibility Mapping policy document, and how it can transform the future of governance in financial institutions. The talk offered a comprehensive look at how institutions can prepare for and embrace individual accountability, with practical insights from experts who have already navigated similar changes.
What is Responsibility Mapping?
“Responsibility mapping isn’t just about ticking off tasks. It’s about embedding accountability into the DNA of every leader, creating a culture where governance and performance go hand in hand. When leaders truly embrace their roles, financial institutions become more resilient, proactive, and better equipped to manage risks,” said Dr Justin Ong, Regulatory & Financial Risk Leader, Deloitte Southeast Asia.
In the policy document, BNM has observed gaps in relation to how management at the senior level manages supervision and oversight, which resulted in heightened risk exposure to the financial institutions. This situation highlights the need for clearly defined roles and responsibilities, ensuring they are assigned to senior managers who have the right skills and appropriate authority to manage their duties properly.
Responsibility Mapping, as outlined, serves several crucial purposes in the governance of financial institutions:
- Clear allocation of responsibilities – This ensures that every function within the institution, as mandated by law or regulations, is clearly assigned to specific members of senior management. This clarity helps in preventing ambiguity with each aspect of the institution’s operations having accountable oversight.
- Strengthening accountability – With clearly defined roles and responsibilities, there will be more accountability among senior management. This is particularly important in scenarios involving shared responsibilities, collective decision-making processes, and complex reporting structures within large groups. It helps in avoiding gaps or overlaps in oversight and decision-making.
- Effective risk management – By aligning the allocation of responsibilities with the institution's size, scale, and complexity, this ensures that senior management roles are compatible with the institution's risk management framework, enhancing overall operational resilience and compliance.
Additionally, clear documentation of these responsibilities fosters transparency in governance and accountability. It facilitates meaningful engagements with the board and regulators, allowing them to understand and assess the institution's operations, decision-making processes, and compliance with regulatory requirements more effectively.
As financial institutions prepare for the 2026 implementation of BNM Responsibility Mapping, it is clear that individual accountability is not just about compliance, but also about cultivating a sustainable culture of integrity, ownership, and responsibility.
Navigating the implementation
“The common challenges we’ve observed among our clients in the financial services industry often involve unclear reporting lines from matrix structures, shared responsibilities that blur individual accountability, and gaps in management oversight. An appropriate implementation plan is essential to reinforce clarity on roles and responsibilities, ensuring no blind spots or overlaps when individuals discharge their duties,” said Wong Nai Seng, Financial Services Industry Regulatory Strategy Leader, Deloitte Southeast Asia.
With the policy document set to take effect on 1 January 2026, most financial institutions have taken a proactive approach to assess and refine their governance structures. The implementation of this framework demands a collaborative effort across the Board, the CEO, and Senior Officers, each playing a critical role in embedding accountability into the fabric of the institution.
Leadership buy-in is pivotal to the success of this initiative. The Board must set the right tone at the top and ensure that the overall governance framework supports the allocation of responsibilities. The CEO is responsible for ensuring that these responsibilities are assigned to Senior Officers who are fit and proper for their roles. In turn, Senior Officers, are held accountable for managing and overseeing their responsibilities, including the staff under their purview.
However, this shift towards individual accountability goes beyond mere structural changes—it requires a profound cultural transformation within the institution. It is not something that will happen overnight, but instead needs deliberate action to be embedded into the institution’s core values. A major step in this transformation is achieving clarity around roles and responsibilities. Many participants at the Deloitte Malaysia's Regulatory Talk emphasised the importance of clearly defining who is responsible for what, especially in cases where roles overlap. Without this clarity, the risk of mismanagement or oversight gaps increases significantly.
The Responsibility Mapping framework cannot be solely driven by the Human Capital or Compliance team. Instead, it should be a collaborative effort across the entire institution. The appointed individual or team leading this initiative must have the influence, authority and vision necessary to drive meaningful, institution-wide change.
While implementing this framework may present challenges, financial institutions that embrace this change will find themselves in a stronger position for long-term success, with a solid foundation to manage future risks and navigate regulatory demands.
Shaping personal accountability
As Malaysian financial institutions gear up towards the full implementation of BNM Responsibility Mapping by 2026, the focus on individual accountability isn't just about regulatory compliance — it's about building trust. The recent wave of scandals has shown that when leaders neglect their oversight duties, the fallout can be catastrophic, for both institutions and the public who depend on them.
By embracing a culture of accountability, financial institutions can enhance transparency, protect themselves against future risks, and reinforce their commitment to ethical behaviour. As global regulators continue to zero in on personal responsibility, institutions that lead with integrity and clear governance will set the gold standard for the future of financial services.
1Source: Enforcement Actions taken by BNM against Regulatees /
Licensees - Bank Negara Malaysia
Deloitte Malaysia
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.
Deloitte Asia Pacific Limited is a company limited by guarantee and a member firm of DTTL. Members of Deloitte Asia Pacific Limited and their related entities, each of which is a separate and independent legal entity, provide services from more than 100 cities across the region, including Auckland, Bangkok, Beijing, Bengaluru, Hanoi, Hong Kong, Jakarta, Kuala Lumpur, Manila, Melbourne, Mumbai, New Delhi, Osaka, Seoul, Shanghai, Singapore, Sydney, Taipei and Tokyo.
About Deloitte Malaysia
In Malaysia, services are provided by Deloitte PLT (LLP0010145-LCA) (AF0080), a limited liability partnership established under Malaysian law, and its affiliates.
This communication contains general information only, and none of DTTL, its global network of member firms or their related entities is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser.
No representations, warranties or undertakings (express or implied) are given as to the accuracy or completeness of the information in this communication, and none of DTTL, its member firms, related entities, employees or agents shall be liable or responsible for any loss or damage whatsoever arising directly or indirectly in connection with any person relying on this communication.
© 2024 Deloitte PLT
Press contacts:
Samantha Yong
Senior Manager, Marketing Communications
Tel: +603 7624 3502
Email: zeyong@deloitte.com
Maxine Gui
Senior Executive, Marketing Communications
Tel: + 60 3 7610 8954
Email: maxgui@deloitte.com