BRIEFING PLANNER · BRIEFING PLANNER Host: Location: ... organisational structure or entity lens to enable management and monitoring of the system ... number of breach reports by

CONFIDEN TIAL

APRA-NULIS Quarterly Liaison Meeting

BRIEFING PLANNER

Host: Location:

NULIS Nominees (Australia) Limited (NULIS I Trustee) Space AB, 105 Miller St, No1th Sydney

Entities : Date: Time:

Attendees

NULIS

NULIS and National Wealth Management Services Limited (NWMSL) 5 March 2018 10:00 AM to 12:00 PM

• Matthew Lawrance - CEO, MLC Super I Chair, NWMSL I EGM, Wealth Products & Services (ML) • Damian Murphy - CRO, NULIS I CRO, NWMSL I CRO, Consumer Banking & Wealth (DTM) • Brian Man-iott - COO, NULIS (BM) • Chris Baker - GM, Portfolio & Change (CB) • Russell Jansen - GM, Wealth Operations (RJ) • Tom Garde - GM, Corporate Super Product (TG) • Tim Hurle - Head of Regulat01y Affairs, Prudential (TH) • Nicole Hounsell - Senior Consultant, Regulatory Affairs (NJH)

APRA - Diversified Institutions Division (DID)

• Anna Sofianaris - Senior Manager (AS) • Daniel Yip - Principal Analyst (DY) • Sasha Kerbert - Analyst (SK)

Meeting Purpose

NAB.160.009.7669

Quait erly liaison meetings form part of APRA's 'BAU' supervision ofNULIS, with the agenda typically canvassing a mix of entity specific and industiy-wide themes. Following a long period in which APRA engagement focussed on our ti·ansfonnation agenda, APRA resumed BAU supervision in early 201 7.

Meeting Agenda

Agenda

1. Welcome and inti·oductions

2. Accelerated One NAB Plan (AONP) Changes: Impact of the proposed changes on NULIS and NAB' s broader wealth business.

3. Open Significant Breaches : Update on how remediation is progressing as well as anv changes regarding the extent of the breach.

4. Conti·ols Transformation Program (CTP): The history of the CTP as well as its integration into NULIS' operational risk framework.

5. Update on the ASIC assurance review required under NULIS' license conditions.

6. Member Outcomes : Update on any progress made by NULIS in recent months on member outcome metrics, repo1ting and action plans. APRA will also share observations on the net outflow experienced by NULIS funds and the relevant considerations for the Trustee.

7. APRA Update: Confirm upcoming APRA/NULIS engagements for 2018 and areas of interest which mav be tabled at the Board meeting scheduled for 18 Aoril 2018.

8. Meeting Close I Confumation of Actions

Index of Briefing Planner

Key Messages (including Potential APRA Questions & Speaker Notes) Appendix 1: Background on cun-ent areas of prudential focus Appendix 2: APRA Profiles Appendix 3: NULIS Open APRA Significant Breaches (as at Februaiy 2018)

National Australia Bank Limited ABN 12 004 044 937 AFSL and Australian Credit Licence 230686

Presenter (s)

ML

ML

ML (Lead) CB, RJ &TG

ML (Lead) CB&RJ

ML (Lead) CB

ML

APRA

NJH

Duration

5 mins

30 mins

25 mins

25 mins

10 mins

15 mins

Pg. 2-6 Pg. 7

5 mins

5 mins

Pg.8 Pg. 9-13

Page 1of13

NAB.160.009.7670

CONFIDENTIAL

Key Messages

1. Welcome and introductions (Slides 3-4)

Objective: Ensure clarity of roles, responsibilities and accountabilities across the various entities (NULIS, NWMSL and NAB).

2. AONP Changes

Objective: Provide APRA with further insight on the impact of the proposed changes on NULIS and NAB' s broader wealth business.

Potential APRA Questions: • Impact of the changes on NULIS' strategic direction and resourcing • Impacts to NULIS' Responsible Persons • Level of interaction between the NULIS Board and NAB and management of any differences in views • Management of conflicts of interest • How NULIS is working to ensure the change is landed safely

3. Open Significant Breaches

Objective: Provide APRA with an update on how remediation is progressing as well as any changes regarding the extent of the breaches.

Speaker Notes: • NULIS continues to focus on breach management, promoting a culture of early identification and timely remediation of

issues. • A dedicated GM of Regulatory Change and Remediation (CB) has been established as pa1t of the AONP changes to

provide dedicated focus to these issues. CB attends the Breach Review Committee to ensure there is 1st Line oversight of new significant breaches.

• NULIS has a stmctured approach to resolving breaches quickly and accurately. Depending on the complexity of the underlying root cause and remediation approach:

Most breaches are resolved by 1st line teams Highly complex breaches are managed by the Guardian team who have specialist skills and capability to manage complex remediation (Interest on Pending Claims & Adviser Remuneration Suppression); and A handful of breaches require a bespoke project to resolve (Employee Provided Member Data).

Please refer to Appendix 4 for speaker notes on the individual significant breaches.

Potential APRA Questions: • How does the Trustee ensure adequate oversight of remediation and consistency in the approach to remediation I

determining significance? • How does the Trustee ensure that key learnings from significant breach events are implemented to enhance the control

environment? • How does the Trustee promote a culture of early identification and timely remediation of issues?

4. Controls Transfonnation Program (CTP) & Controls Management System (CMS)

Objective: Provide APRA with an update on how remediation is progressing as well as any changes regarding the extent of the breaches.

Speaker Notes: • Since 2013, there has been significant management focus and investment across the NAB's wealth management entities,

including the superannuation business. This includes: Uplifting the control environment and risk management capability across three lines of defence; Remediating legacy issues and breaches, including customer remediation; Simplifying entity govemance stmctures and operating models; and Simplification and modemisation of legacy products and platfonns (ongoing) .

• A key plank of this uplift has been our investment in improving our approach to controls management • A new Controls Management System (people, process and technology) has now been deployed to manage NULIS'

regulatory obligations, providing traceability and transparency from entity to obligation to business processes to controls, control effectiveness and impact to entity risk appetite. (Loop Diagram - Slide 13)

• The next phase is to extend the CMS to include product temis and conditions obligations into the framework, covering more fully areas such as fees and investment control.

National Australia Bank Limited Page 2of13

CONFIDENTIAL

National Australia Bank Limited Page 3 of 13

We have invested heavily in the deployment of the CMS and in the ensuring it is sustainable and embedded into our operating rhythm (BAU) through our 1st line leaders, risk policy, frameworks and oversight (including RMFs and board reporting.

CMS implements a clear accountability model for ownership of Obligation Compliance, Process Management (design, currency and performance) and Control Effectiveness.

Supporting technology allows data relating to obligations, processes, controls and actions to be linked and extracted via an organisational structure or entity lens to enable management and monitoring of the system

We have added 10 FTE to BAU to ensure we have both the capacity and expertise on hand to ensure the CMS both operates effectively and continuously improve.

Internal Audit has maintained oversight of the deployment of the CMS through a number of stage gates. CMS has also been recently reviewed for design effectiveness by KPMG as part of the ASIC Assurance review with further follow up on operating effectiveness to be completed as part of their final report.

CMS enables NULIS and the broader wealth business to actively demonstrate that we are meeting compliance with our regulatory obligations and that we continue to do the right thing for our customers, people, shareholders and regulators.

Potential APRA Questions Reasons for delays in implementation of the CTP / CMS since it commenced How is the business managing resources in the context of various competing priorities How the business is ensuring it will be safely embedded in a sustainable way Has the CMS helped

5. Update on the ASIC assurance review required under NULIS’ license conditions

Objective: Provide APRA with an update on the key points related to the ASIC assurance review required under NULIS’ license conditions.

Speaker Notes:

Background and context: Additional licence conditions were imposed on the AFSL of NULIS in September 2016 following ASIC’s enquires into a

number of breach reports by NAB’s wealth entities between June 2015 and June 2016 KPMG were engaged by NULIS as the Independent Expert. The scope of the ASIC Assurance Review covered three thematic areas, over which KPMG is assessing the adequacy and

effectiveness of NULIS’ processes and procedures. These included:- Trustee Governance & Oversight: service provider monitoring; governance and communication systems; supervision

and monitoring of officers; adequacy of human and technological resources - Risk and Compliance Management: three lines of defences, risk reporting, conflicts of interest, management of

compliance obligations- Product Change and Disclosure Governance: assessment, approval, implementation and monitoring of product

changes, and disclosure and reporting to members

Timeframes and progress: The first report (the 1st Phase Interim Report) was due and delivered on 31 July 2017. On 19 January 2018 ASIC revised the timeline for the 1st Phase Final report from 28 February 2018 to 31 August 2018 to

align with the timeline of the 2nd Phase Final Report and to allow for the full delivery of the NULIS Implementation Actions arising from the 1st Phase Interim Report.

Consequently the final set of reports (1st and 2nd Phase Further Reports) are expected to be issued on 28 February 2019. As at 23 February 2018, 33 of 44 actions in the Implementation Plan are closed with 28 submitted to the Independent

Expert for assessment.

Next steps: 1st Phase Interim Implementation Plan

- NULIS will continue to deliver on the actions committed to in the 1st Phase Interim Implementation Plan (all remaining actions are due by 31 March 2018).

- NULIS will continue to engage KPMG on design effectiveness checkpoints for the remaining actions to ensure delivery is in line with the Independent Expert’s expectations.

NULIS Response to 2nd Phase Interim Report- Under the Licence Conditions, NULIS will have 60 days from 28 February 2018 to determine which of the

recommendations contained in the 2nd Phase Interim Report that it proposes to implement and a further 7 days to advise ASIC in writing of its decision.

1st and 2nd Phase Final Reviews- Over the coming months KPMG will commence their testing for these Final Reviews.

NAB.160.009.7671

CONFIDENTIAL


- These Reviews which will cover an assessment of relevant matters in relation to Licence Condition 20 which were covered in the Interim Reports, the implementation of any Interim Report recommendations, and any other further recommendations.

- The Final Reports are due 31 August 2018. 1st and 2nd Phase Further Reviews

- The Further Reports are due 28 February 2019.

2nd Phase Interim Report: The report from KPMG is largely positive with some Licence Conditions areas* now fully assessed as both adequate and

effective (i.e. will not require revisiting for the duration of this Review) There were three scope areas for this report. Each scope item and an overview of related findings are as follows:

- Whether KPMG’s findings from the 1st Phase Report are also applicable and appropriate for the Wrap Funds The findings were found to be applicable to Wrap

- Whether any relevant items specified in Licence Condition 20 are different or unique for the Wrap Funds No differences were called out between MLC Super Fund and Wrap with respect to the Licence Condition 20

areas They note that there is a different investment governance committee for Wrap but state that the processes and

procedures from the 1st Phase are applicable- To the extent possible, any design effectiveness testing on NULIS’ 1st Phase Interim Implementation Plan actions

KPMG only reviewed those Implementation Plan actions which were due for closure on or by 31 December This meant that KPMG could not conclude their assessment on around half of KPMG’s 1st Phase Interim

Recommendations because the related Implementation Action Plans are not yet due for completion For the remainder, most recommendations have now satisfactorily been addressed by NULIS’ Implementation

Plan actions They raised 14 Further Recommendations – the vast majority of these are already being addressed by existing

Implementation Action Plan activities The Further Recommendations which do not relate to activities already underway are mostly requirements for

clearer documentation. For example to further document:- The role of the Trustee in relation to monitoring of adequacy of resources- The role of the OTT in relation to service provider monitoring

The Further Recommendations are equally applicable to the MLC Super Fund and the Wrap Funds.

* The following Licence Conditions are now considered adequate and effective for both the MLC Super Fund and the Wrap Funds. We anticipate these will not require re-testing for the duration of the ASIC Assurance Review: Licence Condition 20(a) Identification and application of the three lines of defence Licence Condition 20(f)(iv) Product change – testing of system changes Licence Condition 20(j) Supervision of service management personnel

Potential APRA Questions: What has been ASIC’s response during its supervisory oversight of the review? Is ASIC happy with progress? How is the Trustee ensuring appropriate management of resources given the various regulatory programs / priorities? What areas of assurance are remaining in the review?

- Answer: The majority of the remaining scope of the assurance review relates to the operating effectiveness of NULIS’ processes and procedures. Design effectiveness (adequacy) has represented the dominant focus of the first phases of assurance and KPMG will now report on how effectively NULIS’ frameworks operate in practice.

Have KPMG identified issues relating to cultural practices or conduct?- Answer: KPMG’s findings have not identified shortcomings or issues relating to conduct or culture (KPMG have noted

a genuine and manifest desire to improve the business for the benefit of members).

6. Member Outcomes & Net Funds Flow (NFF)

Objective (Member Outcomes): Provide APRA with an update on progress made by NULIS in recent months on member outcome metrics, reporting and action plans.

Speaker Notes (Member Outcomes): NULIS continues to be focused on ensuring high quality, value for money superannuation products and services are

available for members including investment governance and quarterly monitoring of net returns on an absolute basis and relative to risk / return targets.

Member outcomes metrics as specified in APRA letter to RSE are stated as “The metrics for APRA’s assessment of historical outcomes and future sustainability include: - net returns, on an absolute basis and relative to risk/return targets; - costs per member for MySuper products; - cost of insurance cover; - administration and operating expenses as a percentage of average net assets (operating cost ratio);

NAB.160.009.7672

CONFIDENTIAL


- net cash flows as a percentage of average net assets (net cash flow ratio); - net member benefit outflow ratio; - net rollovers as a percentage of average net assets (net rollover ratio); - trends in membership base; and - active member ratio.”

These align with our core measures of our business NFF, CTI, NPS (best interest) so our approach is to extend existing practices.

We have progressed work on relativity of fund utilising Rice Warner data and are currently working on further refinement of this.- We have current work underway (under the revised NPS model work) to ensure we know what to focus on that is most

important to our customers and we have the ability to act on these insights across our customer facing channels and greater business – this will extend to ensure that relevant “best interest” member outcomes are addressed.

- Any reporting developed under the member outcomes framework for NULIS (which is being looked into now across key value chain leaders) will be evolved to correlates to member outcome core metrics

Objective (NFFs): APRA will share observations on the net outflow experienced by NULIS funds and the relevant considerations for the Trustee.

Speaker Notes (NFFs): We are looking to address outflow position through Simple Needs retirement solutions, engagement plan delivery,

enhanced digital capability as per strategic initiatives. Our data indicates outflow retention should target pre-retiree from PLUM.

Background (NFF): The below was included in the NULIS CEO Report dated 26 November 2017 (Presented to Trustee Board: 7/8 December 2017 & Provided to APRA: 18 December 2017).

Metric YTD Actual YTD Plan YTD Var. Commentary

Net Funds Flow ($m) ($144m) ($57m) ($86m)

Net Funds Flow (NFF) performance was below plan for MasterKey on-sale, Business Super and Wrap. This was partially offset by above plan NFF in Plum and MasterKey off-sale products.

Actions delivered in Q1 FY18 that will contribute to addressing NFF include: Wrap. On 20 November, six new SMAs were launched on Wrap to address a key market need for more portable (asset

transferable) and tax segregated investment options. The assessed future contribution of Net FUM over three years is $2bn.

Corporate Super. To address retention and engagement, an increased focus on workplace engagement resulted in 1,634 customers engaged through face-to-face seminars, together with a member Financial Wellness Series in Melbourne (14 November) and Sydney (21 November) that was well attended (~600 members). In addition, through optimisation of direct retention activities approximately $3m in FUM was retained across 85 accounts in October 2017.

Tracking key metrics. In October, a customer analytics dashboard was launched in production to measure key customer metrics (including member volumes, NFF and FUM), with planned iterative releases to enhance the Dashboard in Q2 FY18.

Wealth Customer Dashboard Quarterly

7. APRA Update

Objective: APRA is looking to provide confirmation of key upcoming APRA/NULIS engagements for 2018. Currently, this is expected to include: A broader discussion with the NULIS Board (18 April 2018); An Operational Risk Prudential Review (2H FY181); Quarterly Liaison Meetings (9 July 2018 & October 20181)

APRA is also looking to confirm areas of interest which may be tabled at the April 2018 Board meeting (which will include Helen Rowell (APRA Deputy Chairman with responsibility for the superannuation sector)).

Speaker Notes:N/A

1 Dates for these meetings as yet to be confirmed.

NAB.160.009.7673

CONFIDENTIAL


8. Meeting Close / Confirmation of Actions

Speaker Notes:N/A

NAB.160.009.7674

NAB.160.009.7675

CONFIDENTIAL

Appendix 1: Background on current areas of prudential focus

Key areas of APRA focus

As outlined in APRA's Pmdential Consultation letter to NULIS, dated 26 September 2017, key areas of APRA focus include: • NULIS' long-tenn strategy, the pillars underlying this strategy and how NULIS will address key strategic challenges; • NULIS' member value proposition and the processes NULIS has in place for identifying and addressing any sources of

sub-standard member outcomes; • NULIS' conflicts management framework and how it operates within the NULIS I NAB organisational st:Iucture; and • The level of interaction between the Board and NAB and the impact this has on NULIS' strategic direction and resourcing.

Pmdential Review oflnvest:Inent Govemance

APRA unde1took a Pmdential Review of NULIS ' Invest:Inent Govemance Framework (IGF) from 31 October 2018 through 2 November 2017 (Review).

Overall, the resulting Repo1t, dated 13 December 2017, was positive with APRA considering "NULIS' IGF to be suitably robust, with good oversight provided by the Board and the NULIS lnwstment Committee" . Notwithstanding this, APRA outlined seven "recommendations" for improvement relating to the ne.ed to: • Review the IGF to clearly a1ticulate NULIS' invest:Inent philosophy; • Review the Invest:Inent Govemance Policy (IGP) to better express how the entire system, policy and processes come

together to support NULIS meeting its responsibilities regarding directly managed invest:Inent options; • Define risk appetite for cun-ency exposures; • Provide robust quantification of the margin being eamed on the MLC Cash Fund assets (which are wholly invested with

NAB Limited) as well as a Board approved process for ongoing monitoring; • Develop specific and measurable risk objectives for the Inflation Plus Series; and • Review of the appropriateness of altemative asset class benchmarks used for MySuper.

The Repo1t also outlined an "observation" that the implementation of the findings in KPMG's SPS 530 comprehensive review should be accelerated.

NULIS submitted its response to APRA's Repo1t on 1Febmary2018 outlining its position on ea.ch of the findings, the action to be taken and timeframes for completion. • The most substantial body of work is in response to APRA's recommendations to review the IGF and IGP. This review

has commenced and is targeted for completion by the end of May 2018. An updated draft of the IGP will be presented for review and discussion at MPIC on 8 March 2018. As patt of this review, NULIS' risk appetite for cun-ency risk will be articulated and the performance improvement oppo1tunities identified by KPMG's SPS 530 comprehensive review implemented.

• In regards to APRA's observations and recommendations in respect of the MLC Cash Fund, more work is being undertaken on this internally and Rice Warner has been engaged to identify additional appropriate market reference points and methodologies including derivatives pricing and scenario analysis. Completion of this work is also tai·geted by the end of May 2018.

• The work to address the remaining two APRA recommendations regarding the risk objectives for the Inflation Plus Series and the appropriateness of the benchmarks will be presented to MPIC for review and discussion at the 8 March 2018 meeting.

NULIS is due to provide an update to APRA on the progress of these actions within one week of the MPIC discussion.

Other areas of recent APRA interest I que1y

• Member compensation amounts paid for operational risk events impacting NULIS and the funding source of those payments;

• eRollover and eContribution perfonnance metrics following a significant breach reported to APRA and ASIC in November 201 7; and

• Data lodged by NULIS under APRA's Superannuation Repo1ting Framework (including consistency in messaging I interpretations between the Reporting and Pmdentia.l Frameworks).


NAB.160.009.7676

CONFIDEN TIAL

Appendix 2: APRA Profiles

As pa1t of a broader restructure to reorganise its supervision teams along industiy, rather than conglomerate group, lines, APRA made changes to separate the NULIS supervision team from the National Austi·alia Bank Limited (NABL) supervision team (effective 1July2017). To date, engagement with the new NULIS' supervision team has been positive.

Anna Sofiana1·is - Senior Manager , DID (AS): AS commenced as the APRA lead supervisor for NULIS effective 1 July 2017. AS's ctment po1tfolio includes supervision ofMLC Limited and she has in the past lead APRA' s NABL supervision team. Anna repo1ts to GM of DID Branch III, Adrian Rees. AS has been at APRA since its inception in 1998 after working in the RBA's Bank Supervision Department for three and a half years. In addition to frontline supervision roles within DID, AS worked in APRA' s Industiy Technical Services team (ITS) where she was responsible for providing advice and ti·aining to frontline supervisors on prudential requirements imposed on authorised deposit-taking institutions (ADis).

Daniel Yip- Principal Analyst, DID (DS): DS replaced Victoria Bow who was been NULIS ' Principal Analyst supervisor for several years. DS joined APRA in 2011 to provide technical suppo1t to superannuation supervisors via the ITS team and was appointed to DID in 2015 where he has been responsible for supervising a po1tfolio of entities that span a.cross all APRA regulated sectors. Daniel has served on APRA's Superannuation National Audit Consultative Committee and Superannuation Industiy Group for an extended period.

Sascha Kerbert - Analyst, Diversified Institutions Division : Since joining APRA in 2017, SK has supervised a range of superannuation, life insurance and general insurance entities. Prior to joining APRA, SK held various operational roles with the Sydney Symphony Orchesti·a, as well as working as a casual academic at the University of Sydney's School ofEconoinics.


NAB.160.009.7677

CONFIDENTIAL

Appendix 3: NULIS Open APRA Significant Breaches (as at February 2018)

l'iAB Ref# Title B1·each Summary Root Cause Remediation Status Key Talking Points

5497240 Detennination on NULIS, as Tmstee, makes life insurance Process was in All remediation activity has been Interest now being paid Interest on cover available to members, where MLCL is place, but controls completed.

Reported to pending claims the prefeITed insurer. When a member makes not effectively Process and controls deemed APRA on JO a successful claim for an insmed benefit, there captured and tested, Closme Notice being prepared for effective March 2017 will a "gap" betv.•een the date when the which meant process submission.

insurer approves the claim and when the failed. Closure Notice in course of payment is made by the Trustee to the submission recipient. As a result of a process failure, interest for two products, was not credited to insurance proceeds for a period of time.

359556312 & IncoITect #1027029: Processing e11'0rs have resulted in Basic process failure An extension to the target closure Majority of impacts (~1200) 1027029 treatment and approximately 1788 members being impacted by staff in using a date of 15 December 201 7 is were for members below min

release of primarily with incoITect rollover benefit preservation flag required to finalise the approach product balance of $200 and Reported to preserved benefits statement being issued or being paid super incoITectly on and treatment of tax implications were rolled (not cashed) to APRA on 17 benefits, without evidence of having met a member records. of preserved payments with the another Fund. March 2017 condition of release. ATO (expected to be finalised

Exacerbated by prior to 30 June 2018). Key Only 8 members with cash #3 5 9 5 5 6312: It was identified that there had system design status updates include: payments below preservation been incoITect treatment of preserved super requiring manual . Tmstee approval of age, total value $546K. Those benefits across the BHPB and South 32 Super over-ride and remediation approach still under preservation age to Plans as a result of e11'0rs in the intra-fund inability to deal with completed; rectify account or pay transfers and data handling. both preserved and . Extensive data analysis appropriate increased tax.

unpreserved status completed, member R ef er below for further details on impacted concurrently. preservation impacts 82 members with money rolled members. considerably reduced; and out to another Fund with . Finalise legal feedback based incoITect components, will be

on ATO approvals. coITected with re-issue of RBS.

~500 members now deemed compliant that were in original 1788 potential impacts

National Australia Bank Limited ABN 12 004 044 937 AFSL and Australian Credit Licence 230686 Page 9of13

CONFIDENTIAL


32796391 & 36488841

Reported to APRA on 19 May 2017

Member Welcome Kits

This breach relates to Member Welcome Kits not being issued to new members of the MasterKey Business Super (MKBS) and the Plum Corporate Super (PCS) products within the prescribed 90 day period. • Issue 1: Majority of the impact occurred

due to implementation of an internal project.

• Issue 2: Root cause associated with ineffective oversight of new member account applications pended in workflow due to initial information provided by the employer being incomplete or inaccurate.

Root cause associated with ineffective oversight of new member account applications pended in workflow due to initial information provided by the employer being incomplete or inaccurate.

Whilst all welcome kit remediation activity has been completed, the additional remediation scope to deal with members who may have missed insurance “auto-underwriting” options by not receiving welcome kits on time is progressing (including some additional communications with this small sub-set of members and a potential change to available insurance cover). Accordingly, the target closure date has been extended to 30 June 2018 for this additional element.

No financial impact to members, non-provision of statutory information in a timely manner

428 members only impacted by auto-underwriting issue. Members will be given opportunity to consider additional cover if required.

Delayed closure date is to allow sufficient time for members to receive correspondence and respond.

38985474Reported to APRA on 23 June 2017

Preserved money being refunded to

customers

NULIS, as Trustee, issues retail insurance in superannuation products on an individual policy basis. MLCL is both Administrator (on behalf of the Trustee) and Insurer. In circumstances where premium refunds are payable, refunds have been incorrectly provided directly to members rather than to the Policy Owner (the Trustee) to be treated as preserved monies. The cause of the breach stems from inadequate controls for the circumstances and processes where superannuation contributions should be retained in a superannuation environment until a condition of release is met.

Failure of a manual control to determine which refunds can be paid in cash, and which require rollover to eligible super fund.

All member remediation activity has been approved by NULIS. The only outstanding matter is to finalise the tax treatment (if any) between the MLC Super Fund and the ATO (expected to be finalised prior to 30 June 2018).

Average impact of early release less than $1,000 per member

Total impact of early release in total now <$500K vs ~$3mln in original Breach Notice

Line 2 Assurance at MLCL confirmed controls now operating effectively.

NAB.160.009.7678

CONFIDENTIAL


40630382

Reported to APRA on 20

July 2017

Adviser Remuneration Suppression

Payment of Ongoing Service Fees (OSFs) deducted from some customer accounts was suppressed in an Adviser Remuneration Payment technology system under certain circumstances. Due to a breakdown in the way this risk control was designed, it appears that whilst the system functionality was implemented, the associated review process by administration teams (to either allow the payment to proceed or refund to the customer) was not.

Key controls worked effectively to supress OSF for appropriate purposes

Compensating controls to release or reverse supressed values failed

Remediation on track for closure by 28 September 2018. Customer remediation will commence in June 2018 as planned, however there has been a change in sequencing of interim activities following stakeholder feedback and to align with internal board dates at which these matters will be formally approved.

Impact is principally to Advice Licensees who did not receive money they were likely entitled to.

Total suppression value of ~$1.5mln since 2001

~$750K to be released back to members as Licensee no longer active

Remaining active Licensees to demonstrate positively that a service was provided, at which point monies will be released. If not, monies to flow back to member.

45700823


November 2017

eContribution Compliance Obligation

Reporting & eRollover Results

– MLC Super Fund

Across June, July and August 2017, some of NULIS’ internal materiality thresholds regarding eRollovers and eContributions obligations were not met. The most material impact to compliance standards related to the degradation in system performance of NULIS’ key workflow tool, AWD, during August 2017.

This was a timing breach, not an allocation breach.

Majority of impact caused by degradation in AWD workflow tool delaying ability to processes within prescribed 3 days.

All remediation activity has been completed. Closure Notice being prepared for submission.

APRA has had monthly updates over past 3 months.

Outcomes have not had any significant breaches.

January results show close to 100% results against 98% thresholds.

NAB.160.009.7679

CONFIDENTIAL


42737160


December 2017

Employer Provided Member

Data (Plum Products)

This breach relates to concerns around the accuracy of data received from employer sponsors. Root cause for the data integrity issues appears to stem from sub-standard control environments applied by external clearing houses which are used by employers since the introduction of the SuperStream requirements in 2014.

Lack of controls in data received from Employers being reconciled to benefit plan design.

Remediation activities on track for closure by 31 December 2018.

Project established to manage, cost ~$9mln excluding any remediation.

Tracking to an aggressive schedule to remediate customers by August 2018 and allow production of annual statements in a timely manner.

Actual dollar impacts to members or final member numbers not yet known.

External assurance being provided by QMV on remediation approach and values assurance.

43586110


December 2017

MLC Emerging Markets Fund

(Plum) (Uninvested Cash)

NAB Asset Management Services Limited (NSL) provides portfolio management services to NULIS. Due to human error, an MLC Super Fund investment option, was not monitored for cash inflows and outflows for the period from 12 August 2015 until 21 August 2017 which resulted in an uninvested cash balance of $14.6m and the option unit price being approx. 4% lower than it should have been.

Human error removed the fund from reporting

While the majority of remediation activities have been completed ($3m compensation), member communications have been delayed following engagement with ASIC and are now targeted for completion by 31 March 2018.

Three enhancements were implemented to the processes and controls subsequent to the Event by NSL: • Peer review for liquidity

configuration changes. • The “Daily Exceptions

Report” was implemented in January 2017

• A complete review of all funds in the required monitoring process. (no exceptions found)

Event will be closed once letters go out to members.

NULIS has had oversight of NSL’s remediation and control uplift.

45897671


Unit pricing error for MasterKey Super Product

In October 2017, it was identified that NAB Asset Servicing (NAS), custodian appointed by NULIS, had incorrectly recorded the tax components for the distribution income

National Asset Servicing (NAS), incorrectly remapped a tax

Remediation activities on track for closure by 30 April 2018.

13k members in the Platinum funds were impacted. 417 of which transacted and require member level compensation

NAB.160.009.7680

CONFIDENTIAL


December 2017 received from an external unit trust (Platinum). This resulted in an incorrect unit price for 2 Platinum investment options across three MK products within the MLC Super Fund from 18 July 2017 to 20 September 2017.

component of the distribution. The incorrect tax component reduced the unit price

($115k). The remainder will be pool level compensation ($93k). Total compensation of $208k.

NAB Event 359556312 & 1027029 (Incorrect treatment and release of preserved benefits): Further details on impacted members

Scenario Sub Scenario Member Numbers Total

Under preservation age at time of payment and remain so now 3 $118,726.00Member accounts with cash withdrawal(s)

made with an account status is open/ closed Under preservation age at the time of payment, but over

preservation age now 5 $427,586.10

Member accounts with entire rollover out to other Super Fund with incorrect

preservation componentsN/A 73 $12,208,824.58

Member accounts with partial rollover out to other Super Fund with incorrect

preservation componentsN/A 9 $1,465,289.77

Payments under $200 1192 $110,989.00

Grand Total 1282 $14,331,415.45

NAB.160.009.7681

Documents

BRIEFING PLANNER · BRIEFING PLANNER Host: Location: ... organisational structure or entity lens to enable management and monitoring of the system ... number of breach reports by