Data collection sample 93

According to the register of the Australian Prudential Regulation Authority (APRA) (2018), there are currently 147 authorised deposit-taking institutions in Australia. These institutions are categorised by market capitalisation into three tiers: Tier 1, 2 and 3 (Gorajek & Turner 2010). Tier 1 represents financial institutions with the largest capitalisation, Tier 2 represents medium-sized institutions, and Tier 3 represents small institutions.

It was decided to stratify the sample through a selection of different-sized financial institutions, one from each of the three tiers, as the research questions related to understanding FSCR in Australian financial institutions rather than in any particular institution with limited generalisability. To this end, all the case data would be aggregated into a combined generic case based on the data from the three institutional cases. Further, the nature of the institutional cases is such that they are from the same industry sector rather than from different sectors. Also, all the participants have roles related to the management of organisational risk. A multi- case study design comprising three financial institutional cases was then stratified with three participants each to make a sample of nine participants; this was thought to be a reasonable

sample size to allow for retention of the benefits of a case study design (Eisenhardt 1991). It also provides a design benefit from the ability to cross-case triangulate and aggregate participant information providing for replicability across cases that gives increased generalisability over a single case (Patton 1999; Yin 2014). In addition, data volume is balanced with complexity to both provide an in-depth analysis typical of qualitative case methods and the facility to suggest generalisability beyond a single instance. These features of the design of the sampling aim to provide a foundation to make valid observations about Australian financial institutions without the loss of depth inherent in larger samples using quantitative methods (Dubois & Araujo 2007); this was the reason why three participants from each of three financial institutional cases were selected.

The multi-case sampling design above is based on a case replication logic rather than statistical logic. The latter is where the sample cases are randomly selected from the population of all 147 authorised deposit-taking institutions (APRA 2018) in Australia with equal probability, but with a large sample size to allow for statistical inferences to be made from standardised measures that lack depth. In contrast, replication logic concerns similar cases where similar depth data are expected to support generalisability but without the vulnerability of data distortion risk of a single case. In this multi-case study, based on replication logic, a chain referring sampling method (Alvi 2016) was used, geographically based in Melbourne, Australia. This is where the sample was selected non-probabilistically through referral initiated through both an industry network and through an institutional network following contact with the more senior participants.

The advantage of these case and participant selection methods is that they are also more suited to participants where there is some time and effort commitment required as a part of

participation (e.g., repeated interviews over time to develop in-depth data rather than short- term single instance interviews or a single questionnaire). Chain referring sampling methods (Alvi 2016) are also useful when the participants may be otherwise hard to reach or are few in number because of the specialised nature of their work.

Of the 147 deposit-taking institutions in Australia (APRA 2018) approximately 80% of capitalisation is held by the Tier 1 large banks, with Tier 2 medium sized and Tier 3 smaller banks holding the balance (APRA 2018). Three Australian owned financial institutions, one from each deposit-taking institutional capitalisation tier (large, medium and small), were selection for inclusion in this research. The selected banks subsequently invited the researcher to conduct interviews at the institution premises. An overview of the three banks are described next.

3.4.1.1 Bank X

The large Tier 1 Bank X is an international financial services organisation that provides a comprehensive range of financial products and services. Bank X is structured according to banking and wealth management operations, with international capital markets and an institutional banking business that operates in several global geographic regions.

Key businesses within Australia include personal banking, business banking, wholesale banking and wealth management, as well as group business services. The Bank X employs over 30,000 full-time equivalent employees and has over A$500 billion total assets; Bank X Retail includes over 500 branches and Bank X includes over 2,000 ATMs.

3.4.1.2 Bank Y

The medium sized Tier 2 Bank Y, an Australian-owned ASX listed company, has more than 80,000 shareholders; over 5,000 employees serve about 1.5 million customers in more than

500 communities Australia-wide. Assets are valued at more than $60 billion and market capitalisation at around $5 billion.

3.4.1.3 Bank Z

The small Tier 3 Bank Z employs over 500 full-time equivalent employees and has over $4000 million total assets.

3.4.1.4 Sample selection

The nine participants in the sample comprised three senior risk management professionals from each of the three financial institution cases selected. Senior risk managers were selected as they provided the point of contact between the researcher and the organisation. The risk managers were authoritative in relation to issues of risk and current risk management practices as they pertained to multiple organisation functions and divisional areas. They were selected following initial contact with the bank’s senior management by the researcher. This contact was made either through industry contacts or referral recommendations by industry contacts. The initial interviews revealed that the participants were keen to share knowledge on FSCR issues. Table 3.2 shows the participants’ characteristics, including institutional location, role, years of experience, education level and gender.

In each of the banks in the sample, bank board members sit on a risk management and compliance oversight committee. By and large, this committee oversees organisational performance on a number of risk-associated matters such as credit quality, risk related to the regulatory environment, monitoring risk appetite appropriateness and other perceived risks, such as sustainability. The more senior participants’ role-related activities variously involve ensuring the provision of risk-related information, which forms part of the periodic

organisation. Participants 1, 5 and 7, being in more senior risk manager roles and delivering a wider span of the organisational division’s risk reporting responsibilities, ensure risk report information is routinely collected, centralised and reported to various divisional or functional area risk committees or councils, and may effectually be reported to the board-level risk committee. The organisational location of these senior risk roles tends to be in corporate divisions with a whole-of-institution focus on reputation, governance and corporate affairs. They may also have a cross-functional influencing or leadership role to support the disparate risk-related staff located in other divisions and geographies.

The remaining participants’ (2, 3, 5, 6, 8 & 9) roles tend to have narrower and a more operational scope of focus in their risk-associated roles. The location of their roles may be either in a corporate division or business unit based, but all have a focus on specific operational areas of risk such as audit, liquidity, business banking, products and markets, wealth finance, group development, financial crime, workplace performance or enterprise services and technology. Further, in addition to routine reporting, their roles involve a discrete risk issue investigation and analysis function as a response to discrete risk effects as they arise. Their role investigates what occurred and makes recommendations for remedial action in relation to the specific risk effect.