Kenneth Hayne’s final report from the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry directs most of its ire at banks and financial services providers. But Alistair McKeough, Principal Solicitor at the Automic Group, believes its recommendations are much more far-reaching. Here he explains why all Australian companies must take the findings of the report seriously.
What the report says about corporate governance
The Hayne report from the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry makes several recommendations that call for a major overhaul of the way financial institutions interact with and manage customers.
While the financial sector bears the brunt of the report, McKeough believes boards and directors across all sectors need to adopt a greater risk-based approach to business and immediate review their corporate governance – a factor the report homed in on.
“The report emphasizes the superintendent role that boards play,” he says. “They have to ensure they are getting adequate information from management, and they have to take steps to ensure their company has a culture of governance and remuneration structure.
“The report is saying that the board, the cultural governance, and the remuneration-review, executives are all linked together – it’s impossible to segregate them. So boards need to put processes in place that promote a culture of compliance.”
McKeough believes this type of governance is severely lacking across all industries.
“If you’re in the construction industry, for example, your compliance issues will be around safety, as opposed to regulatory compliance. Or if you’re in the childcare or the education sector then you’ll be focused on safety and duty-of-care issues.
“The board needs to set the governance approach in place and then use regular remuneration reviews to superintend compliance of that culture, encouraging executives to take corporate governance seriously.”
The Commission posed five questions every organisation should ask itself (Final Report, vol 1, 333–334):
- Is there adequate oversight and challenge by the board and its gatekeeper committees of emerging non‑financial risks?
- Is it clear who is accountable for risks and how they are to be held accountable?
- Are issues, incidents and risks identified quickly, referred up the management chain, and then managed and resolved urgently? Or is bureaucracy getting in the way?
- Is enough attention being given to compliance? Is it working in practice? Or is it just ‘box‑ticking’?
- Do compensation, incentive or remuneration practices recognise and penalise poor conduct? How does the remuneration framework apply when there are poor risk outcomes or there are poor customer outcomes? Do senior managers and above feel the sting?
The incentive for big businesses to change
A question many Australians are currently asking, especially when it comes to seemingly untouchable multinationals that turn over billions of dollars every year, is what’s the incentive to change their processes?
For starters, as McKeough explains, ASIC (the Australian Securities and Investments Commission) and APRA (Australian Prudential Regulation Authority) will now take a more vigilant approach to regulation.
“I don’t think there will be any change to the legal liability that directors have, but I think directors of larger companies, in particular, can expect to have a more vigilant regulator – one that uses its powers to investigate what it sees as non-compliance, and potentially issue notices requiring production of documents, or requiring people to attend interviews where it thinks there’s been serious non-compliance.”
What changes must be made?
So all this raises the most important question: what – if anything – do companies need to change in their day-to-day?
First, governance practices must be improved, and while there are various ways this can apply to organisations in any sector, it begins with conducting due diligence on staff. Probity checks for internal employees must become standard practice and ongoing necessity. That doesn’t only apply to pre-employment screening. In fact, some of the greatest threats to business come from current staff who’ve become passive or, in the worst-case scenario, deliberately malicious.
Employment reviews can be implemented on a regular basis and involve staff undertaking capability tests (such as psychometric testing), re-screening, and more. This will allow organisations to ensure their staff are aligning with company culture and will reveal any roadblocks as their confirmed skill sets need to evolve.
Losses to staff, investment, and reputation: The consequences of not taking corporate governance seriously
While McKeough recognises that all Royal Commissions are essentially hamstrung from the beginning, deployed only as a means to shine a light on poor conduct and then make recommendations, it’s the flow-on effects from the final report where he says real consequences will come to the fore.
Corporate governance can no longer be treated as just another box-ticking exercise, and if boards and company directors fail to take it seriously, they may soon find themselves incurring not only staff losses and reputational damage, but investment losses as well.
According to the ASX listing rule 4.10.3, a corporate entity is required to supply a corporate governance statement as part of its annual report proving it meets ASIC’s corporate governance recommendations.
“If you’re doing this reporting and saying, ‘We’ve got non-compliances’ then I think you’ll find it increasingly more difficult to get institutional money invested into your company.
“Companies that might have previously thought they could get away with reporting some non-compliances may need to revisit that approach.
“It’s not enough to say, ‘We’ve got the policies in place that address these issues, therefore we’re compliant.’ You need to have
Why change must start today
The time for action is now. The macro agenda has been set and there is no escaping it. That means company directors, those in the C-suite and senior staff must take decisive action immediately – the alternative puts them at extreme risk of being held personally liable.
With even the biggest players taking huge hits, it should be clear to those in senior positions that their companies are liable to lose their social licence should they fail to act – and the collateral damage will spread not only to their