Regulators to focus on directors' duties in relation to oversight of non-financial risks.
There is growing concern by the Australian Securities and Investments Commission (ASIC) that there are significant shortcomings in Board oversight of non-financial risks, as compared to the more developed frameworks generally in place for the management of financial risks.
ASIC has identified these shortcomings in an October 2019 report titled the "Director and Officer Oversight of Non-Financial Risk Report" (Report) which was released by the ASIC Corporate Governance Taskforce (the Taskforce).
The Report analysed the approach taken to three different types of non-financial risks: operational risk, compliance risk, and conduct risk. The results are based on the Taskforce's review of 29,000 documents and information from 60 interviews with directors and officers of seven financial institutions listed on the Australian Stock Exchange, including insurers.
Following the Taskforce's review and the release of the Report, ASIC is now calling for Australian directors and officers in the financial services industry to exercise "active stewardship" to ensure they have meaningful oversight of their organisations and management.
Directors will be expected to ensure that they are properly informed and can dedicate adequate time to their role, so they can hold management to account regarding the operation of the company. Examples of this behaviour will include asking questions of management, requesting further information/analysis, or driving the implementation of changes to address identified failures by management.
Given that ASIC has clearly set out its regulatory expectations of Boards and the Australian Prudential Regulation Authority (APRA) has also been focused on Board oversight of financial services entities, we expect that in 2020 (and beyond) ASIC and APRA will be closely scrutinising the manner in which Boards of Australian insurance companies discharge their directors' duties. This will put pressure on management, legal and compliance teams to adopt improved risk frameworks to ensure that there is appropriate Board oversight.