The Situation: Directors and executives are largely responsible for the culture of companies, and regulators are seeking to hold them accountable for misconduct that can be traced to poor culture.
The Key Message: Culture can and should be assessed on a regular basis. In meeting their duties, directors should consider whether they need to have in place tools and systems that enable them to assess and monitor culture. This is not just a compliance step required in order to meet legal obligations; a strong culture is an opportunity to create sustainable high performance and returns.
Looking Ahead: We will continue to see regulators targeting individuals, and it will not be long before a case is brought against a director for breach of duties in connection with a failure to assess and address culture. With the benefit of hindsight, that director will be asked why he or she failed to take greater action to assess and identify cultural problems that should have been known to them by reason of likely "red flags".
The New Australian Regulatory and Corporate Environment
The Banking Royal Commission has been a demonstration and a driver of the rapidly changing environment for all Australian companies and the impact of those changes on individual directors and officers.
Following the Royal Commission, Australian regulators are prioritising enforcement outcomes and looking to hold directors and officers accountable wherever possible for poor behaviour by an organisation. Look no further than the Australian Securities and Investments Commission's well-publicised "why not litigate" mandate and its plan to bring up to 50 enforcement proceedings to court in the near future.
The other regulators—including the Australian Competition and Consumer Commission, Australian Prudential Regulation Authority and Australian Taxation Office ("ATO")—are taking similar approaches. The ATO's Jeremy Hirschhorn in a recent speech referred to the role of boards in taking responsibility for tax risks and the ATO, noting a "red flag" where a company cannot provide evidence to demonstrate a tax control framework exists.
Some leading chairs have endorsed, and utilise, a culture strategy at board level, recognizing that the topic has hitherto been ad hoc and reactive.
In addition to the activities of the regulators, companies and boards are increasingly scrutinized by shareholder activists, proxy advisors and short-sellers regarding culture.
Assessing Culture: Is There a Legal Obligation to Do So?
The word "culture" does not appear in the Corporations Act, so it is not unreasonable to ask: what legal obligations do directors have in relation to culture?
A better question to ask may be: where there has been a breach of the law by a company that can be traced to a failure of culture, how might "care" and "diligence" of individual directors under s 180(1) of the Corporations Act be judged by a court?
The answer might be found in Commissioner Kenneth Hayne's recommendation that "All financial services entities should, as often as reasonably possible, take proper steps to:
- assess the entity's culture and its governance;
- identify any problems with that culture and governance;
- deal with those problems; and
- determine whether the changes it has made have been effective."
There is no reason to limit this to financial services entities.
It might be suggested that the assessment of culture can be undertaken by the executives who are closer to the day-to-day operations of the business and who can report to the board.
Although the board's role is one of oversight, where a company has a poor culture all members of the board (both executive and nonexecutive) are at increased risk of being the targets of regulatory attention.
Nonexecutive directors are permitted to rely on information provided by management. However, where there is cause for suspicion or circumstances demanding critical and detailed attention, a director may no longer be able to rely on advice without independently verifying the information or scrutinising the information. There may be a range of "red flags" which put directors on notice of potential problems with culture, such as employee satisfaction, customer complaints, whistleblower reports, regulator dissatisfaction, internal audit results, unusual governance structure and unusual financial metrics.
What Should Directors Do?
Directors can take a number of steps to ensure a good corporate culture with regard to potential exposure to breaches of directors' duties. The obvious elements are to ensure that the following building blocks are in place:
- Setting risk appetite; and
- Establishing appropriate policies and frameworks, then ensuring the following are place: (i) communication; (ii) education; (iii) probative and independent testing of efficacy of policies; and (iv) remediation.
The risk appetite and policies and framework are underpinned and supported by:
- An appropriate culture that supports the company's policies and compliance with laws;
- Tools and systems that allow culture to be measured and monitored, allowing the board and management to identify and analyse behaviour that is antithetical to the values of the company; and
- Proper structure when cultural problems are identified; board and management should engage lawyers early to ensure that investigations have necessary protections (such as legal professional privilege).
Two Key Takeaways
- We will continue to see regulators targeting individuals, and it will not be long before a case is brought against a director for breach of duties in connection with a failure to assess and address culture.
- In meeting their duties, directors should consider whether they need to have in place tools and systems that enable them to assess and monitor culture. This is not just a compliance step required in order to meet legal obligations; a strong culture is an opportunity to create sustainable high performance and returns.