Article One – Setting the Scene

Headed by Commissioner Kenneth Hayne AC QC, the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry was established in 2017 to inquire into and report on misconduct in the banking, superannuation and financial services industries. The Commission was given the power to recommend changes to the Australian Government that is necessary to improve:

  • the legislative framework of the banking, superannuation and financial services industries;
  • the practices within those industries; and
  • the powers of the industry regulators, i.e. Australian Prudential Regulation Authority (APRA) and Australian Securities and Investment Commission (ASIC).

The Commission can also refer instances of misconduct by the banks and its officers or employees to relevant Commonwealth, State or Territory agencies who may pursue criminal or other legal proceedings.

Given the failings uncovered by the Commission since it began its hearings in February 2018, these industries should be prepared for a shakeup, from both a legal and governance standpoint, like never before. For example, Treasurer Scott Morrison warned wealth management company AMP Limited (AMP) that its executives could face ‘penalties which include jail time’ after misconduct involving overcharging customers and lying to ASIC was revealed.1 The CEO of AMP subsequently resigned and there are now calls for the AMP board to be held accountable for misconduct it had known about since at least May 2017.2

One theme that continues to arise at the Royal Commission is ‘culture’. For example, a senior executive admitted that the culture in ANZ’s financial planning business had put growth ahead of clients’ interests.3 Both ASIC and APRA have previously recognised that an inappropriate culture is at the root of many cases of corporate malfeasance, as this 2015 speech by then chair of ASIC, Greg Medcraft, reveals:

Culture matters to ASIC because poor culture can be a driver of poor conduct. Culture has been at the root of some of the worst misconduct we’ve seen in the financial sector. Looking at cultural problems can give us an early warning of where things might be going wrong to help us disrupt bad behaviour before it happens and catch misconduct early. Importantly, it helps with identifying not just individual instances of misconduct but broader, more pervasive, problems.4

Medcraft went on to say to directors that, if they did not fix the culture within their organisations, they left themselves open to law changes that would enforce it.5

The Schedule to the Criminal Code Act 1995 (Cth) (Criminal Code)6 sets out the general principles of criminal responsibility as it applies to corporations. Under the Criminal Code, a company can be convicted of criminal offences which have an ‘intent’ element. Importantly for boards, a conviction can result if it is established that the company had a ‘corporate culture’ that directed or encouraged, tolerated or led to non-compliance, or that the body failed to maintain a culture that required compliance with relevant legislation.7 However, it is likely that the Royal Commission will recommend establishing further legislation and regulation around culture, so company directors will be actually held to account for any future failures, and not just let off with a reprimand. For example, for serious criminal misconduct, directors could be liable for a breach of the duty of care and diligence, if the organisation’s culture contributed to that conduct.

We predict the focus on cultural accountability by directors will receive even more scrutiny than the harmonisation of work health and safety (WHS) legislation across the Commonwealth, states and territories, which began in January 2012. This legislation placed increased liability on directors, who must exercise a greater range of due diligence in relation to WHS, such as ensuring the organisation has appropriate resources and processes available to eliminate or minimise WHS risks arising from any work being done, and ensuring WHS and legal compliance.

The challenge for boards is to demonstrate proactive oversight of their organisation’s culture and the risks associated with that culture. As the Royal Commission is highlighting, rather than merely thinking about ‘corporate culture’, which can mean different things to different people, what boards should be focusing on is ‘people risk’, which specifically refers to the hidden attitudes and behaviours of employees and managers that can be found at the heart of all corporate scandals. A high people risk exposure can result in significant financial and reputational damage to an organisation.8 Indeed, we contend that effectively managing people risk, not undertaking staff engagement surveys, is the key for directors to demonstrate that they have oversight of their organisation’s culture.

Identifying an organisation’s ‘people risk’ requires advanced analytic techniques to unearth risky behavioural patterns that are hidden from the eyes of management and the board. Understanding your ‘people risk’ can expose the ‘shadow culture’9 of informal social rules and system-gaming by digging into the day-to-day attitudes of employees to identify clusters of high risk factors that could exist in any part of the organisation. Oversight of your ‘people risk’ requires specialised risk reports for boards and management, along with targeted remedial strategies to address areas of concern. The result is a more robust governance system that not only provides oversight for financial, regulatory and strategic risks, but also monitors the less visible risks within an organisation’s people and social systems that cannot be found in regular culture or employee engagement surveys.

This is the first of a corporate culture series produced by the experienced lawyers and governance professionals of HopgoodGanim and Effective Governance, that will provide directors and executives with practical legal and governance solutions to address the upcoming fiduciary duty of ‘cultural care’.