Many directors are familiar with their statutory duty to act in the best interest of their company. This broad sweeping obligation recently came under review in the Final Report of the Financial Services Royal Commission. Commissioner Hayne was critical of financial institutions adopting too narrow an approach to satisfying this duty by limiting their focus to company share prices and profit margins alone. The Commissioner put forward a number of recommendations to ensure that all directors remain compliant with their duty.

The Commissioner noted that many directors will focus solely on the financial results of the company for an accounting period to determine if they are acting the company’s best interests. Whilst this may be one metric in measuring success, the Commissioner concluded that it was wrong to focus solely on it. Of course, whilst advancing the interests of shareholders is intrinsic in a director’s role, the Commissioner reminded directors that this ought not come at the expense of protecting the interests of customers of the company and maintaining regulatory compliance.

In fact, the final report states that in the long term, the interests of shareholders, customers, employees and other stakeholders actually converge. Critically, regulatory compliance, adherence to proper standards, and ethical treatment of employees is critical to the sustainability of the company and, by extension, its ongoing financial success. The Commissioner ultimately provided the two key recommendations to directors to ensure that they are satisfying their duty to act in the best interests of the company.

1. Uphold proper governance

A consistent theme throughout the Final Report was the inadequate oversight of company boards over the actions of management. In acting in the best interest of the company, the board of directors must take positive steps to inform itself of the practices of the company so that it can intervene if necessary. Directors would be relieved to hear that this is not an issue of increasing the quantity of the information they have to consider, as the Commissioner clarified that excessive information may overload the board. Rather, it is about the quality of the information they receive so they can effectively and accurately evaluate business matters.

Furthermore, the Final Report stated that it is a crucial function of the board to challenge the management of the company and hold them accountable for their actions, particularly if management is breaching the law or failing to meet company standards. As an example, the Commissioner referred to a case study from the Commonwealth Bank, which can provide a lesson to directors both in the financial industry and beyond.

Between 2013 and 2016, the CBA’s internal audit team assessed the company’s legal compliance unfavourably on three occasions, producing audit reports with the most severe negative rating. Despite this, the Board of Director’s Audit Committee did not request these findings, and instead relied on management’s reassurances that they were addressing the compliance issues. This was despite there being no improvement in the company’s rating over the three years.

The Commissioner was critical of the board’s failure to question and subsequently intervene in management’s strategy and to make itself aware of the significant events occurring. The Commissioner noted that such failures amount to a failure on the directors to discharge their duty to act in the best interest of the company.

As a breach of this statutory duty can attract significant penalties for directors, this is a timely reminder that directors must actively seek out information to sufficiently inform themselves of management’s decisions, and challenge them if necessary.

2. Adopt appropriate risk management strategies

Acting in the best interests of the company also means appropriately managing company risks. The Final Report condemned a number of companies for limiting their risk management strategies to financial risks only, failing to consider non-financial risks such as compliance risk, conduct risk, regulatory risk and operational risk.

As a director, in order to ensure that you are not in breach of your obligations, you should ensure that you have a sound risk management strategy that:

  • establishes a clear structure that reveals who is accountable for identifying, resolving and monitoring risks;
  • incorporates a pre-determined response plan to allow for fast management and resolution of risks as they emerge;
  • include staff training so that employees are aware of the firm’s risk-appetite and the consequences for exceeding that threshold; and
  • depending on company resources, establish a non-financial risk committee or appoint an individual with appropriate expertise in non-financial risk to the company’s risk committee to regularly report on risk management performance to the board.

What does this all mean for directors?

Ultimately, the board of directors is supposed to serve as an internal regulator of a company: challenging and holding management accountable for their decisions and ensuring sufficient risk management. While proper governance and risk management may not be directly reflected in a company’s daily share price, they are critical to the ongoing, sustained success of a business.

The Final Report has made it clear that to properly act in the best interests of the company, the long-term viability of the corporation and obligations to customers must take precedence over short term financial gains. Directors need to be proactive, constructively probing management to justify their decisions, incorporating systems for mitigating risks, and ensuring effective regulatory compliance. That is, the best way to avoid external prosecution is through internal regulation.