ASIC’s Corporate Governance Taskforce’s recently released its report into “Director and officer oversight of non-financial risk” (Report). While the specific findings in the Report are hardly ground-breaking, the Report will do little to appease the concerns of those who believe that regulatory over-reach, coupled with the expansion of litigation funding opportunities and the growth in class action litigation, has tilted the risk-reward equation for non-executive directors firmly to the “risk” side.
The Report focused on the non-financial risk management practices of seven financial services companies (including all the “Big 4” banks), who were selected on the basis of what ASIC referred to as an expectation of more “mature procedures and the highest standards of governance and accountability”.
Needless to say, this backhand complement is unlikely to have been particularly soothing for the participants who collectively supplied 29,000 documents, participated in workshops with an “expert in investment stewardship” and, most controversially, “invited” an ASIC-appointed behavioural psychologist to be present during board deliberations (one can only speculate – a bit like Schrödinger's cat – on the effect of such observation on the conduct observed).
Nothing in ASIC’s report fundamentally challenges either the primary of the Board as the “directing mind and will” of a company, nor the distinction to be drawn between the oversight role of the Board and the operational role of management. To this extent, the core legal constructs underpinning the modern governance framework remain intact.
And in most respects, ASIC’s suggestions in the area of non-financial risk management are entirely sensible and reasonable. They can be distilled into three core principles, which most high-functioning Boards would heartily endorse:
- the Board is primarily responsible for setting the risk appetite for the organisation;
- the Board should ensure that management is supplying timely and accurate information to enable the Board to properly consider whether the company is operating within or outside that appetite; and
- the Board needs to (promptly and pro-actively) hold management to account where the company is acting outside the Board-endorsed risk appetite.
Where we non-executive directors may chafe, however, is the extent to which ASIC is pressing them to be closely engaged with assessment of the minutiae of risk appetite statements. This will be grist to the mill to those who believe the distinction between the executive and non-executive functions in the modern corporation is beginning to break down.
Non-executive directors serving on risk committees may also be concerned with ASIC’s comments on the time they should dedicate to their role. It is arguable that the Report, in focussing on the sitting frequency and duration of risk committees, has not taken into account the considerable time and effort risk committee members routinely apply to their roles between meetings.
In other areas, non-executive directors will (or at least should) find comfort and potentially an opportunity to push back against the volume and complexity of materials delivered by management. As ASIC dryly observed, some board packs were so lengthy and dense it wasn’t clear whether the objective was actually to inform directors or “absolve reporters from exercising judgment as to what information should be omitted”.
Of course, there is a natural tension between ASIC’s drive to encourage more robust decision making in boardrooms with its concern that non-financial risks are offered “buried” in dense board packs. Whether ASIC’s “deep dive” into boardroom conduct brings practice close to the optimal outcome remains to be seen. In the meantime, the Report (which at 55 pages is a mere fraction of the average size of board packs reviewed by ASIC), is mandatory reading for non-executive directors of all listed companies.