The central task of the Hayne royal commission was to inquire into and report on whether any conduct by financial services entities might have amounted to misconduct and whether this fell below community standards and expectations.
The establishment of the commission followed revelations in the media of a culture of greed within several Australian financial institutions.
The banking royal commission final report highlighted that “failings of organisational culture, governance arrangements and remunerations systems lie at the heart of much of the misconduct examined in the commission”.
According to Royal Commissioner Kenneth Hayne AC QC, improvements in each of these areas should reduce the risk of misconduct in future and additionally, improvements in one area will reinforce improvements in others.
He emphasised that “the primary responsibility for financial services misconduct lies with the entities concerned and with those who manage and control them: their boards and senior management”.
The nearly 1000-page banking royal commission final report, with 76 recommendations and 24 referrals for further action, calls out the boards and senior management of the financial services industry directly. More than 10,300 submissions were received by the inquiry, two-thirds about the banking sector.
Hayne also had strong words for regulators. “The community expects that financial services entities that break the law will be held to account,” Hayne wrote. The work of the commission has shown that not only has the law “not been obeyed”, it has also “not been enforced effectively”.
The final report emphasises many of the key principles of good governance, especially: the importance of board challenge of management and having the right flow of information to the board in order for directors to discharge their duties.
While not allowing entities to shirk the responsibility to drive change, Hayne emphasised that regulators have an important role to play in supervising culture, governance and remuneration. Supervision of non-financial risks is key to this.
The final report also emphasised many key principles of good governance, especially: the importance of board challenge of management; and having the right flow of information to the board in order for directors to discharge their duties.
When it came to the regulators, Hayne went further – recommending a new oversight body which would conduct regular independent reviews of performance. While stopping (just) short of recommending non-executive directors for APRA and ASIC, Hayne highlighted the value which such individuals could bring to a regulator’s board.
Governance of executive remuneration
While avoiding more radical proposals on remuneration – such as banning variable remuneration which had been floated in the interim report - Hayne did make a number of recommendations including calling on APRA to have greater oversight and the need for entities to place higher regard on non-financial metrics.
The royal commission and its aftermath have forced a rethink on remuneration and whether current structures remain fit for purpose. Commissioner Hayne observed that in almost every case, the conduct at issue was driven in part by individuals’ pursuit of gain, whether in the form of remuneration for the individual or profit for the business. The link between misconduct and remuneration has broad implications and is relevant well beyond financial services.
Implications for directors
Overall, the report acknowledges that Australia’s corporate governance model, including the separation of board and management, is sound.
That said, Hayne emphasised that primary responsibility for misconduct in the financial services industry lay with the entities concerned and with those who manage and control them: their boards and senior management.
Accordingly, Hayne recommended that all financial services entities should, as often as reasonably possible, take proper steps to assess the entity’s culture and its governance; identify any problems with that culture and governance; deal with those problems; and determine whether the changes it has made have been effective. While this recommendation is naturally confined to financial services entities, it would be timely for directors of all companies – not just those in financial services – to consider how and where governance frameworks can be strengthened.
Boards will need to consider how best to assess culture and governance, including the most appropriate metrics (which would ideally not be confined to lag indicators), stakeholders with whom to engage, and any independent, external support that may be required.
The report reinforces fundamental tenets of governance by making it clear that boards and their “gatekeeper committees” must:
sufficiently challenge management;
do all they can to satisfy themselves that they are receiving the right information and inputs from management to make complex decisions;
monitor, measure and assess corporate culture and governance; and
provide rigorous oversight of risk, including non-financial risks.
Hayne also makes a number of comments on the nature and extent of directors’ duties. In relation to the requirement that directors exercise their powers and discharge their duties in good faith in the best interests of the corporation, and for a proper purpose, he emphasises that it is the corporation that is the focus of their duties - and that that demands consideration of more than the financial returns that will be available to shareholders in any particular period. While financial returns to shareholders will always be an important consideration, it is not the only matter to be considered.
He also emphasises that pursuit of the best interests of a financial services entity is a more complicated task than choosing between the interests of shareholders and the interests of customers.
Hayne also made a number of recommendations in relation to remuneration including, that all financial services entities should review at least annually the design and implementation of their remuneration review systems for frontline staff to ensure that the design and implementation of those systems focus on not only on what staff do, but also how they do it.
Boards will need to consider their role in this review and whether they have an appropriate level of oversight over best remuneration practices – and the behaviours they drive - throughout their organisation.
Our view on key governance recommendations
The AICD supports Hayne’s recommendations on “changing culture and governance” in the final report, including in relation to the need for regular assessments of culture and governance and the focus on culture as part of APRA’s prudential supervisory program.
Overall, the report does not contain any recommendations that fundamentally disrupt Australia’s corporate governance model – indeed, the commissioner’s comments in the report emphasise the importance of the separation of the board and management. Instead, it highlights where practice can and should be strengthened. In particular, the AICD endorses the focus on challenge of management, reporting and information flows and prudent risk management.
The AICD also strongly endorses the recommendation that breaches of superannuation trustee and trustee directors’ duties be subject to a penalty regime.
In terms of the regulators, the AICD supports recommendations that:
the roles of ASIC and APRA in relation to superannuation be clarified (including that ASIC be the conduct regulator);
APRA and ASIC be subject to at least quadrennial capability reviews; and
a new oversight authority for APRA and ASIC be established to assess the effectives of each regulator in discharging its functions and meeting its statutory objects.
We also endorse Hayne’s observations regarding the value which NEDs would bring to both ASIC and APRA boards, and have long called for such enhanced oversight.
The AICD supports strong and proactive enforcement by ASIC, but remains cautious about ASIC asking, as its starting point, the question of whether a court should determine the consequences of contravention. While the balance between litigious and negotiated outcomes have been too far weighted to the latter over recent years, that does not mean that regulator tools such as enforceable undertakings are of no value. Overall, regulators need to carefully consider their approach to enforcement, balancing what may be appropriate in an individual case with the need to avoid adverse system consequences.
We also support the extension of the Banking Executive Accountability Regime (BEAR) to APRA-regulated financial services institutions, and are engaging carefully on the implementation of this and other related recommendations (including in relation to co-administration by ASIC and APRA).
Role of the board: CBA and NAB case studies
In the report, Hayne made several important observations regarding governance and the role of the board. In particular, drawing on the CBA (regarding AML/CTF) and NAB (regarding adviser service fees) case-studies, Hayne highlighted the importance of:
1) board challenge of management; and
2) information flow to the board, as being essential to good governance.
He said “boards cannot operate properly without having the right information. And boards do not operate effectively if they do not challenge management”.
He also noted that “the evidence before the commission showed that too often, boards did not get the right information about emerging non-financial risks; did not do enough to seek further or better information where what they had was clearly deficient; and did not do enough with the information they had to oversee and challenge management’s approach to these risks”.
Further, in Hayne’s view, the evidence showed that entities too often put the pursuit of profit above all else, including interests of customers and compliance with the law.
He also highlighted that it was often unclear who within a financial services entity was accountable for what – “without clear lines of accountability, consequences were not applied, and outstanding issues were left unresolved”.
Following an examination of the CBA and NAB case-studies, Hayne observed that:
Often, improving the quality of information given to boards will require giving directors less material and more information;
Boards and management must keep considering how to present information about the right issues, in the right way;
Boards cannot, and must not, involve themselves in the day-to-day management of the corporation. Nothing in this report should be taken to suggest that they should; and
The task of the board is overall superintendence of the company, not its day-to-day management. But an integral part of that task is being able and willing to challenge management on key issues, and doing that whenever necessary.
It is plainly not the role of the board to review every piece of correspondence that goes out the door. But it is the role of the board to be aware of significant matters arising within the business, and to set the strategic direction in relation to those matters. When management is acting in a way that is delaying the remediation of customers, and damaging the bank’s relationship with regulators, it is appropriate for the board to intervene and say: ‘Enough is enough. Fix this, and fix it now.’
Culture, governance and remuneration
Hayne engaged in detailed discussion of culture, governance and remuneration in his final report, highlighting the importance of these factors in the misconduct examined at the inquiry.
The commissioner’s key recommendations in relation to remuneration were as follows:
Supervision of remuneration – principles, standards and guidance: In conducting prudential supervision of remuneration systems, and revising its prudential standards and guidance about remuneration, APRA should give effect to the principles, standards and guidance set out in the Financial Stability Board’s publications concerning sound compensation principles and practices. Recommendations 5.2 and 5.3 explain and amplify aspects of this Recommendation (Recommendation 5.1).
Supervision of remuneration – aims: In conducting prudential supervision of the design and implementation of remuneration systems, and revising its prudential standards and guidance about remuneration, APRA should have, as one of its aims, the sound management by APRA-regulated institutions of not only financial risk but also misconduct, compliance and other non-financial risks (Recommendation 5.2).
Revised prudential standards and guidance: In revising its prudential standards and guidance about the design and implementation of remuneration systems, APRA should (Recommendation 5.3):
- require APRA-regulated institutions to design their remuneration systems to encourage sound management of non-financial risks, and to reduce the risk of misconduct;
- require the board of an APRA-regulated institution (whether through its remuneration committee or otherwise) to make regular assessments of the effectiveness of the remuneration system in encouraging sound management of non-financial risks, and reducing the risk of misconduct;
- set limits on the use of financial metrics in connection with long-term variable remuneration;
- require APRA-regulated institutions to provide for the entity, in appropriate circumstances, to claw back remuneration that has vested; and
- encourage APRA-regulated institutions to improve the quality of information being provided to boards and their committees about risk management performance and remuneration decisions.
Remuneration of frontline staff – all financial services entities should review at least once each year the design and implementation of their remuneration systems for front line staff to ensure that the design and implementation of those systems focus on not only what staff do, but also how they do it (Recommendation 5.4).
While discussing the “two strikes” rule, including testimony from bank chairs, Hayne declined to make a recommendation, noting that any question about modifying the law was beyond the Commission’s Terms of Reference.
Hayne also made two key recommendations in relation to culture and governance accountability, namely:
Supervision of culture and governance: in conducting its prudential supervision of APRA-regulated institutions and in revising its prudential standards and guidance, APRA should (Recommendation 5.7):
- build a supervisory program focused on building culture that will mitigate the risk of misconduct;
- use a risk-based approach to its reviews;
- assess the cultural drivers of misconduct in entities; and
- encourage entities to give proper attention to sound management of conduct risk and improving entity governance.
Hayne also made some salient observations regarding the best interests’ directors’ duty (section 181(1), Corporations Act), including:
That directors’ duties are owed to the corporation, and that “demands consideration of more than the financial returns that will be available to shareholders in any particular period”;
“The longer the period of reference, the more likely it is that the interests of shareholders, customers, employees and all associated with any corporation will be seen as converging on the corporation’s continued long-term financial advantage. And long-term financial advantage will more likely follow if the entity conducts its business according to proper standards, treats its employees well and seeks to provide financial results to shareholders that, in the long run, are better than other investments of broadly similar risk”;
“In the longer term, the interests of all stakeholders associated with the entity converge…pursuit of the best interests of a financial services entity is a more complicated task than choosing between the interests of shareholders and the interests of customers”.
The key superannuation recommendations from a governance perspective are as follows:
Civil penalties for breach of covenants and like obligations: breach of the trustee covenants set out in section 52 or obligations set out in section 29VN, or the director’s covenants set out in section 52A or obligations set out in section 29VO of the SIS Act should be enforceable by action for civil penalty (Recommendation 3.7);
Adjustment of APRA and ASIC’s roles: The roles of APRA and ASIC with respect to superannuation should be adjusted, as referred to in Recommendation 6.3 (see below) (Recommendation 3.8)
Accountability regime: Over time, provisions modelled on the Banking Executive Accountability Regime (BEAR) should be extended to all RSE licensees, as referred to in Recommendation 6.8 (i.e. to all APRA-regulated financial services institutions, under an ASIC-APRA joint administration arrangement) (Recommendation 3.9).
See also Recommendations 6.3 to 6.5 below under “Regulators and regulation”.
Further, Hayne emphasised a number of important points regarding superannuation boards:
The central issue is the need for the for board of a trustee to be skilled and efficient in the proper supervision of the fund in the best interests of members”;
As superannuation funds become larger and more complicated, the greater the need for a skilled and efficient board of directors;
Matters of board composition are not best dealt with by prescriptive rules regarding board numbers or composition, instead such rules would distract from the basic requirement of “ensuring that the board, is as far as possible, constituted, at all times, by directors, who, together, will form a skilled and efficient board”; and
Emphasised the importance of board change and renewal without recommending prescriptive rules, nor a system of board appointments similar to that applicable to listed companies; and
It is a matter for APRA to supervise such governance matters.
Regulator action, BEAR extension, simplification of the law
Although advocating for a retention of the “twin peaks” model of financial regulation (Recommendation 6.1), Hayne did push for significant changes to the way in which both ASIC and APRA operate (see also Part 7 below).
ASIC’s approach to enforcement: ASIC should adopt an approach to enforcement that (Recommendation 6.2):
- takes, as its starting point, the question of whether a court should determine the consequences of a contravention;
- recognises that infringement notices should principally be used in respect of administrative failings by entities, will rarely be appropriate for provisions that require an evaluative judgment and, beyond purely administrative failings, will rarely be an appropriate enforcement tool where the infringing party is a large corporation;
- recognises the relevance and importance of general and specific deterrence in deciding whether to accept an enforceable undertaking, and the utility in obtaining admissions in enforceable undertakings; and
- separates, as much as possible, enforcement staff from non-enforcement related contact with regulated entities.
General principles for co-regulation in superannuation: The roles of APRA and ASIC should be adjusted to accord with the general principles that (Recommendation 6.3).
APRA, as the prudential regulator for superannuation, is responsible for establishing and enforcing Prudential Standards and practices designed to ensure that, under all reasonable circumstances, financial promises made by superannuation entities APRA supervises are met within a stable, efficient and competitive financial system; and
As the conduct and disclosure regulator, ASIC’s role in superannuation primarily concerns the relationship between RSE licensees and individual consumers (effect should be given to these principles by taking the steps described in Recommendations 6.4 and 6.5, see below).
ASIC as conduct regulator: Without limiting any powers APRA currently has under the SIS Act, ASIC should be given the power to enforce all provisions in the SIS Act that are, or will become, civil penalty provisions or otherwise give rise to a cause of action against an RSE licensee or director for conduct that may harm a consumer. There should be co-regulation by APRA and ASIC of these provisions (Recommendation 6.4).
APRA to retain functions: APRA should retain its current functions, including responsibility for the licensing and supervision of RSE licensees and the powers and functions that come with it, including any power to issue directions that APRA presently has or is to be given (Recommendation 6.5).
There was also three significant recommendations regarding modification and extension of the Banking Executive Accountability Regime (BEAR):
ASIC and APRA should jointly administer the BEAR: ASIC should be charged with overseeing those parts of Divisions 1, 2 and 3 of Part IIAA of the Banking Act that concern consumer protection and market conduct matters. APRA should be charged with overseeing the prudential aspects of Part IIAA (Recommendation 6.6).
Statutory amendments: The obligations in sections 37C and 37CA of the Banking Act should be amended to make clear that an ADI and accountable person must deal with APRA and ASIC (as the case may be) in an open, constructive and co-operative way. Practical amendments should be made to provisions such as section 37K and section 37G(1) so as to facilitate joint administration (Recommendation 6.7).
Extending the BEAR: Over time, provisions modelled on the BEAR should be extended to all APRA-regulated financial services institutions. APRA and ASIC should jointly administer those new provisions (Recommendation 6.8). (Hayne recommends that the changes to BEAR should not be made at once, rather they should be made sequentially [with the large RSE licensees to follow the banks into the BEAR regime, followed by other RSE licensees, the largest insurers, and finally, the balance of insurers]).
In addition to recommending that the recommendations of the ASIC Enforcement Review Taskforce that relate to self-reporting of contraventions by financial services and credit licensees should be implemented (Recommendation 7.2), Hayne also recommended “simplification so that the law’s intent is met”, via:
Exception and qualifications to the law: As far as possible, exceptions and qualifications to generally applicable norms of conduct in legislation governing financial services entities should be eliminated (Recommendation 7.3); and
Fundamental norms: As far as possible, legislation governing financial services entities should identify expressly what fundamental norms of behaviour are being pursued when particular and detailed rules are made about a particular subject matter (Recommendation 7.4).
Governance and oversight of regulators (ASIC, APRA)
While making two recommendations that seek to ensure greater co-operation between ASIC and APRA, including (surprisingly) creating an explicit statutory obligation of cooperation (see Recommendations, 6.9 and 6.10), it is in the area of regulator governance and accountability that Hayne suggests more fundamental reform:
Application of the BEAR to regulators: in a manner agreed with the external oversight body (the establishment of which is the subject of Recommendation 6.14 below) each of APRA and ASIC should internally formulate and apply to its own management accountability principles of the kind established by the BEAR (Recommendation 6.12);
Regulator capability reviews: APRA and ASIC should each be subject to at least quadrennial capability reviews (instructed by the new oversight authority, see below). A capability review should be undertaken for APRA as soon as is reasonably practicable (Recommendation 6.13);
A new oversight authority: a new oversight authority for APRA and ASIC, independent of Government, should be established by legislation to assess the effectiveness of each regulator in discharging its functions and meeting its statutory objects. The authority should be comprised of three part-time members and staffed by a permanent secretariat. It should be required to report to the Minister in respect of each regulator at least biennially (Recommendation 6.14) and
Formalising ASIC meeting procedure: The ASIC Act should be amended to include provisions substantially similar to those set out in sections 27–32 of the APRA Act – dealing with the times and places of Commissioner meetings, the quorum required, who is to preside, how voting is to occur and the passing of resolutions without meetings (Recommendation 6.11).
Interestingly, Hayne came close to recommending that both ASIC and APRA be given boards which include NEDs, but did not do see in the end. He observed that:
There was “no obvious reason” why ASIC would not benefit in the same ways that listed entities do from the inclusion of NEDs on their boards, noting benefits such as improving the scope and quality of internal oversight;
While acknowledging that other foreign regulators also had NEDs on their boards, due to the “radical changes” which ASIC already has to undertake, Hayne did not recommend such a change. Instead he said that “I think the choice of those who are to perform the external review is more urgent and important than appointing non-executive members to ASIC”;
“While I think that APRA could benefit from the appointment of one or two non-executive directors, I do not recommend making that change. It may be, I do not say it should be, a matter to be revisited as part of the capability review that I recommend below”.
Conclusions and commentary on institutions and individuals
The commissioner addressed each of the case studies examined by the commission and noted that the instances of potential misconduct (including, by way of example, the conduct of various entities in connection with the payment of fees for no service, and the conduct of various corporate trustees including Colonial First State, IOOF and AMP in connection with the MySuper transition) have been reported to ASIC and/or APRA as relevant, and that it is a matter for the regulators to determine further action to be taken.
While Hayne refrained from referring specific individuals for further action, it is of course open to the regulators to take action against individuals as their investigations progress.