We need to talk about the Royal Commission

The banking Royal Commission shines a light on practices that cut deep to the roles of boards, governance and management. Here, we reflect on the repercussions.

The issues identified through the Royal Commission and the Australian Prudential Regulation Authority inquiry into the Commonwealth Bank of Australia go to the heart of governance.

The role of the board, its oversight of management and risk, accountability, culture and incentives, plus the quality of decision-making by management and directors when under pressure are now under intense public scrutiny.

The story so far

In 2013, the Commonwealth Bank of Australia’s audit committee was sitting over a “red” audit report, a colour that flags an issue with potentially the highest impact or risk to the business. It raised repeated issues with the bank’s compliance with anti-money laundering and counter-terrorism financing regulations. In 2015, a second report noted the issue had not progressed due to a lack of ownership of group processes. By September 2016, a third red report was unambiguous about the failures to close issues in a timely manner.

Accountability was one of the Commonwealth Bank of Australia’s publicly stated core values. But to the independent panel inquiring into the CBA for the Australian Prudential Regulatory Authority, while the audit committee had been diligent, it had “exhibited a lack of rigour and urgency in holding management to account”.

The committee’s “light hand on the tiller” was indicative of a mind-set of “chronic ease” that had permeated CBA until recently, the inquiry panel said. “The committee did not send a broader signal that directors were aware, prepared and engaged on emerging non-financial risk matters, and confident to challenge management directly.”

A response from 10,000 Commonwealth Bank employees surveyed by APRA spoke of the tone inside as well as at the top. “The risk culture is generally good... but it comes under pressure at times when short-term ROE (return on equity) targets are at conflict with long-term risk management.”

Meanwhile, at the National Australia Bank, its “Introducer” program using third-party referrals began receiving whistleblowing complaints in late 2015. The Royal Commission was told NAB had begun investigating approximately 60 bankers who had enlisted members of the public to help sell mortgage loans to unqualified candidates. Anthony Waldron, NAB’s executive general manager broker partnerships, submitted that NAB had found “inappropriate conduct by bankers and Introducers”. While successive working groups, forensic analyses and meetings with the Australian Securities and Investments Commission (ASIC) were undertaken and 20 staff dismissed, the counsel assisting the Royal Commission submitted that the bank did not report the breach to ASIC until February 2016. The ring operated from 2013–2016, writing $139.8 million in loans.

By the time the public learned, in late April, that the financial planners at the 169-year-old AMP had charged for advice never received, and kept charging fees for customers who had died between 2009 and 2016, community anger was incandescent. Counsel assisting alleged AMP’s advice division misled ASIC 20 times, that it had misrepresented a report as independent. Counsel assisting suggested it would be open to the Commissioner to find that some conduct could be deemed criminal. The AMP has strongly refuted these claims in its submission in response. After public and investor outrage, CEO Craig Meller resigned, followed by the chair, Catherine Brenner FAICD and its general counsel (see AMP breakout p20). Ahead of its May AGM, three directors went.

Leading directors reflect

The Royal Commission hearings have exposed case study after case study of misconduct across the banking and financial sector.

Kathryn Fagg FAICD, non-executive director, former banker and, until recently, a member of the Reserve Bank board, like many has been shaken. “Some of the stories make you want to go in a corner and weep and some of the most vulnerable people have been affected,” she says.

While there is still much more to emerge from the Royal Commission hearings, findings and recommendations, it clearly shows there are systemic issues at play.

Malcolm Broomhead FAICD, chair of Orica and a non-executive director of BHP Billiton says, “There is a big job to be done and we don’t want to go through a cycle of government over-regulation and weak economic performance. We’ve been there in the past. We need to somehow rebuild that trust and significant radical restructuring of boards and companies, particularly in relation to remuneration structures, is central to that process.”

It also raises a significant challenge for directors whose roles are traditionally framed as “noses in, fingers out”. Kevin McCann AM FAICDLife, former chair of Macquarie Group and Macquarie Bank says, “Directors face a challenge because the standards being required of financial institutions by regulators, academics and the community are very different from what the law has expected in the past. Once, directors assumed if they set up a framework of controls for compliance, risk and management assurance and they were implemented, that would be sufficient to discharge their duties. Now it seems they are liable for the misdemeanours of middle-level executives.”

A breach of trust

“Regaining community trust will require time, hard work and an undistracted risk and customer focus,” said John Laker AO, Jillian Broadbent AO and Graeme Samuel AC — the APRA independent panel into the CBA. Following the report, Commonwealth Bank chair Catherine Livingstone AO FAICD and CEO Matt Comyn agreed to implement all 35 APRA recommendations.

“Failings in the provision of financial advice, dubious lending practices, mis-selling of financial products, shortcomings in the setting of benchmark interest rates and compliance breaches have undermined community trust, drip by corrosive drip,” the report said. “Trust is the currency of banks, and improper conduct that undermines confidence or causes harm to customers devalues that currency.”

Community trust, which was already low, has been further eroded by the revelations of the APRA report and the Royal Commission, according to Broomhead. While cautioning against pivoting to over-regulation, he urges the business community to take stock. Distrust has been brewing following the Global Financial Crisis and “we as business people have been very poor in regaining that trust. So whenever you can get an example of behaviour which is less than ideal, it reinforces and plays into that distrust: you get the sort of visceral reaction that we’re seeing,” says Broomhead.

A moment for change

Ann Sherry AO FAICD, chair of Carnival Australia and non-executive director of NAB, is blunt. “This is the #MeToo moment for Australia’s financial sector. While it is a very uncomfortable process giving people voice, it’s no different to #MeToo, it’s just being done in a different way.

“Once all issues have been aired, each organisation and the sector need to look at the causal effects,” says Sherry. “Then we need to really unpick the cultural issues that have got us to this point, where people who in their day-to-day lives would see themselves [as] abiding by a set of moral principles, when at work somehow let those principles slide.”

Boards must delve deeply into how these practices came about and make sure there are clear lines of accountability established. “Where are the levels of accountability?” she asks. That’s another challenge for big, complex organisations. “If there’s diffused shared accountability, it’s much harder to hold people responsible when things go wrong.”

The Banking Executive Accountability Regime (BEAR) legislation, which comes into force from July, requires banks to provide accountability maps and statements to APRA, detailing the roles and responsibilities of accountable persons.

This practice, even if not mandated more widely, would be beneficial for all organisations, APRA chair Wayne Byres told a recent AICD forum. “Even if it’s not a legislative requirement, getting people to think about who’s accountable for what — and document it and show us, even if it’s not a statutory requirement — that’s not a bad thing.”

The way things are done around here

While an extensive network of formal rules and procedures helps organisations monitor and manage their risks, it is how these rules are interpreted and practised — “the way things are done around here” — that shapes their culture. Organisational culture, in turn, will affect the ability or inability to identify, understand, openly discuss, escalate and act on behaviour that is unacceptable.

“In understanding the culture of an organisation, it is relevant to know whether it positively shows its employees how commonly accepted moral standards apply and are to be given effect in commonly encountered circumstances,” said Commissioner Kenneth Hayne AC, when questioning a NAB executive on instances of the bank’s financial advisors falsely witnessing client forms.

In its chapter on culture and leadership, APRA outlined the mindsets and behaviours that help drive cultural outcomes. It identified nine cultural themes in the CBA that inhibited sound risk management. The lessons about culture from the report are not necessarily simple. The panel criticised the collegiate environment of the bank, which ordinarily most organisations would see as an asset.

When Ian Narev became CEO, he had looked to reform a culture that had been competitive and combative, but overcompensated in the other direction, according to the panel. Collegiality resulted in over-confidence. He placed a high priority on vertical empowerment of his executive team. “When combined with an atmosphere of collegiality and high levels of trust in peers, it resulted in a lack of healthy constructive challenge within the executive committee.”

APRA noted lessons from other industries, such as oil and gas and aviation, in which a culture of safety is paramount. These industries have undergone a common evolutionary path, typically over more than a decade. They first evolve their risk cultures from “goal zero”, demonstrating safety is taken seriously. The second stage is “chronic unease”, embedding “a continual concern for safety into the DNA of the organisation”. Finally, a “moral dimension” in their cultures, “addressing all aspects of risk, from physical safety to... wellbeing and health”.

The financial sector globally lagged behind in this practice. CBA was no exception. The CBA culture was one of “chronic ease”, according to the panel, which called out the audit committee for not sending a “signal that directors were aware, prepared and engaged on emerging non-financial risk matters”.

Kathryn Fagg FAICD has worked in the steel and logistics sectors. “Those associated with industrial companies over the past 20 years are more used to dealing with the social licence to operate,” she says, “and it comes through in a serious way in safety — you can never step away from it. Community expectations have changed and organisations haven’t recognised this.”

Changing incentives

Understanding the flaws in remuneration and reward structures within companies should be a first line of defence for boards trying to come to grips with corporate cultures and the risks therein, says Amanda Wilson, former CEO of governance advisor Regnan, and a former bank remuneration and performance specialist. Too many organisations have a disconnect between the behaviour they say they want and what they actually encourage through their incentive structures.

Peter Collins, director of the Centre for Ethical Leadership, says this has established a moral trap for many employees.

“For instance, businesses continually set up incentive schemes and talk of being committed to the best interest of their customers, yet incentivise their employees to sell,” says Collins. “It’s an ethical trap… as it is almost impossible for rational employees not to sell.”

Similarly, Broomhead believes short-term incentive structures have distorted behaviour. “Incentive payments... have been fairly dangerous things because they do alter behaviours quite significantly,” he says.

The APRA panel criticised CBA for lax remuneration practices that “led to almost inevitable attitudinal weakness”. Prior to 2016–17, it was extremely rare for executives to have their remuneration reduced on risk grounds. The reputational damage from the CommInsure scandal resulted in only a modest adjustment to the CEO’s salary. Similarly, the board remuneration committee had initially only suggested modest adjustments for executives following AUSTRAC’s revelations that CBA had breached the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

APRA has urged the industry to address executive remuneration weaknesses “rather than waiting to be told what to do”.

Wilson wants leaders to display more empathy. “It would be refreshing if directors were able to place themselves in the shoes of employees, or even contractors. Consider what impact it would have on their behaviour if they were 32 [years old], supporting a family on $60,000 a year, with another $30,000 or so dangled in front of them if they sold a number of potentially questionable products?”

The regulators

The public exposure of issues has also raised questions about the role of Australia’s corporate regulators. The Royal Commission questioned ASIC over its approach to enforcement and its practice of negotiating enforceable undertakings instead of pursuing criminal penalties.

ASIC conceded it was more likely to negotiate rather than pursue other avenues given its limited resources, competing priorities and the limitations of existing laws. In addition, the Royal Commission heard that the time frame for taking action against financial advisors can be up to two years, which ASIC conceded was unsatisfactory.

Conversely, financial institutions will need to be more forthcoming with regulators to meet community expectations that they are upfront when there are lapses in their culture and governance.

Penalties also have to be more of a deterrent. Professor Pamela Hanrahan, a member of the Expert Group assisting ASIC’s Enforcement Review Taskforce, which reported to the federal government in December 2017, says there is a clear case for increasing the severity of penalties in this space. Australian penalties are lower than in other comparable jurisdictions and are now out of step with the competition and consumer law. The government has accepted the recommendations and will be increasing penalties in legislation later this year — a move the AICD strongly supports.

“Increasing the headline numbers will send a clear message to companies, regulators and courts that this conduct should attract meaningful penalties, both as a deterrent to future wrongdoing, but also as ‘just deserts’ for unlawful conduct,” says Hanrahan.

Increasing the size and severity of the penalties on its own is not sufficient to increase deterrence. However, the research shows that deterrence depends much more on people’s assessment of how likely they will be caught and punished.

“That requires an effective regulator that is willing and able to use the new sanctions,” says Hanrahan. “This has led to a perception that ASIC’s enforcement strategy, particularly in consumer protection in the financial sector, is not robust enough.”

This has to be a turning point for boards. Community expectations have changed and the traditional oversight role of the board may no longer be considered sufficient. With the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry having many months to play out, all directors must watch closely — and heed its lessons.

Questions to ask at your next board meeting

The APRA report has identified a series of markers organisations should look for and identified five levers of change. These range from rigorous board and executive committee governance of non-financial risks to embedding a “should we?” question in relation to decisions on customers and cultural change that moves the dial.

The AICD recommends directors reflect on three areas.

Risk governance

• Are you regularly updating agendas to capture risk issues?
• Do you rely on management summaries on risk issues?
• Do you regularly review customer complaints, not just satisfaction?
• Does your board actively discuss these and seek to identify systemic issues?
• Are committee mandates clear?
• Do incentive structures incentivise unethical decision making in your organisation?
• How do you manage bad news?
• Are you considering your reputational risk?

Holding management to account

• Is your board embracing the “show, don’t tell” approach with management?
• Is there clear executive accountability for risk issues, with visibility to the board?
• Does executive remuneration include collective accountability for adverse risk and compliance outcomes?

Culture

• Is your board promoting a culture where ethics are applied to decisions about customers — not just “can we” as a compliance issue, but “should we”?
• Is a reliance on good intent creating potential blind spots?
• Is your board visible to the organisation’s employees, with a clear tone from the top?
• Is your board bringing a sense of “chronic unease” to its oversight of risk?
• Do you regularly review customer complaints, not just satisfaction?
• Does the board actively discuss these and seek to identify systemic issues?
• Are committee mandates clear?

Sticking to the issues

Claims that the push for more women on ASX boards contributed to governance failures should not distract from the substantive issues, senior directors say. It’s not a gender issue.

The resignation of AMP chair Catherine Brenner FAICD in the wake of the Royal Commission revelations sparked media debate that a focus on gender had led to more inexperienced directors and contributed to its governance failures.

AICD Chairman Elizabeth Proust AO FAICD says, “[The] focus has shifted from serious issues of ethics, transparency and accountability to attacks on the goal of increasing gender diversity. Somehow the conversation has been hijacked.”

There are important questions to be asked about the selection process for board members, says Proust. Are the processes appropriate, rigorous, transparent?

“But those questions are not gender-specific. Instead, we focus on the breakdown in governance that led to them and the corporate failings that devastated investors, employees and customers.”

Proust says this should not excuse unacceptable behaviour and individuals are, of course, accountable for their performance, whether male or female. “We owe it to the community to ensure the focus of the debate is on the critical issues of ethics, transparency and accountability — not gender politics.”

The criticisms were directed to the AICD’s target of having 30 per cent of women on ASX 200 boards by the end of 2018. Interestingly, says Proust, there was relatively little commentary about the competency of male directors following the crises at other Australian companies. “If you think back to a number of issues in Myer, 7-Eleven and, further back, Centro, no-one talked about the male characteristics of the chairs of those companies,” Proust told an INSEAD forum.

Kevin McCann AM FAICDLife, former chair of Macquarie Group and Origin Energy and chair of Citadel Group and Dixon Hospitality, considers much of the commentary to be flawed.

“There is a false logic here. It suggests women have been appointed to boards to improve board performance, the boards of financial services companies have not provided adequate oversight of compliance or culture and therefore gender diversity has been a failure. This argument ignores the collective responsibility of male board members,” he adds.

“There is also a sort of underground commentary, in some sections of the Sydney director community, that says women are being appointed to boards who are not qualified and men are being told, ‘we’d love to have you, but we have to appoint a woman’. Somehow, they think that women are crowding out men, whereas it is simply that women are catching up. The momentum for the 30 per cent of women on boards is unstoppable. The outbreak of misogyny is the last flurry of reaction to a movement that is irresistible.”

Diane Smith-Gander FAICD, a director of Wesfarmers and immediate past president of Chief Executive Women, says the suggestions that relate to failures that had been built over decades is naive and lacking in nuance. “If there’s a failure of governance, then the chair, the longest-serving directors and the directors who are up for re-election are likely to be the ones who will shoulder that accountability. In the case of AMP, that is what has happened with four female directors and is evidence of the way governance and accountability interacts. That has nothing to do with gender. She says that governance is a different game to what it used to be and requires a diverse skill set.

“The call for direct CEO experience to be an important definer of merit is misguided. It’s about bringing the right mix of skills and diversity to the board. This is a really good wake-up call that says that while Australian governance is well regarded globally — and I believe it should be — that we need to push harder to ensure our governance is improving at the same pace as the risks are escalating.”

The business case for gender diverse boards is well established. Bain & Co research found that “a strong link exists between diverse organisations and better business outcomes, where gender balance is the yardstick for overall diversity”.

Under Oath

Where does personal responsibility begin and end in relation to the banking trust crisis, asks Dr John Laker AO, chair of the Banking and Finance Oath, former head of APRA and a member of the independent panel that conducted the Prudential Inquiry into the Commonwealth Bank of Australia.

The Royal Commission is shining a searing spotlight on unacceptable behaviour in the Australian financial services industry. The reputations of major financial institutions and some smaller market participants are badly dented. But what of the individuals within these institutions? Those staff providing flawed products or poor services to customers? The line managers and above who set strategies for, directed and rewarded these staff? Did no-one ask, “Should I be doing this? Is this the right thing for the company to do?” Was it too difficult to stand up for ethical behaviour?

Over recent years, incentive structures, peer pressure and the receding line-of-sight to customers have made it difficult for individuals to give the social purpose of finance the priority it requires.

In a speech on the role of personal accountability in global finance in 2015, the IMF managing director Christine Lagarde noted: “In essence, what is needed is a culture of greater virtue and integrity at the individual level in the financial industry… If the financial industry is to put people before profits and society before shareholders, we need to see a change in values and behaviour of individuals themselves.”

Although the origins of The Banking and Finance Oath pre-date this speech, Lagarde’s words could well have been its rallying cry — because the very strength of the oath is its focus on the individual and individual accountability.

The oath was developed in 2012 to restore trust and encourage ethical behaviour in the financial services industry. It has two clear aims. To encourage a strong ethical framework for individuals in our financial services industry and to strengthen the values of integrity, honesty and trust that must underpin the industry’s dealings with the Australian community.

By taking the oath publicly, signatories freely accept a set of professional obligations, and choose to be accountable for upholding the tenets of the oath and to call out behaviour that falls short. Signatory numbers have now risen to nearly 2300, including the head of the Reserve Bank, the chairs of APRA and ASIC, and around 65 CEOs and 20 chairs of financial institutions.

Cultural change that embeds ethical behaviour in financial institutions can be challenging. Prescription and compliance obligations may simply foster a “tick-a-box” approach — the death of ethics. The fundamental contribution to cultural change must come from individuals at all levels in their institution. Individuals must be accountable for their own actions. An institution’s culture will have feet of clay if it is not supported by individual virtue and integrity. Broader initiatives within the industry to lift the level of professionalism will also struggle if they are not built on the same foundations.

Get on the Front Foot

This month, AICD is offering members exclusive complimentary access to three timely webinars.

To whom are directors duties owed? The 21st Edition of Directors Duties and Responsibilities with Professor Bob Baxt FAICDLife

Professor Baxt discussed the legal duties and responsibilities of directors and the impact of the push to make directors take on greater stakeholder interests in performing their obligations. The ethically based community expectations that impact the duties and “moral obligations” of directors was also examined; as was the validity of the increased importance being placed on corporate governance.

• Do directors owe duties to stakeholders at large? If so, on what legal basis?
• What’s changed in the fundamental operation of the law?
• How will the law impose greater responsibility on directors?

Directors’ Regulatory Update

Wed 27 June midday–1pm

The AICD policy team updates directors on all the latest changes to the regulatory environment.

Why directors should be measuring and managing culture

Tue 26 June midday–1pm (AEST)

A webinar to help directors understand, shape and guide organisational practices to impact the culture. Presented by Matthew Croxford, Human Synergistics International.

To access your complimentary webinars, click here.

Required reading

Duties and Responsibilities of Directors and Officers, 21st Edition Prof Robert Baxt AO FAICDLife (AICD)

The Fish Rots from the Head, Developing Effective Board Directors Bob Garratt (Profile)

APRA Report

Examine the APRA CBA Prudential Inquiry Final Report here