Directors must improve their understanding of non-financial risk as APRA and ASIC focus on culture and remuneration. Dr Kym Sheehan writes.
The issue of non-financial risks and how to monitor and measure them has become a vexed topic in the Australian board and management community in the wake of the final report of the banking Royal Commission. Both the Australian Prudential Regulatory Authority (APRA) and Australian Securities and Investments Commission (ASIC) have put a focus on culture and remuneration.
APRA deputy chair John Lonsdale noted in a speech to the 2019 Actuaries Summit in July that the need to manage non-financial risks is not new, but the range of risks and the speed with which they can undermine the prudential soundness of a business “have perhaps never been greater”. APRA’s analysis of the self-assessments by 36 banks, insurers and super funds identified the issue as a particular weak spot.
“Among the most consistent themes to emerge were that non-financial risk management was frequently weak; and many of the issues raised were known to entities and were often long-standing,” said Lonsdale. “That’s the thing about non-financial risks, left unaddressed, the consequences become distinctly financial in nature.”
The recent ASIC Corporate Governance Taskforce report on director and officer oversight of non-financial risk identified three types of risks: operational risk, compliance risk and conduct risk. This classification sits alongside that of the ASX Corporate Governance Principles of Corporate Governance and Recommendations (Fourth edition, 2019) which sees non-financial risk as including environmental and social risks (recommendation 7.4). It defines social risk as “the potential negative consequences (including systemic risks and the risk of consequential regulatory responses) to a listed entity if its activities adversely affect human society or if its activities are adversely affected by changes in human society”.
However, in seeking to distil the company’s culture into a set of non-financial performance measures, one challenge is to identify the relevant measures; a number of these relate to “social” performance.
In the NYU Stern Center for Business and Human Rights paper, Putting the ‘S’ in ESG: Measuring Human Rights Performance for Investors, Casey O’Connor and Sarah Labowitz defined social performance of companies as the operational effects of a company on the labour and other human rights of the people and the communities it touches.
“Social performance” is considered to be human capital, workplace health and safety, labour relations and standards, human rights, demographic changes, supply chain, and community impacts. The range of performance indicators used to capture “social performance” is classified into six categories as summarised in the table below.
The first four measure types reflect what is happening inside the company/group. These measures document what the company is doing internally to identify its social risks. Much corporate disclosure to date has been focused on these types of measures. This is unsurprising. Investors primarily focus their efforts on these types of measures, as do regulators, because they speak to the issue of risk management. They relate to operational, compliance and conduct risk.
The last two measures, outcome and impact, capture the difference the company’s non-financial performance made on those affected by the its operations. This is not about corporate philanthropy or charitable efforts, but rather the impacts resulting from the core business operations of the company.
Already a member?
Login to view this content