The Australian Securities and Investment Commission (ASIC) chair, James Shipton recently ‘set the bar’ on what the corporate regulator regards as good governance of ‘non-financial risk’, when launching ASIC’s Corporate Governance Taskforce report.
The report, entitled ‘Director and officer oversight on non-financial risk’ outlines the standard ASIC expects from organisations when governing for non-financial risks such as conduct, operational compliance and strategic risks.
Shipton reminded company directors that ASIC’s strategic priority was to “improve governance and accountability” of corporate governance practices in financial and non-financial entities, as well as large listed entities; and that ASIC will be undertaking targeted reviews of these entities’ corporate governance practices and publishing their findings.
The report reinforces ASIC’s approach to the non-financial risk governance failures identified in the APRA Prudential Inquiry into the Commonwealth Bank in 2018, which included the need for “more rigorous Board and Executive Committee governance of non-financial risks”. This covered approaching conduct risk by asking ‘should we?’ rather than ‘could we?’ including accountability standards reinforced by remuneration practices; upgraded authority and capability of operational risk management and compliance functions; and cultural change to move from “reactive and complacent” to “empowered, challenging and striving for best practice” in risk identification and remediation.
Based on the work of the Taskforce, ASIC is set to release a follow up report later in the year that will deal directly with the relationship between conduct risk management and executive variable remuneration.
Commenting on the report, Deloitte Co-Lead Partner for Corporate Governance, Deborah Latimer said: “ASIC’s work should prompt organisations to consider how their governance structures support good conduct outcomes.
“While ASIC’s initial focus is on seven organisations from the financial-services sector, this will not stop there. As Australia’s corporate regulator, the duties of company directors set out in the Corporations legislation apply broadly. ASX-listed entities in every sector should be asking themselves: ‘Would we be ready for an ASIC Taskforce review?’
“Now is the right time for organisations to run a thorough health check over their governance and conduct governance arrangements which should really start with the Board reflecting on what good conduct really means for their organisation when it comes to purpose, strategy, and risk.
“A practical way of approaching this is to look at the organisation’s key public messaging and consider whether its governance structures and arrangements operate in such a way as to adhere to that messaging. This exercise will reveal conduct blind spots.”
The areas that really need to be the subject of critical review in light of the Report include:
- The relationship between statutory director and officer duties, corporate conduct, and conduct risk. How are duties discharged in director and officer oversight and management of conduct risk to achieve good conduct outcomes for the organisation?
- The governance structures in place that support and facilitate conduct risk oversight. Who is accountable and who determines the extent to which that accountability is satisfied?
- Decision making processes. How do these processes support adherence to strategic and other objectives and account for conduct aims and risks? What management information supports sound decision-making?
- Executive variable remuneration structures. How does the remuneration structure respond to conduct risk management responsibilities and responsibility failures?
- Routine conduct risk management within the organisation. Is it both systematic and influential, does it provide reasonable assurance on conduct, and are there clear pathways that ensure conduct risk management issues are appropriately escalated and resolved?