Magazine article

In the King & Wood Mallesons Directions 2016 report, we looked at the increasing focus of regulators, management and boards on corporate culture, and noted that, “corporate culture is shaping up to be the new compliance battleground for regulators, and an additional challenge for directors and boards”. Since then, the issue of corporate culture has continued to gain traction, with calls from some quarters for greater regulation or oversight of corporate culture with a view to preventing problematic and, at times, criminal conduct.

In a speech at the Law Council of Australia on 19 June this year, chairman of the Australian Securities and Investments Commission (ASIC) Greg Medcraft indicated that ASIC does not intend to legislate the type of culture which should be adopted by any particular organisation (or request that parliament introduce such legislation) but will rather undertake “risk-based surveillance” based on culture. Medcraft indicated that ASIC will look for cultural indicators that suggest it should take a “deeper dive” to look for poor conduct. However, there are concerns that the consequences or outcomes from such surveillance may have a similar impact as legislating for culture.

Surveillance and competition

Some high profile commentators have recently suggested that ASIC’s focus on corporate culture may do more damage than good, with claims that regulating (in a broad sense of the word) culture is anticompetitive, as “you can’t have the same culture for everyone” (David Murray savages ASIC’s corporate culture focus, The Australian, 5 April, 2016). If organisations believe that they must adopt a specific culture shaped by ASIC’s particular focus and guidelines, this could result in the stifling of innovation, with a risk-averse corporate culture sometimes seen as inconsistent with increasing agility and innovation.

Conversely, boasting a good corporate culture can be seen to contribute positively to an organisation’s competitiveness, with David Turner FAICD, chair of the Commonwealth Bank of Australia, predicting at the company’s November Annual General Meeting that the bank’s strong ethics would be a competitive advantage.

Setting the standard

How would ASIC establish a “standard” of corporate culture through which it could actually measure “poor culture”? Predictably, there are disparate views on how corporate culture can, or should, be measured.

In a recent speech at the MetricStream Governance, Risk and Compliance Summit in London, Mark Stewart of the UK Financial Conduct Authority, contended that the key challenge in making culture a “pragmatic reality” is the difficulty in knowing whether the culture that already exists is good or even working. He suggests looking at indicia including how quickly problems are escalated to the right person for effective decision making, how many problems linger in the draft box beyond their fixable date and how difficult it is to fix problems once they are detected.

Speaking at a recent conference, ASIC deputy chair Peter Kell stated his belief that culture is reflected in remuneration and incentive structures, and is also driven by the amount of resources put into an organisation’s compliance function and its policies on breach reporting. He spoke against processes designed to “game the system” and classify every breach as not being significant enough to report. The Institute of Business Ethics have also indicated that the presence of flawed executive remuneration practices is a ‘warning sign’ of bad corporate culture.

Westpac chairman Lindsay Maxsted FAICD believes that remuneration and incentive structures is the more complicated issue, recently arguing that key performance indicators must be set for employees and when pressure comes on earnings, “people can get mixed messages.”

ASIC’s guidance for boards

ASIC has suggested that boards consider the following questions in order to gain insights into the culture of their organisation and gain awareness of any cultural “red flags”:

  • Has the culture of the organisation been independently assessed? What were the results of that assessment?
  • Do the firm’s stated values match the actual experiences of customers, employees and suppliers?
  • Is culture a regular feature on the board and audit committee agenda?
  • Does the board hear from key employees, such as business line managers, to help with obtaining insights into the company’s culture, subcultures and team-specific issues?
  • Is there board engagement with external stakeholders such as customers, suppliers and regulators?
  • Is there monitoring that captures data on key indicators, gathered through employee feedback and surveys, customer complaints, progress on employee training on culture issues and using data analytics to gain insights?
  • Is the information in internal and external audits being fully utilised?

In a speech given on 21 June, Medcraft also suggested that senior management should “measure the ‘gap’ between a firm’s desired culture and the actual mindset of the organisation”, suggesting use of culture dashboards to help capture data on culture issues.

However, do these suggestions ask too much from boards, many of which are already time poor and over-stretched? And will a “culture dashboard” even provide the type of data which would be useful in “measuring” culture (if one accepts you can in fact measure culture)? Finally, would such information be “discoverable” by ASIC on its “deep dive”?

While we do not claim to have answers to these questions, we believe they raise important issues which need to be considered by ASIC in formulating its proposal in relation to culture.

Details and repercussions?

Given the difficulty in obtaining a consensus view on what makes an organisation successful, what “good culture” looks like and how that culture can be measured, the proposition that ASIC will look for cultural indicators to determine whether it should take a “deeper dive” to investigate poor conduct raises various issues, including:

  • Even if it is accepted that encouraging a “good” corporate culture is worthwhile, how will ASIC measure an organisation’s corporate culture and determine whether that culture indicates “poor conduct”?
  • Will ASIC publish guidelines so that organisations are aware of which cultural indicators increase their risk of a “deep dive”?
  • Would the “deep dive” be searching for breaches of law or would it be searching for further evidence of “poor culture”?
  • At a Thomson Reuters Regulatory Summit on 21 June, Medcraft stated that “by focusing more on culture, we expect to get early warning signs where things might be going wrong to help us disrupt bad behaviour before it happens and catch misconduct early.” What would the outcome of a “deep dive” be if no breaches of law were discovered?

Where to next?

It will be very difficult to gain consensus on appropriate “measures” of good culture unless there is an ability to test all the metrics objectively.

If ASIC does proceed to implement a form of surveillance system using corporate culture as a red flag, the subjective nature of such a system will likely be problematic for both ASIC and the organisations involved and may ultimately have a similar impact as regulating culture in a more formal way.

In our view, there is no “one size fits all” model as to what constitutes a good corporate culture. We do not consider that it is the role of regulators to enforce corporate culture, but nevertheless consider that a focus on improvement in corporate culture can be a catalyst to positive business outcomes and therefore should be on the agenda for boardroom discussion.

In that sense the ASIC initiative has positive elements, but we would encourage ASIC to publish further materials detailing the specifics of its proposed approach on culture as soon as possible to assist the business community to fully understand ASIC’s approach and any actions required to be taken in response.