The Australian financial sector is at its early stages of understanding risk culture and approaches to managing it, an audience of directors heard at an Australian Institute of Company Directors (AICD) forum on risk culture last week that featured Australian Prudential Regulatory Authority (APRA) Chairman Wayne Byres MAICD and Australian Securities and Investments Commission (ASIC) Commissioner John Price. The forum brought together directors, executives and senior managers with the two regulators for a frank discussion on how APRA and ASIC viewed risk culture and what principles guided their approach to regulation and supervision. These were four key insights.
1. Culture reverberates through the financial system
Culture is a key driver of conduct through the financial system. Poor culture leads to poor outcomes for investors and consumers. It impacts the integrity of financial markets and can erode investor and consumer trust. All of these things impact on the price of capital.
Good culture, on the other hand, can enhance brand loyalty, bolster reputation and have a positive financial impact on those companies that practice it.
2. Tackling culture is the final frontier in responding to the GFC
Since the financial crisis revealed major shortcomings in the way financial institutions managed risk, risk culture – that is the norms of behaviour around how an organisation identifies, discusses, understands and acts on risk – has been on the radar of regulators.
The problems during the crisis were not caused just by issues of poor technical risk management, they also reflected deficiencies in institutions’ attitudes toward risk, the audience heard.
While strengthening balance sheets, particularly ensuring capital adequacy, has been a focus of prudential regulators, these rules do not improve bad behaviour or poor attitudes to risk. They just make sure you have more capital to lose when you lose it. Tackling culture is the final frontier in addressing the problems highlighted by the crisis.
3. Regulators are not taking a black letter law approach
Australian regulators are not being prescriptive on rules around culture. It is not feasible or desirable to dictate how a business should be run.
APRA is piloting structured reviews that will focus on how risk culture is being assessed and responded to in some organisations. The reviews will look at formal and informal drivers of behaviour that impact on risk management outcomes, and culture more broadly.
APRA is also reviewing current remuneration practices to gauge how well the industry is meeting the principles and requirements outlined in APRA’s prudential standards. For APRA, the performance-based component of remuneration should be designed in a way that supports long-time financial soundness and is aligned with the institution’s risk management framework.
Meanwhile, ASIC is incorporating culture into risk-based surveillance reviews for the entities they regulate, looking at remuneration structures, rules around conflicts of interest, complaints handling, whistleblowers and timeliness of breach reporting.
4. The questions boards could be asking on culture
- Has the culture of the organisation been independently assessed?
- Do the stated values match the actual experience of customers, employees and suppliers?
- Is culture a regular feature on the board or a relevant committee agenda?
- Do directors have broader interaction across the organisation, not just with executive officers and management?
- Do directors have relationships with key employees, such as line managers, to gather insights into the company’s culture throughout its business units?
- Does the board engage with external stakeholders such as customers, suppliers and even regulators?
- Is data captured on key indicators, for example, employee feedback and surveys, customer complaints and progress on employee training?
For more on this event, and risk culture, read John Price’s speech to the event here, and APRA’s information paper, released in October last year.