regulator errors on your radar

Company directors can get a unique insight to the culture of their company by asking questions about how it manages errors, mistakes and regulatory breaches. ASIC is interested in culture because it drives behaviour in companies. Our current surveillance project on breach reporting by financial institutions examines elements a sound error-management culture is likely to demonstrate — including transparency, effective communication and escalation, accountability, responsiveness (change to processes and systems) and customer remediation.

Insight from errors and mistakes

For directors not involved in the daily operation of a company, monitoring culture can be challenging. Understanding how the company manages errors can help the board assess the extent to which an issue will be picked up early and addressed quickly, transparently and appropriately. Research shows that a strong error-management approach links to ethical behaviour in employees and contributes to the quality of services provided to the customer and to better organisational performance.

A company’s error- management track record is a useful source of board information for oversight — and insight — into company culture.

A company’s error-management track record is a useful source of board information for oversight — and insight to — company culture.

We encourage directors to actively engage with and challenge management about the practical actions that management should implement in order to promote a more positive culture in their organisation, including:

  1. Effective response
  2. How effectively is your company able to identify and respond to problems when they inevitably arise? In what practical ways can you actively maintain oversight of error-management practices as a director? Are they effective, timely and transparent? Are problems quickly identified and put right — for example by remediating customers?

  3. Enterprise or individual
  4. Firms with a sound error-management culture will take an organisational approach to the management of errors. Does the company deal with error management at an enterprise level, or only at the level of individual employees (which may miss important causal factors and opportunities for whole-system change)? At the same time, are managers at all levels accountable for issues on their watch?

  5. Learning from errors
  6. How weak or strong is the learning culture in the company? Is the learning from one team/area shared across the company in a transparent fashion for the benefit of the enterprise? Is a learning culture demonstrably supported in the way resources are allocated to such things as compliance, training and knowledge-sharing activities? Are appropriate changes implemented in systems and controls once causes are identified? Is there timely remediation for consumer loss from errors?

  7. Behavioural expectations
  8. Are behavioural expectations of employees in relation to reporting errors clearly communicated to them? Do the company’s reward systems and consequence-management processes align with these expectations and support the message that the company values when employees speak up? Are employees supported to raise issues that they identify as part of their day-to-day work? Do they feel supported and safe to do so?

  9. Alignment of values
  10. Is there good alignment between the company’s stated values (meeting the needs of the customer, transparency, continuous improvement) and business practices? Are you provided with evidence that company values guide the way errors are managed?

    ASIC will continue to consider culture in our surveillance work. Our role is not to mandate a company’s culture, but to encourage them to consider whether their culture is supporting fair outcomes for customers, reducing poor conduct and ultimately maintaining community trust in companies.