A successful business ignores the customer at its peril, says ASIC

Speaking from the 2019 ASIC Annual Forum in May, chair James Shipton says organisational success could depend on the customer being treated fairly, following the banking Royal Commission.

Australian Securities and Investments Commission (ASIC) chair James Shipton and his new team are driving a substantially expanded strategic agenda. At the 2019 ASIC Annual Forum, held in May, they outlined various actions ASIC is taking. Some directors, especially those in the financial services sector, may feel the governance bar has been raised significantly for them since Kenneth Hayne AC QC released his final report of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry. ASIC disagreed.

“A lot of folks are suggesting Hayne raised the benchmark for what we expect of directors and it reminds me of the Monty Python Flying Circus film And Now for Something Completely Different, when it actually isn’t,” ASIC deputy chair Karen Chester argued at the forum. “When we look at what the obligations are under the corporations law [Corporations Act 2001 (Cth)], nothing has changed.”

Similarly, ASIC Commissioner John Price said, “What Hayne has really highlighted were existing obligations. In some areas, business practice had not been meeting either those existing obligations or community expectations more broadly. So what you’re seeing in some areas are behaviours trying to meet those restated norms that Hayne and the Australian Prudential Regulation Authority (APRA) report into the Commonwealth Bank of Australia (CBA) have set out. In some cases, they’re perhaps overshooting the mark… it is a human reaction and people trying to feel their way now they understand what the community expects, and appreciate fully their legal obligations.”

However, plenty has changed. There are new faces around the executive table overseeing ASIC’s strategic change program, stepping up its enforcement response, expanding its supervisory approaches and implementing and working towards its new responsibilities in response to the banking Royal Commission. First and foremost, Shipton said, ASIC is about making Australia’s financial system fair, strong and efficient for all Australians. Secondly, it’s about expanding new supervisory approaches and promoting best practice in regulation, particularly through its close and continuous monitoring (CCM) program.

Fair play

Drawing on the post-GFC-defining book, Other People’s Money: The Real Business of Finance (Ingram, 2016) by St John’s College Oxford professor John Kay CBE, Shipton reminded the forum that the finance sector and the people in it need to do more to support the proper functioning of the financial system towards the four core functions it serves for the economy. These are: capital allocation between those who need capital with those who have excess capital; inter- and intra-generational transfer of wealth; hedging and insuring against risk; and safeguarding the economy’s plumbing — the payments system.

“Finance exists to serve Australians; it is a means to an end, but not an end in itself,” said Shipton. “This means the financial industry needs to look at its broader value proposition to people as people and not just as customers.”

He stressed the sector needed to assume more of a leadership role in promoting professionalism, as well as a community-oriented mindset in its businesses. “Both of these goals, I believe, are ultimately helped by embedding the concept of fairness into every corner of the financial system.”

To do this, Shipton said ASIC wanted to proactively apply a procedural discipline on boards and senior executives to ask themselves: “are we being fair?” or “is there a consequence of being unfair?” He said ASIC’s “why not litigate” stance was the same kind of procedural discipline the corporate watchdog imposed on itself to ensure it made the right decisions.

Price pointed out this was not a revolutionary idea. The APRA report into CBA noted in addition to boards asking: “can we do something?” they should ask: “should we do it?” A director of a company that’s not a bank or insurer and not caught up in misconduct, may be asking: “what’s the Royal Commission got to do with me?”

ASIC deputy chair Daniel Crennan QC MAICD argued that the shift towards an environment, with more penalties, where ASIC had more powers and relied on more sophisticated supervision, applied to all sectors. He described it as a societal shift towards meeting community and government expectations of conduct.

“The mandate of the Royal Commission was limited to financial services, but the philosophical underpinning of that analysis and the recommendations that arose from [it] equally applies to all corporate activity. That is our world. That is our mandate,” said Crennan.

Watching closely

Introduced in October 2018, the CCM process involves regularly placing the regulator’s staff onsite at major financial institutions to monitor their governance and compliance. It aims to identify potential harms at an early stage — a change from the reactive supervision or surveillance of the past.

Crennan said ASIC’s more intensive CCM supervisory approach was already producing benefits at an early stage, and ASIC hoped to expand its team. He explained in most organisations there was a tendency to avoid things or hide them when they started going wrong. However, CCM tried to intervene to elevate ASIC concerns quickly to the C-Suite, CEO or board before they became breaches of compliance or the law.

ASIC commissioner Sean Hughes GAICD added, “CCM and our thematic supervisory approach is not only about us understanding the entity we’re looking at, but also the entity understanding what drives us; what our concerns and our priorities are. That two-way conversation is a far more mature and engaging way to understand what those issues are than just using one tool.”

Chester said the approach first signals to the markets and institutions what matters to ASIC and also immediately informs other work. For example, in May, ASIC initiated public consultation on new standards about how financial firms handle consumer and small business complaints and aims to release new Internal Dispute Resolution standards in late 2019.

Why not litigate?

In 2018, several recommendations were made following a review of ASIC’s enforcement activities. An important change is imposing the “why not litigate” procedural discipline on ASIC, given how effective litigation can be in deterring and denouncing wrongdoing.

“Importantly, we now have a penalty for breach of that primary obligation that banks and other licensees owe to all their customers,” said Shipton in an address to the AFR Banking and Wealth Summit in March. “This is an important foundation to our new enforcement posture of asking ourselves: why not litigate? Financial institutions must embrace and embed in everything they do the fairness imperative for there to be meaningful cultural change in the industry. Financial institutions must respond responsibly to the challenge and not, as we have seen in some segments, with resistance and a reluctance to do the job that we as conduct regulators are expected to do.

“Separately, directors and officers (including of super trustees) are also on notice as to their directors’ duties and responsibilities in relation to non-financial risks, including conduct risk and operational risks such as cyber-resilience, privacy and data management.” Shipton reminded the forum there wasn’t anything new here. “It is already the law that directors and officers are ultimately accountable for their company’s management of non-financial risks.”

Crennan stressed that penalties were important. “First of all, the mere existence of them should be deterrents,” he said. “We do expect the application of penalties by the courts — and the pursuit of those penalties by us — should, if the world works efficiently, effect an improvement across the board and a cultural shift towards more observation of compliance obligations.”

ASIC Commissioner Cathie Armour GAICD clarified that the penalties didn’t apply retrospectively; that only actions occurring from March 2019 onwards would attract them. “The vast majority, particularly of the [banking] Royal Commission referrals to us, are likely to be under provisions of the law where there may not be the sort of penalties that we now have available,” she said.

Cyber challenges

ASIC, like other large organisations, is grappling with the challenges of having to adapt legacy technology systems while ever more is being demanded of real-time data analytics. Armour said great improvements had been made since a 2015 capability review found ASIC’s IT systems and management of information lacking, prompting the government to commit $61m to improve them.

“It’s hard to say have they been ‘fixed’ — in the sense that we’re a regulator, and in our dynamic environment we’re looking to ever expand our systems and resources to be suitable for the environment. But we’re a long way advanced in a basic technology transformation project, so the bones are good and we’re making sure there’s a good foundation,” said Armour, adding ASIC was looking to invest more in its data analytics capabilities and in monitoring its registry infrastructure, which is still operating on aging technology.

New AICD culture tools

Culture is surfacing as critical to an organisation’s sustainable performance, and cultural change must be driven, supported, and modelled by the leadership of the organisation — and integrated into the board’s overall governance role.

In recognition of this, and as part of the AICD’s response to the findings of the Forward Governance Agenda, the AICD is releasing two tools to assist directors discharge their duties in this important area.

Director Tool: Governing Organisational Culture

This complimentary member tool is designed to help shape the director mindset on culture. It considers the role of the board in governing culture and has insights to support directors in executing their responsibilities.

How directors behave and the decisions they make in the boardroom (for example, strategic direction, risk appetite, remuneration framework) directly affect how senior management and the CEO perceive and embody their roles and impact the organisation’s culture.

The Governing Organisational Culture tool, available to download from the AICD website, includes themed questions to help directors frame their organisation’s unique culture and set the tone for the rest of the organisation.

Authored by Judith S MacCormick FAICD, an internationally recognised thought leader on issues of governance, the tool is available to download here.

Culture Diagnostic Tool

Recognising that organisational culture is a complex and dynamic area, the AICD is also developing a diagnostic tool that will provide boards with a more in-depth analysis around:

• Setting clear cultural direction and expectations around behaviours and decision-making
• Aligning the levers at its disposal to reinforce these expectations
• Regularly testing these expectations are being met.

More information about the cultural diagnostic tool will be available in the coming months.