The issue of non-financial risks and how to monitor and measure them has become a vexed topic in the Australian board and management community in the wake of the final report of the banking Royal Commission. Both the Australian Prudential Regulatory Authority (APRA) and Australian Securities and Investments Commission (ASIC) have put a focus on culture and remuneration.
APRA deputy chair John Lonsdale noted in a speech to the 2019 Actuaries Summit in July that the need to manage non-financial risks is not new, but the range of risks and the speed with which they can undermine the prudential soundness of a business “have perhaps never been greater”. APRA’s analysis of the self-assessments by 36 banks, insurers and super funds identified the issue as a particular weak spot.
“Among the most consistent themes to emerge were that non-financial risk management was frequently weak; and many of the issues raised were known to entities and were often long-standing,” said Lonsdale. “That’s the thing about non-financial risks, left unaddressed, the consequences become distinctly financial in nature.”
The recent ASIC Corporate Governance Taskforce report on director and officer oversight of non-financial risk identified three types of risks: operational risk, compliance risk and conduct risk. This classification sits alongside that of the ASX Corporate Governance Principles of Corporate Governance and Recommendations (Fourth edition, 2019) which sees non-financial risk as including environmental and social risks (recommendation 7.4). It defines social risk as “the potential negative consequences (including systemic risks and the risk of consequential regulatory responses) to a listed entity if its activities adversely affect human society or if its activities are adversely affected by changes in human society”.
However, in seeking to distil the company’s culture into a set of non-financial performance measures, one challenge is to identify the relevant measures; a number of these relate to “social” performance.
In the NYU Stern Center for Business and Human Rights paper, Putting the ‘S’ in ESG: Measuring Human Rights Performance for Investors, Casey O’Connor and Sarah Labowitz defined social performance of companies as the operational effects of a company on the labour and other human rights of the people and the communities it touches.
“Social performance” is considered to be human capital, workplace health and safety, labour relations and standards, human rights, demographic changes, supply chain, and community impacts. The range of performance indicators used to capture “social performance” is classified into six categories as summarised in the table below.
The first four measure types reflect what is happening inside the company/group. These measures document what the company is doing internally to identify its social risks. Much corporate disclosure to date has been focused on these types of measures. This is unsurprising. Investors primarily focus their efforts on these types of measures, as do regulators, because they speak to the issue of risk management. They relate to operational, compliance and conduct risk.
The last two measures, outcome and impact, capture the difference the company’s non-financial performance made on those affected by the its operations. This is not about corporate philanthropy or charitable efforts, but rather the impacts resulting from the core business operations of the company.
Questions for directors
- Given our statement of values and how it influences the way we go about our business, what non-financial measures would best capture our efforts over the financial period?
- How can we best measure the outcomes and impacts of our financial and non-financial performance on people and the world we operate in?
- Do our non-financial measures reflect, at a minimum, our material non-financial risks?
- What scope is there to consider and measure non-financial opportunities and performance?
- Are we limited to industry or investor endorsed measures or can we create our own bespoke measure?
- Do we over-rely on quantitative data on inputs, activities and outputs? What scope is there for an outcomes measure?
Linking values with measures
Under the ASX Corporate Governance Principles Recommendation 3.1, companies are required to articulate and disclose their statement of corporate values. A company’s statement of corporate values could include sentiments such as respect, accountability, zero harm, “taking a socially responsible approach to how we operate”, and “we always act honestly and fairly”. Each of these examples can be measured using one or more of the measure types outlined in the table above.
For many companies, the choice will be a mix of input, activity and perhaps some output measures, with a preference for quantifiable measures (which can include survey responses for employee-related metrics). Some qualitative outcome measures may add to the information provided by these measures. For example, “always acting honestly and fairly”. What did customers experience when you chose to not act fairly? Do you require local communities to tolerate aspects of your operations (such as operating hours for a construction project that include after-hours and weekend work)? Did you breach those commitments? What, if anything, was changed internally to avoid a repeat of this occurring? How did you communicate with the community on this issue?
Accountability can be measured in many ways. One obvious measure is the policy on corporate whistleblowing, which can highlight failures in procedures and accountability. It is also possible to measure outputs: the number of matters raised, their seriousness and how many investigations were concluded and how many remain open at the financial year’s end. Going deeper into measurement can reveal the company’s true commitment to accountability — not just how, but why the breaches of corporate policy happened.
Linking measures with risks
Every listed company will prepare disclosure around their key business challenges as well as disclosures related to ASX Corporate Governance Recommendation 7.4 on non-financial risks. The key to these disclosures is the materiality of the issues to the business. Undoubtedly, the board will ensure alignment between non-financial performance measures and material non-financial risks of input, activity and output. ASIC’s Corporate Governance Taskforce recommends boards also ensure alightment between the Risk Appetite Statement and the measure of non-financial risks. Yet there is a downside from focusing exclusively on non-financial risk as the company may fail to identify and respond to non-financial opportunities. It narrows the focus from performance to risk management.
Linking measures with remuneration
Non-financial measures already appear in remuneration, most typically in short-term incentive schemes. In its recent paper, Strengthening Prudential Requirements for Remuneration, APRA proposes several changes to variable remuneration design in its limiting of financial performance measures to no more than 50 per cent in total (and a cap of 25 cent for an individual measure). Its discussion paper lists non-financial metrics found in long-term incentive design schemes in Australia and overseas — effectiveness and operation of control and compliance, customer outcomes, market integrity objectives, reputation and alignment with strategy and values. Most of these measures relate to inputs, activities and outputs, and are quantitative or count measures.
Just because your company wants to measure many aspects of its non-financial performance does not mean these must form part of your remuneration strategy. A downside risk from having many measures, each contributing a small percentage to the overall remuneration outcome, is the signal of what is critical to do well gets lost in the noise of many measures.
Bespoke or industry-accepted measures
An obvious choice of non-financial performance measure is an industry or investor-accepted measure, such as percentage of women on the board or in senior management roles, or some other type of quantitative measure. Investors tend to prefer quantitative measures. Yet this may not necessarily be the most effective measure to convey the performance achieved. It may inspire companies to create their own internal measures of non-financial performance. Creating a bespoke measure runs the risk of being misunderstood by outsiders who want to benchmark your performance against other companies (including competitors), but also not being readily measurable by the company’s information systems. The important thing is to ensure the measure is defined in meaningful ways that your systems can readily measure, and that you educate your employees, regulators and investors on your choice of measure.
It is possible to measure outputs: the number of matters raised, their seriousness and how many investigations were concluded and how many remain open at the financial year’s end.
Dr Kym Sheehan is a senior lecturer at Sydney Law School, University of Sydney.