Good morning and thank you for inviting me to speak at this, the 9th Annual Conference for the Australasian Business Ethics Network by ASIC.
The theme for the Conference this year: Business ethics: new challenges, better theories, practical solutions is a great framework for considering ethical decision making practices in business.
I firmly believe that ethics should be a central part of business decision making, and that business decisions should be supported by a broader ethical culture within business.
This culture will best be informed through:
- an understanding of emerging challenges faced by the business
- an interrogation of theories to face these challenges, and
- a willingness to test, implement and review practical solutions.
All the while acknowledging the objectives and drivers for the business. So not only is it key for a business to earn profits, and sustain itself into the future, but more and more there is now a community expectation that business meet the needs of many stakeholders including customers and clients.
These issues are important for ASIC as Australia’s corporate, markets and financial services regulator. An ethical culture focused on honesty and fairness will go a long way to insulate a business from misconduct, poor business practices and poor decision making.
In keeping with this theme, I would like to take the opportunity to share ASIC’s findings from our recent review of director and officer oversight of non‑financial risk. I will also talk about the important role whistleblowing can play in fostering an ethical culture for business.
Why culture matters to ASIC
ASIC views corporate culture as the underlying mindset of the organisation… the set of shared assumptions and behaviours that represent the collective values, beliefs and principles of the organisation. In short, culture is ‘the way we do things around here’.
And we can see the influence of culture in the entities we regulate. A company’s culture often shapes its approach to corporate governance, its response to its regulatory obligations, and drives conduct within the firm. And that can be either good or bad conduct.
This is why culture matters to ASIC.
Of course, ASIC’s role is not to set the culture of an organisation, that is largely a matter for boards and management, but we do want businesses to shine a light on their own culture and see if it is sufficiently ethical and fit for purpose.
That is because poor culture very often leads to poor decision making and outcomes for consumers, investors and other businesses, and threatens the integrity of the Australian market. Where we identify elements of poor culture, we will make this clear to the firms in which we see it. We also consider a firm’s culture in selecting targets for our risk‑based surveillances of the entities we regulate.
In this regard, we have an important role in promoting an ethical culture in business, and an ethical approach to business decision making. We do this by being a strategic and forceful regulator, and through:
- reviewing and reporting on industry practices and approaches to corporate governance, in particular reviewing key decisions made by businesses and the information relied upon in making decisions
- identifying and addressing significant harms to consumers, investors and markets
- accelerating enforcement outcomes where there is a need for general or specific deterrence for poor conduct
- implementing new approaches to supervise the entities we regulate, and
- promoting the adoption of regulatory technology by business.
Improving governance and accountability is a key strategic priority for ASIC, and as part of our new supervisory approach, ASIC has formed a Corporate Governance Taskforce to conduct targeted reviews into the corporate governance practices of large listed entities.
Corporate Governance Taskforce
So far the Taskforce has focussed on two areas of corporate governance:
- director and officer oversight of non-financial risk, and
- board oversight of executive remuneration practices.
In October this year, ASIC published our first report from the Taskforce, setting out our observations on director and officer oversight of non‑financial risk and highlighting ways we think that governance practices can be improved.
While our report focuses on board decision making about non-financial risk, and primarily compliance risk, it is worth noting that all risks can have financial consequences. Recent events very clearly show if not well managed, non‑financial risks carry very real financial implications for businesses.
Focusing primarily on the oversight and management of compliance risk, ASIC’s review found that:
- while boards had taken decisions to articulate the risk appetite for non-financial risks, as a way to address the challenges they face, all too often management was operating outside of board‑approved risk appetites for non-financial risks
- in addition, it was difficult to identify key non-financial risk issues in information presented to the board. Material information about non-financial risk was often buried in dense, voluminous board packs
- similarly, the information often did not effectively communicate the business’s true risk position
In proposing theories and practical solutions to address these challenges, ASIC concluded that:
- boards need to hold management more accountable for operating within the business’s risk appetites
- boards need to take ownership of the form and content of information they are receiving so that they can understand and oversee the management of material risks
- boards should require reporting from management that has a clear hierarchy and prioritisation of non-financial risks, and finally
- board risk committees should meet more regularly, devote sufficient time to their considerations, and more purposefully engage in their oversight of non-financial risk.
In my view, a key insight from our work is that asking questions is essential to learning and to the practice of ethical decision making. That is unlikely to occur unless Boards are getting the information they need in a form they can understand. The Taskforce’s full report is available on our website for those that wish to read it in full.
Part of this work has also involved an analysis of the impact of corporate behaviours and culture on effective oversight and monitoring among boards. We have released these findings as a separate report to supplement the work of our broader review.
We think this document will be a helpful resource for boards in identifying their own behavioural style so that they can maximise the effectiveness of that style.
In addition to all of this, we expect to release a report on our review of board oversight of executive remuneration practices early next year.
A reminder of why ASIC is so focused on these areas is noted quite concisely in the final report of the Financial Services Royal Commission:
‘Because it is the entities, their boards and senior executives who bear primary responsibility for what has happened, close attention must be given to their culture, their governance and their remuneration practices.’
At the heart of the work of the Corporate Governance Taskforce is a desire to build understanding and improve current corporate governance practices that can support changes towards a more ethical culture in business decision making and so enhance trust in our financial system.
Complementary to this work is the importance of effective whistleblowing handling to business. I would like now to share ASIC’s views on the value of whistleblowing, and the important role whistleblowers can play in improving corporate culture.
Whistleblowing and corporate culture
Let me start by saying that ASIC greatly values whistleblowing and whistleblowers.
People, including whistleblowers, who report misconduct to ASIC help us to do our job. ASIC can only operate effectively if people are willing to share information or their experiences with us.
But whistleblowers don’t just help ASIC.
Companies need their own people to come forward within their company when they observe or experience misconduct in the workplace.
Whistleblowers can act as an early warning system, revealing problems before they become systemic or develop into a crisis.
Where treated right, and encouraged, people who speak up when they see the wrong thing being done alert businesses to changes that are necessary to improve their performance.
We think strong support and appreciation for whistleblowing within a business will promote better compliance with the law, deter wrongdoing, and, importantly, promote a more ethical culture by increasing the likelihood that wrongdoing will be reported.
Conversely, I believe a culture that discourages whistleblowers may produce a less ethical organisation. As has been stated in another context, the standard you walk past is that standard you accept.
For these reasons, ASIC supports the recent initiatives
- to better understand the whistleblower experience,
- to improve the protections for whistleblowers, and
- to improve the systems and processes for handling whistleblower disclosures.
As you may be aware, the Government has recently reformed the corporate sector whistleblower protection regime in the Corporations Act.
These reforms commenced on 1 July 2019, and significantly improve the protections available for whistleblowers who report company misconduct.
- broaden the definition of whistleblowers to now include more people such as both current and former employees, officers and contractors, as well as their spouses and dependants;
- extend the protections to anonymous disclosures and strengthen confidentiality requirements;
- broaden the scope of matters that can be raised and attract the protections to virtually any allegation of corporate misconduct;
- protect whistleblowers if they go public with their concerns to a journalist or member of parliament, in certain circumstances for matters in the public interest or emergencies;
- clarify the offences and penalties for causing detriment to a whistleblower or breaching a whistleblower’s confidentiality, making these offences easier to pursue and enforce; and
- strengthen a whistleblower’s access to compensation and damages for harm they may suffer after reporting misconduct. This includes protections from costs orders for bringing unsuccessful compensation claims.
We think these reforms will help ASIC to perform our regulatory role by encouraging more whistleblowers who have observed misconduct to come forward. We expect this will also encourage reporting within businesses, entrenching a speak-up culture and improving organisational behaviours.
A key part of the reforms is that, from 1 January 2020, public companies, large proprietary companies, and corporate trustees of superannuation entities regulated by APRA are required to have a whistleblower policy.
The law requires that whistleblower policies must include information about the practical steps businesses will take to protect whistleblowers from detriment, and how they will investigate the whistleblower’s concerns.
The courts can even have regard to a company’s whistleblower policy, and whether it has been effectively implemented, in deciding on compensation claims from whistleblowers who may have suffered for speaking out.
ASIC has released Regulatory Guide 270 Whistleblower policies to assist companies to meet their obligations to have a whistleblower policy.
The guidance sets out the components that a whistleblower policy must include as required by the law. We also provide good practice guidance and tips to assist companies to implement and maintain policies that are tailored to their operations.
And as part of our good practice guidance for implementing a whistleblower policy, we encourage companies to foster a whistleblowing culture.
We believe it is important for an entity to create a positive and open environment so that employees can feel like they can come forward to make a disclosure, and to help eliminate the negative connotations associated with whistleblowing.
These processes require integrity and they require the confidence of staff:
- Integrity so that people’s identities are protected, if that is what they wish;
- Integrity, so that the company uses the information for the right purposes, that is, to address misconduct or improve operations; and
- Confidence that employees can trust that the process will achieve what it sets out to achieve.
But the culture of the organisation, and the effectiveness of its whistleblower policy, depends on its leadership team setting the right tone from the top.
It is important for the leadership team to strive for an ethical culture flowing through their organisation. When an entity’s employees have a clear understanding of what represents ethical conduct, it will be easier to identify wrongdoing.
The guidance further identifies the important role played by the leadership team in demonstrating an entity’s commitment to its whistleblower policies and to good corporate governance.
Just as employees need to feel confident to speak up about wrongdoing, managers need to be trained in dealing with disclosures and supporting their employees. Managers also need to understand the systems and processes to support the members of their team.
ASIC plans to survey the whistleblower policies from a sample of companies next year to review compliance with the legal requirements and the extent to which companies are implementing good practices. This will be useful for us to inform the corporate sector about trends in handling whistleblowing and to further refine our guidance.
As Australia’s corporate, markets and financial services regulator, ASIC has a great interest in how businesses make their decisions, govern themselves, and manage the risks of their operations.
Improving governance and accountability is a key strategic priority for ASIC.
- That is why we have formed our Corporate Governance Taskforce to better inform ourselves and the market of current governance practices within businesses, and how these practices can be improved.
- That is why we are taking steps to promote the important Government reforms to the whistleblower protections for the corporate sector.
Ultimately, these initiatives reflect a closer focus on encouraging good corporate culture, and here the understanding and practice of ethics has much to contribute. To borrow from a recent APRA report, businesses need to ask both the question ‘can we do this’ and the question ‘should we do this’.
We have often found that, where businesses pursue an ethical culture, they can take steps to ensure against misconduct and harm to themselves and others. Similarly, where there are calls for ASIC to act, it’s often where a business’s processes have failed to properly incorporate ethics in decision making.
We are interested in the insights coming from this conference and from all of you as the participants. It is a valuable opportunity to explore the challenges, theories, and solutions for implementing ethics into business.
Thank you and I look forward to any questions you may have.