What this means for governance and directors’ duties
Better governance for all: it's not just lessons for the banks
While the Commission was primarily focused on misconduct in the banking, superannuation and financial services industries, there are a number of lessons arising out of the hearings and the Final Report that will resonate with entities in other industries. This is certainly the case with governance and directors' duties.
Shining the spotlight on how and why things went wrong, practices of the board were often called into question, with the Commissioner stating that 'the primary responsibility for misconduct in the financial services industry lies with the entities concerned and those who managed and controlled those entities: their boards and senior management'1. As such, it was necessary for the Commission to consider the culture, governance and remuneration practices of the relevant entities.
So, what did we learn and how do we think it will play out in the governance space?
Key takeaway: Boards should set the organisation's culture, and then actively monitor, assess and oversee its entrenchment.
Corporate culture is firmly a boardroom issue. The Commission provided a further reminder that 'the 'tone' of the entity is, and must be, set at the top'2 – that is, by boards and senior management. While all levels of management and, indeed, individuals, contribute to culture, what the board says, does and expects is absolutely critical in setting the tone for the organisation.
Directors are being held to account for corporate misconduct that they failed to prevent.
Although culture cannot be legislated, the Commissioner suggests that it should be assessed so that it can be changed if it is not resulting in the desired behaviour, and then reassessed. Interestingly, he also recommends, with specific reference to APRA, that regulators should assess what kinds of cultural norms result in misconduct.
Having regard to the Final Report, we think that boards should bear in mind the various ways in which culture is reflected within and outside an organisation, including:
- remuneration structures – what gets rewarded will drive behaviour;
boards and senior management leading by example;
- accountability frameworks – employees need to understand what they are accountable for, so they can be held accountable if things go wrong;
- how an organisation responds to incidents;
- meaningful corporate values and governance policies; and
- that embedding and managing culture requires sustained effort.
Key takeaway: Directors should act in the best interests of the company, which often means that when a long-term view is taken, there is not an inconsistency between the interests of shareholders, customers, employees and other stakeholders.
One Chair from a big four bank commented during the hearings that the responsibilities of boards 'to the community go beyond their obvious responsibilities for shareholders'. This has sparked a lot of discussion and speculation as to whether the Chair was suggesting, and the Commission might recommend, an expansion of the duty of directors to act 'in good faith in the best interests of the corporation' to expressly include other stakeholders (such as the community, employees, customers and suppliers).
Such an approach would align with the position in the United Kingdom, where directors have a duty to promote the success of the company.3 This duty has been codified to require directors to consider certain matters when acting as a director, including the 'interests of the company's employees', the 'need to foster the company's business relationships with suppliers, customers and others', and the 'impact of the company's operations on the community and the environment'. Reforms have also been proposed to UK law that would require directors to make a statement in a publicly available annual strategic report of the company, explaining how they have considered these matters when exercising their duty, which puts greater focus on how directors are engaging with the community.
Ultimately, the Commission did not recommend in its Final Report a revision of the way in which this duty is expressed in the Corporations Act. Further, while acknowledging that each of the largest entities is 'systematically important', this did not form the basis for any bank-specific recommendation on the breadth of their duties to, for example, customers, borrowers or the community. However, the Commission did consider what is meant by the 'best interests of the corporation' in the context of directors' duties.
In the ordinary course, the duty to act in the best interests of the company is generally interpreted to mean that the directors are to act in the best interests of the company's shareholders as a whole. In doing so, the board may have regard to a range of factors, including the interests of other stakeholders, as these may be relevant to the interests of the company as a whole. However, there is currently no express obligation to consider the interests of other stakeholders or, indeed, to act in the best interests of such stakeholders. The Commissioner considered that '[t]he longer the period of reference, the more likely it is that the interests of shareholders, customers, employees and all associated with any corporation will be seen as converging on the corporation's continued long-term financial advantage'.4 Accordingly, we see in the Commissioner's report an endorsement of the existing position but coupled with a strong reminder that the considerations of directors need to extend beyond 'short-termism'; it is not necessarily an adequate discharge of duties for directors to simply look at the day-to-day share price, a measurement of total shareholder returns over a period of time, or the current accounting period.
Key takeaway: In discharging their duties, directors should be particularly mindful of closely monitoring and reviewing the impact of non-financial risks on the company, as well as financial risks.
The Commission highlighted that directors should give due consideration to both financial matters (such as liquidity, capital and credit risk) and non-financial matters (such as regulatory, conduct, compliance and reputational risks) when discharging their care and diligence duty.5 Assessing and considering only financial risks and impacts is not sufficient.
For example, during the hearings, it was noted that the degree of attention and priority given to the governance and management of non-financial risks was, in some instances, not to the standard that would 'have been expected in a systemically important bank' and that the board demonstrated 'significant shortcomings' in the governance of non-financial risk. In addition, during one of the hearings, it was noted that there was 'insufficient attention' given to the management of non-financial risks.
These views were confirmed in the Final Report, in which it was commented that 'financial services entities must now accept that financial risks are not the only risks that matter'.6 The Commission referred to the 'inadequate resources' that some entities had devoted to such non-financial risks, and stated that 'sufficient attention' and 'sufficient resources' must be given to the consideration and management of non-financial risks, with particular emphasis put upon compliance risk.7
These findings should be considered in light of recent case law on directors' duties. In ASIC v Cassimatis,8 Justice Edelman held that directors' duties included protecting a company's reputation. In his judgment, Justice Edelman concluded that the 'foreseeable risk of harm to the corporation' to be considered under the care and diligence duty in section 180(1) is not confined to financial harm, but includes harm to all the interests of the corporation, and that 'the interests of the corporation, including its reputation, include its interests which relate to compliance with the law'. Of course, non-financial harm can have consequences for the company’s reputation and can ultimately result in financial harm.
During the Commission, the relationship between boards and their executive and management teams was considered quite extensively. Various shortcomings in board practices were highlighted through the hearings. Here are some important things to remember.
Key takeaway: To effectively oversee the management of the company, the board must challenge and follow up management on important issues.
The Commission highlighted the need for boards to sufficiently challenge the recommendations and advice provided by management, rather than accepting recommendations on face value. Boards should both challenge and follow up management on issues in a timely manner. To address this, a 'show me, don’t tell me' approach should be taken, so that the board is provided with evidence rather than simply assurances from management of relevant matters.
In the Final Report, the Commission comments that '[t]he task of the board is overall superintendence of the company…But an integral part of that task is being able and willing to challenge management on key issues, and doing that whenever necessary'.9 In light of the findings in the Final Report, boards should consider:
- requesting and reviewing copies of reports produced by management, rather than relying solely on any briefing provided;
- following up any questions with management after board meetings to ensure that queries are fully answered;
- ensuring accountability for the management is clear; and
- impressing upon management the importance of getting each issue resolved – for example, by requiring timely updates (with evidence) on key matters, to demonstrate how they have been progressed and/or resolved, and following up where necessary.
Key takeaway: Board packs need to contain the right information, which is based on quality of information, not volume of information.
The Commission touched upon the level of detail that management provides to the board in board packs, noting that boards have been impaired in decision making and consideration of non-financial risks by gaps in reporting to the board and its committees.
This is a timely reminder of the need for board packs to:
- be complete (not missing any information for the board);
- be balanced (not downplaying risks or overemphasising benefits); and
- contain an appropriate level of detail (remembering that unnecessary detail or volume may hamper the directors in locating or distilling the key information for their consideration).
As noted in the Final Report, '[o]ften, improving the quality of information given to boards will require giving directors less material and more information'.10 Boards need to be given the 'right information' in order to fulfil their duties.
Key takeaway: Important discussions, action items and responsibilities for those items should be recorded in the minutes of meetings and followed up appropriately.
Although not breaking new ground, the Commission also provides a timely reminder of the importance of adequate minute taking. As noted during the hearings, minutes need to record the decisions of the board. While this does not require a transcript of discussions or a 'he said, she said' approach, we believe that, following the Commission, there will be a greater focus on recording exchanges on material matters. This will be particularly the case where a matter is highly material for the entity in question, and directors are more inclined to look for evidentiary support that they have demonstrated the requisite degree of care and diligence in their consideration of the issue. While preparing template minutes in advance of the meeting can be helpful in streamlining the process of producing minutes after the meeting, it is important that the final minutes reflect the actual proceedings at the meeting, and that important discussions, action items and responsibilities for those items are recorded in the minutes and followed up appropriately.
Seven key questions directors should be asking following the Royal Commission
- Does the culture of the organisation reflect the desired culture, and how is this assessed?
- How does the board proactively engage with management to test, challenge and follow up key issues?
- How is the board satisfied that its risk framework is fit for purpose?
- How is the board proactively managing its relationships with regulators?
- Does the organisation ask itself 'Should we take this action?', rather than just 'Can we take this action?'
- Is the remuneration and incentive structure of the organisation appropriate?
- Are the board practices facilitating effective decision making?
- Final Report, 4 and 333.
- Final Report, 335
- Section 172 of the Companies Act 2006 (UK).
- Final Report, 403.
- Section 180(1) of the Corporations Act requires that a director or other officer of a corporation must exercise their powers and discharge their duties with the degree of care and diligence that a reasonable person would exercise if they were a director or officer of a corporation in the corporation's circumstances and occupied the office held by, and had the same responsibilities within the corporation as, the director or officer.
- Final Report, 406
- Final Report, 405-6.
- (No 8) (2016) 336 ALR 209.
- Final Report, 400.
- Final Report, 400.