INSIGHT

ASIC Corporate Governance Taskforce Report

By Hannah Biggins, Emily Turnbull
ASIC Corporate Governance Financial Services Financial Services Royal Commission Risk & Compliance

In brief 5 min read

This week, ASIC released its first report focusing on director and officer oversight of non-financial risk in seven large financial services companies (the First Report). While the report focuses on financial services companies, ASIC points out expressly that all companies, regardless of sector, should read and engage with the findings of this report.

The First Report: key findings

The Taskforce reports that oversight and management of non-financial risk has generally not received sufficient attention, and that important elements of this management and oversight were found to be 'less mature than needed'. 

Here are the key findings:

  • Lack of engagement with risk appetites – overall, boards failed to engage substantively with risk appetite statements. Management were found to operate frequently outside board-approved risk appetites for non-financial risks. Boards need to position themselves to actively hold management accountable to operate within risk appetites. 
  • Insufficient information flow – material information on non-financial risk was often 'buried in board packs', and boards did not own or control the information flows from management to ensure material information was brought to their attention. Management reporting frequently failed to identify clear prioritisation for non-financial risks.
  • Poor non-financial risk metrics – metrics for non-financial risk were generally immature compared with financial risk equivalents. Metrics often did not provide a representative sample of risk exposure to the board, and so did not allow for accurate benchmarking against the risk appetite.
  • Weaknesses in board risk committees – the directors of board risk committees (BRCs) failed to engage actively with the substance of proposals submitted by management, and the frequency of BRC meetings was low, given the importance of the BRC in managing risk. That directors were rarely formal members of the BRC created the risk of entrenching reduced information flows to the full board.

Our preliminary observations on these findings are set out below. 


Background

In late 2018 ASIC established a Corporate Governance Taskforce (the Taskforce) to review the corporate governance practices of Australian listed entities, and publish recommendations for improvement. 

The Taskforce followed from the Financial Services Royal Commission (the FSRC), which made numerous recommendations regarding governance practices and controls in that sector. 

In its first year, the Taskforce has focused on reviewing director and officer oversight and monitoring of non-financial risk, together with discretionary decision making in variable executive remuneration. The Taskforce approached 21 ASX100 companies to participate in the review, and we have been assisting several of those companies during the process. The focus has been on governance practices at the highest levels, rather than whole-of-company reviews. Our Risk & Compliance Advisory team has been monitoring these developments in the corporate governance space. 

The Taskforce also engaged an organisational psychologist, Elizabeth Arzadon of Kiel Advisory Group, to investigate the relationship between board behaviours and management of non-financial risk.

Kiel Advisory Report

The First Report attaches the results of the review by Kiel Advisory Group. 

The key findings are as follows: 

  • Kiel identified four different archetypes of board operating style: Advisory, Collaborative, Sceptical and Director. Each archetype was associated with certain strengths and challenges relevant to the board's effective oversight of non-financial risk. 
  • However, for all archetypes, common mindsets and behavioural norms appeared to restrict boards from identifying blind-spots, especially in relation to non-financial risks. 
  • Effective monitoring and mitigation of non-financial risks was also limited by, for example, the appointment of non-executive directors without a sufficient operational understanding of the business, and by a concern to avoid a 'blame culture'. 
  • Kiel recommends that boards could strengthen effective oversight of non-financial risks by: 
    • improving ownership of their role in creating the conditions that underpin effective risk oversight;
    • clarifying and focusing on outcomes, rather than on processes associated with the board's role; and
    • increasing their commitment to collective, rather than individual, performance.   

Observations

The expectation that boards reassess their governance processes and controls is consistent with the themes to emerge from the FSRC. 

The expectation that boards reassess their governance processes and controls is consistent with the themes to emerge from the FSRC. 

The Taskforce has urged all large ASX-listed companies to review their accountability structures and governance practices against the findings of its review. The First Report acknowledges that there is no 'one size fits all' solution; rather, the expectation is that boards and BRCs proactively identify and assess their own characteristics and processes in order to better manage information flows and assessment of non-financial risks. 

The findings of the First Report generally do not provide boards with much by way of clear guidance on the steps the Taskforce envisages should be taken to improve non-financial risk management and oversight. 

That said, it is possible to extrapolate, from the examples given of suitable conduct, general principles and themes to inform the reassessment of processes. The First Report also provides guidance by way of describing internal governance practices that should not be adopted. Examples of these practices are: 

  • BRCs addressing non-financial issues when they arose, rather than holistically assessing compliance risk exposure and/or the root causes of those risks; 
  • approval of risk appetite statements by subsets of boards, rather than fully constituted boards, resulting in a poor understanding of risk appetite;
  • undocumented board sessions and informal meetings between directors that had the potential to create asymmetric information at a broader board level; and
  • brief and formulaic board minutes that lacked sufficient information about key factors in decision-making processes, limiting boards' abilities to demonstrate 'active stewardship'.

Next steps 

ASIC has already announced that a second report addressing executive remuneration practices will be released by the end of 2019 (the Second Report). ASIC has said the Taskforce will then continue its work to uplift corporate governance practices into 2020, although it is not clear at this stage precisely what form that work will take.

We will provide an analysis of the Second Report once it is released.