INSIGHT

ASIC - A crackdown on corporate culture

By Belinda Thompson
Banking & Finance Financial Services Insurance Private Capital Superannuation

In brief

Written by Partner Belinda Thompson and Associate Michela Agnoletti

Corporate culture, and its role in shaping conduct within the financial services sector, is now clearly at the forefront of ASIC's enforcement agenda. This focus was apparent in ASIC's 2014-2015 strategic outlook, released in October 2014, which identified corporate culture as a key risk driver and poor culture within the financial services sector as a root cause of conduct that threatens the integrity of the financial services industry.

Since the release of ASIC's strategic outlook, there have been numerous public statements by ASIC Chairman Greg Medcraft and ASIC Commissioner Greg Tanzer that highlight ASIC's focus on culture. These statements provide further insight into what ASIC regards to be good corporate culture, as well as openly signifying an anticipated crackdown on corporate culture, with a clear intention to capture poor culture under ASIC's enforcement regime.

ASIC's focus on the importance of culture in the financial services sector echoes a prominent theme of the final Murray Report released last December. The Report highlighted the importance of financial institutions treating consumers fairly and the need to improve corporate culture in the sector to ensure a well-functioning financial system. (see Unravelled: Bold and sometimes radical – the final Murray report to read more)

Culture – what is it?

So what exactly does ASIC mean by corporate 'culture'? Mr Tanzer has described it as a shared set of values and assumptions that reflect the underlying mindset of an organisation. These values and assumptions shape how individuals within the organisation think and behave, including their behaviours towards compliance issues, as well as consumers and investors. From a legal perspective, the Commonwealth Criminal Code (the relevance of which will shortly be apparent) defines culture as including attitude, policy, rules and a course of conduct or practice.

According to ASIC, 'good' corporate culture is focused on 'doing the right thing' by consumers and investors by putting their interests first in the long term. It is more than ensuring compliance with the law. ASIC views good corporate culture to be crucial to maintaining the integrity of the Australian financial services sector, which is built on trust and confidence. Conversely, poor culture is considered to lead to poor decision-making, often at the expense of consumers and investors, which erodes this trust and confidence.

As a result, ASIC has identified poor culture as a 'red flag' of potentially broader regulatory issues within an organisation that may need to be investigated.

The recipe for a 'good' corporate culture: the 'Three C's'

What drives good corporate culture, according to ASIC? First, good corporate culture is driven by the boards and senior management, and is filtered down through the organisation. To drive this, organisations must have in place robust frameworks that promote good culture. To this end, ASIC has announced a 'Three C's' framework on conduct risk to tackle poor culture: Communication, Challenge and Complacency. Broadly speaking, ASIC believes that fostering a good culture requires communication of what is expected of staff, challenging existing expectations and conventions, and not being complacent. ASIC views directors as having a central role in driving a culture of compliance within an organisation – and has stated that it will hold directors accountable for failing to do so.

Targeting corporate culture

ASIC says that it plans to incorporate the monitoring of corporate culture into its role as a conduct regulator. ASIC will do this by integrating culture into its risk-based surveillance, use surveillance findings to better understand what drives poor culture, and then communicate to organisations when it has a problem with the organisation's culture.

But in terms of its toolkit to regulate poor culture, ASIC is currently quite limited.

ASIC certainly has powers to discipline conduct that may have been caused by poor culture, but it has limited powers at its disposal to discipline poor culture.

In this regard, the corporate watchdog is pushing for increased powers to target poor culture.

Section 12.3 of the Commonwealth Criminal Code provides that a company may be found to have committed an offence under certain provisions of the Code if it is proved that a corporate culture existed within the company that 'directed, encouraged, tolerated or led to non-compliance with the relevant provision' or which did not require compliance with the provision. ASIC has called for this section to be extended to the financial services and financial product provisions of the Corporations Act, and to extend liability to not only the company but also responsible management, as accessories to the breach.

ASIC also wants equivalent corporate culture provisions introduced into the laws that it administers so that companies and responsible management may be exposed to civil pecuniary penalties and administrative sanctions for breaches of law attributable to poor culture. This would expose companies and responsible management to liability for such breaches at the lower civil standard as compared to criminal standard.

Indeed, the adequacy of ASIC's enforcement toolkit has been a hot topic in recent times, and the Final Murray Report recommended a broad review of penalties for breach of the laws that ASIC administers. Mr Medcraft proposed at a Senate Estimates hearing in June this year that this review would also provide an opportune time to review ASIC's powers to target poor corporate culture.

What's next?

So what does this mean for the financial services sector? There is certainly a significant push for reform of ASIC's enforcement powers and penalties, and ASIC clearly intends to use its current toolkit and any new tools that are added to its belt to target poor corporate culture. We do not think that this will mean mountains of red tape – the Final Murray Report was clear that it is up to organisations to regulate their own culture. However, we are certainly seeing a shift in ASIC's enforcement approach in tackling misconduct at an early stage by nipping perceived poor culture in the bud. We will be monitoring this space carefully.