Commissioner Hayne noted that until recently, there has been limited attention given in Australia, by entities or by regulators, to issues about conduct and culture.3 The final report has grasped the opportunity to address these issues, capable of giving rise to non-financial risks.
Before discussing the commissioner’s recommendations on cultural issues, for both corporate practices and for law enforcement practices, the following short excerpts from the final report highlights the commissioner’s concern on these matters.
Rotten culture
The interim and final report of the royal commission showcased many case studies of irresponsible and harmful conduct in the financial sector to firmly conclude, with apologies to Shakespeare, there is something rotten in the state of Denmark.4
Both corporate cultural practices and law enforcement cultural practices have come under sustained attack from the commissioner — it is one of the hallmark features of the Interim5 and the final report. The root cause of the rotten state of affairs in the financial sector can be found in the following observations of the commissioner:6
Rewarding misconduct is wrong. Yet incentive, bonus and commission schemes throughout the financial services industry have measured sales and profit, but not compliance with the law and proper standards. Incentives have been offered, and rewards have been paid, regardless of whether the sale was made, or profit derived, in accordance with law. Rewards have been paid regardless of whether the person rewarded should have done what they did.
The root cause of the rotten state of affairs in legal enforcement cultures arises from the propensity of the conduct regulator, ASIC, to prefer to negotiate rather than litigate on serious matters. The commissioner found that ‘too often, the financial services entities that broke the law were not properly held to account.’7 The commissioner saw good reason to remind the conduct regulator that:8
Misconduct will be deterred only if entities believe that misconduct will be detected, denounced and justly punished. Misconduct, especially misconduct that yields profit, is not deterred by requiring those who are found to have done wrong to do no more than pay compensation. And wrongdoing is not denounced by issuing a media release.
The commissioner made pointed reference to the legitimate expectations of the Australian community and their entitlement to expect both compensation as well as accountability of wrongdoers who caused harm, the latter in the form of effective deterrence and punishment.9 The regulatory pyramid calls for the highest level of regulatory response for serious breaches of law, particularly by large entities. And, according to Commissioner Hayne, that is what was missing.10
Of the many recommendations made in the thousand-page final report, this article focuses on two key recommendations which address the twin themes above.
First, it discusses the commissioner’s call for deep organisational cultural change and its implications for the board and governance. Second, it discusses the commissioner’s call for change in the law enforcement culture and its implications for the conduct regulator, ASIC, and the corporate sector in Australia.
Six commandments
Before commenting on these key recommendations, it pays to set out the overarching theme in the Final Report which serves as a roadmap for all entities to follow.
Usefully collating existing principles of law, Commissioner Hayne identified the following six norms of conduct which are likely to become deeply etched on the tables of all boardrooms right across Australia – namely:11
- Obey the law
- Do not mislead or deceive
- Act fairly
- Provide services that are fit for purpose
- Deliver services with reasonable care and skill
- When acting for another, act in the best interests of that other.
These six commandments, seen as ‘fundamental precepts’,12 are a recurring theme in the Interim and Final Report and acts as the glue that binds the commissioner’s reports.
Commissioner Hayne, however, goes an important step further. A call is made for corporate Australia to go beyond these six commandments by also complying with the spirit of the law and by modifying culture and conduct to achieve obedience to, and compliance with, the law.
If the mistakes of the past misconduct are to be avoided in the future, ‘entities have no choice but to grapple with culture, governance and remuneration. All three are related.’
Hayne recommendations on cultural change
In addressing the ills of the past, the commissioner draws upon the need for cultural change to modify future corporate and individual behaviour. Much of the outrageous behaviour identified in the commissioner’s report, such as customers being overcharged or deceived (otherwise known as ‘fees for no service’), can be attributed to a flawed culture within entities. Poor organisational culture was seen as a blameworthy factor contributing, in turn, to the poor management of regulatory, compliance and conduct risks.
According to the commissioner, if the mistakes of the past misconduct are to be avoided in the future, ‘entities have no choice but to grapple with culture, governance and remuneration. All three are related.’13 Indeed, the experience of the GFC bears testimony to the close connection of these concepts.
All the talk about culture begs the question, what is culture?14
It is often said culture is hard to see or define, and that it is a slippery concept with no fixed meaning. The commissioner recognised that cultural practices can be unique to each entity and that it cannot be created apart from, or imposed, on an entity. Thus, the commissioner defined culture as shared values and norms that shape behaviours and mindsets within the entity.15 It is behaviour that is internalised within an entity. It was also noted that culture has been described as what people do when no-one is watching.16
Recommendation 5.6: Changing culture and governance
To address failings in sound cultural practices within entities, Commissioner Hayne recommended all financial services entities (whether named in the Report or not) should, as often as reasonably possible, take proper steps to:
- assess the entity’s culture and its governance
- identify any problems with that culture and governance
- deal with those problems
- determine whether the changes it has made have been effective.
An analysis of this recommendation shows that each financial services entity has primary responsibility for its own culture and that the commissioner expects culture to live deeply in all of the organisational structures of an entity. Window dressing, or box-ticking, is discouraged by the requirement for these entities to assess their cultural practices as often as is reasonably possible. The notion that culture is not, and should not be, static is also made clear. Thus, a set and forget strategy by the board towards conduct and behaviour is discouraged.
In advocating self-assessment of cultural practices by financial service entities, the commissioner was also alive to the dangers of this approach. Recognising that everyone can be blind to their own faults, self-assessment will be futile in situations where entities are blind to their problematic culture. Thus, the commissioner also recommends regulatory supervision of cultural practices by entities.
Recommendation 5.7: Supervision of culture and governance
In conducting its prudential supervision of APRA regulated institutions, the commission recommended that APRA should:
- build a supervisory program focused on building culture that will mitigate the risk of misconduct
- use a risk-based approach to its reviews
- assess the cultural drivers of misconduct in entities
- encourage entities to give proper attention to sound management of conduct risk and improving entity governance.
ASIC, as conduct regulator, is not left off the hook. The commissioner also envisages ASIC to play an important role to supervise culture in all other financial service entities. There is an expectation for regulators to assess the entity’s culture, identify what is wrong with the culture, ‘hold up a mirror’ to the entity, agree what the entity will do to change its culture and supervise the implementation of those steps.17
Changing culture and governance: Implications and challenges
The implementation of Recommendation 5.6 on changing culture and governance will require leadership from within entities and continued attention by boards.18 It will require an ongoing effort and cultural practices will have to be integrated into daily business operations.19
The reform of organisational culture will be difficult, as recognised by the commissioner.20 This is likely to be particularly the case for larger organisations, of which they are many in the financial services sector, and especially for those with sub-cultures. The Final Report, however, appears to be silent on this key issue. Corporate policies, procedures, practices and attitudes in vast organisations do not necessarily fall neatly within the same rubric of organisational culture. The reality is that many financial services entities are complex organisations, consisting of many internal structures and divisions and it is not uncommon to find them conducting business in line with their own sub-culture.
Is the expectation of regulatory supervision of cultural practices realistic? Regulatory supervisors are expected to look at cultural questions as root cause analysis and intervene, as opposed to making culture a generalised supervisory add-on.21 Also, according to the commissioner, conduct and values are to be part of mainstream supervisory processes as opposed to a separate add-on.22
These are very laudable objectives, but will a very stretched conduct regulator (ASIC) be able to discharge these additional functions effectively? ASIC has a very large remit and limited resources. A cogent case can be made for ASIC to shed some of its regulatory portfolios for it to be a more effective corporate watchdog. Instead, and with some irony, commissioner Hayne has not only retained the twin peaks regulatory architecture, but has now added to ASIC’s burden as conduct regulator.
Can changes in cultural practices be expected soon? This is very unlikely, again particularly for large and complex organisations. Dr Ken Henry is of the view that it could take ten years to embed the culture that NAB is striving to achieve.23 Although a more optimistic and short time frame of two to three years was expressed by Mr Elliot of the ANZ bank,24 other evidence suggests that the longer estimate of ten years is more likely to be near the mark.
The experience of the Group of Thirty (G30), experienced senior bankers and CEO’s from around the world, gives grounds for pessimism. The cultural changes in banking practices that the G30 sought to impose, post-GFC, are yet to have traction in an effective and meaningful way.
According to the commissioner, ignoring the recommendations on culture change would be ‘foolish and ignorant.’25 What is the likelihood of financial services entities embracing the commissioner’s warning?
The reliance on soft law, as a tool to develop good corporate culture, suggests that the impact of this recommendation may be short lived, and the warning may fall on deaf ears. Relying on the commissioner’s yardstick, and without mandatory supervision, it is open to query whether financial service entities will embrace cultural assessments and audits when no-one is watching?
Unlike hard law, compliance with soft law is voluntary and there are no legal sanctions upon breach.26 It lacks effective punch. Soft law, which includes the ASX Corporate Governance Council Corporate Governance Principles and Recommendations, relies on indirect sanctions for enforcement, such as potential reputational loss on the part of the defaulting entity.
Commissioner Hayne has given soft law a prominent role to play in seeking to avoid future systemic misconduct. It is questionable, in the long term, whether financial services entities will give this recommendation the ‘intellectual drive, honesty and rigour’27 expected from the commissioner. It is arguable that soft law is incapable of doing this heavy lifting demanded. There is a real risk that the commissioner’s recommendation here may suffer the fate encapsulated in these observations:28
… calls for integrity and responsibility in institutional life, even in the wake of scandals, soon lose energy and effect. Like pebbles in a pond, their initial splash dissipates and seldom results in very much structural or cultural change.
Hayne recommendations on enforcement culture
Two key themes emerge in the final report on the law enforcement culture of the conduct regulator, ASIC.
The first is the commissioner’s critique of ASIC’s enforcement strategy with critical remarks directed towards the questionable choice of regulatory tools used by ASIC. The use of infringement notices may be convenient and expeditious but, in the commissioner’s view, it achieves ‘neither punishment nor deterrence.’29 For the commissioner, the widespread use of enforceable undertakings runs the risk that it signals that the promise made by the entity could be seen as no more than the cost of doing business or the cost of placating the regulator.30
The commissioner rejected the idea that improving compliance with financial services laws could be achieved by focusing only on negotiation and persuasion — for him, compliance with the law is not a matter of choice.31
The critical question, posed by the commissioner and which informs his recommendation below, is why not litigate?32 The approach preferred by the commissioner is to consider the use of other regulatory tools only when it is plain that the public interest requires there be no litigation.33
The second is the commissioner’s concern over regulatory capture, where it appears that ASIC is susceptible to losing sight of its role as a conduct regulator. It is telling that the commissioner saw fit to remind ASIC that the financial services are not its clients. Such concerns lie behind the following recommendation in the final report.
Recommendation 6.2: ASIC’s approach to enforcement
Accordingly, for Commissioner Hayne, ASIC should adopt an approach to enforcement that:
- takes, as its starting point, the question of whether a court should determine the consequences of a contravention
- recognises that infringement notices should principally be used in respect of administrative failings by entities, will rarely be appropriate for provisions that require an evaluative judgment and, beyond purely administrative failings, will rarely be an appropriate enforcement tool where the infringing party is a large corporation
- recognises the relevance and importance of general and specific deterrence in deciding whether to accept an enforceable undertaking, and the utility in obtaining admissions in enforceable undertakings
- separates, as much as possible, enforcement staff from non-enforcement related contact with regulated entities.
Changing enforcement culture: Implications and challenges
In the wake of the intense scrutiny by the banking royal commission, a chastised but re-invigorated corporate regulator was quick to adopt the recommendations above.
In October 2018, in response to the royal commission interim report, ASIC announced the adoption of the ‘why not litigate’ enforcement strategy.34 This signals a paradigm shift from the earlier approach to enforcement and perhaps a shift towards greater individual accountability and liability for breaches of law. In a promising move, in addition to the 11 specific referrals made in the final report of the royal commission, ASIC is assessing another 16 cases studies to determine if investigations should be commenced.35
In January 2019, in response to the final report, ASIC announced its planned intention to create an Office of Enforcement and that it has implemented a task force to report later in 2019.36 Significantly, it is envisaged that enforcement staff will be separated from ASIC’s non-enforcement contact with regulated entities to prevent regulatory capture. Upon implementation, this dedicated office staffed with specialist law enforcement officers is likely to significantly improve the current law enforcement culture which was found to be sorely wanting by Commissioner Hayne.
On 12 March 2019, ASIC had yet another bow added to its string with the introduction of new and stricter penalty regime.37
The Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Act 2019 significantly increases maximum penalties for serious criminal offences by tripling the penalties from five years to 15 years imprisonment. Such penalties will apply to provisions which include the dishonest breach of directors’ duties. The maximum civil penalties for individuals, previously set at $200,000, has been increased to the greater of $1.05 million per contravention or three times the benefit derived from the conduct. For companies, the penalties have increased to the greater of $10.5 million per contravention, or three times the benefit derived from the conduct or ten per cent of the annual turnover of the corporation (capped at $525 per contravention). Significantly, for the first time, disgorgement remedies in civil penalty proceedings are now available to ASIC. Also, pecuniary penalties now attach for a breach of s 912A of the Corporations Act, which requires financial service entities to act ‘efficiently, honestly and fairly’. The reforms have addressed serious deficiencies in the law, closed the gaps and ensured that ASIC is no longer a toothless tiger.
With such new armoury and initiatives announced by ASIC, what does all of this mean for future law enforcement culture?
Although these new tougher laws are too late for purposes of offences which may arise from the findings of the royal commission, the strengthened penalty regime has great potential to act as a strong signalling device and deter future breaches of law. ASIC will have its regulatory guns reloaded and have a stronger basis to revitalise its law enforcement role. It signals to wrongdoers that the game is not worth the candle. It also squarely tackles the perception that Australia is soft on punishment, a paradise for white collar crime, as characterised by the former chair of ASIC.38
All of these developments send a powerful signal to corporate Australia that soon there will be a new sheriff in town and that corporate cowboys will be facing tougher penalties. ASIC’s broader regulatory toolkit gives grounds for optimism that Australia could soon become paradise lost for white-collar criminals. All of this holds great promise.
The success of these welcomed initiatives, however, will be heavily contingent on two important factors.
The first potential impediment to ASIC’s new robust approach concerns a legacy issue — that of inadequate budgets. Despite the recent uplift to ASIC’s resources,39 its budget remains vulnerable to being hostage to the whims of the government. It was not too long ago that ASIC’s budget allocation was slashed and treated like a political football by the major political parties.40 A firm resolve by the government to continuously fully fund ASIC is required to ensure it is fit for purpose.
The second potential impediment to ASIC’s new robust approach towards a new law enforcement culture concerns the perils of path dependency should ASIC default to its old ways. The litmus test for the effectiveness of these new measures lies with the actual implementation of a robust enforcement culture. ASIC’s proposed re-orientation towards an aggressive law enforcement stance is only likely to work if it can successfully wean itself from its enforcement habits exposed by the banking royal commission.
Law on the books is one thing, effective enforcement of the law is another.41 This glaring point was exposed, forensically, in the banking royal commission. It will be a sorry tale if history were to repeat.