Royal Commission (Part Four): Culture, Compliance and Governance

This article is Part Four in a series. Subscribe to Financial Services Updates to receive each part of our Royal Commission Series. Parts One, Two and Three can be found at the bottom of this article.

Conduct Risk vs Customer Voice

Conduct risk joins the already lengthy register of risks that an organisation faces. It can cause financial, reputational and regulatory consequences if an organisation is found to have acted in a manner that is inconsistent with the law, or even community expectations and standards.

Conduct risk has always had a relationship with culture and compliance but it has also been a risk that flew under the radar. After the global financial crisis, an inquiry by APRA noted that current renumeration practices promoted behaviours and outcomes (conduct by employees and organisations equally) which were inconsistent with sound risk management and the best interests of customers. The immediate response to this was to improve risk management. In hindsight, the move to improve risk management within financial organisations was so broad that it failed to identify the precise kinds of risks, or risk incentives which led to the poor behaviours and outcomes. There was no explicit mention at the time of specific conduct, compliance, regulatory or reputational risk and what they meant to organisations and the wider community. 

The Interim Report raises an important question: if organisations manage conduct risk at the lower levels (for example, by removing grandfathered commission payments) but ignore the conduct risk at the senior levels (for example, managers still being driven by financial incentives), how can culture and compliance ever be changed? To keep rewarding behaviour which yields revenue and profit rather than compliance with conduct risk compromises the organisation’s cultural integrity and mutes the voice of the customer. The voice of the customer is the benchmark which measures good compliance and culture by determining whether a customer has received a service suitable for their needs and in their best interests, whether the service is legally compliant and to the customer’s overall satisfaction. 

Culture – Who is to Blame for the Lack of it?

We have asked this question before, but should the blame rest heavily against the door of the financial services industry for the poor culture found in the industry? Is it fair to say that, although many financial services providers have failed to manage questionable conduct, the regulators have also failed to oversee the industry, and this has created an easy path for organisations to produce profit almost at any expense?  

The Royal Commission has been very clear in saying that the misconduct is not solely down to organisations failing to have any risk and compliance procedures in place, but existing risk and compliance procedures didn’t prevent the conduct occurring, nor did they effectively redress the misconduct to prevent it from reoccurring once it was identified. It became a self-fulfilling prophecy because the questionable conduct went undiagnosed and unmonitored for so long that it manifested itself in the culture of the organisation. Without the conduct being mitigated by adequate risk and compliance frameworks, or monitored by the regulator, it resulted in misconduct which in turn produced profit and the misconduct became a manageable ‘risk’ because of the regulatory blind eye.

ASIC and APRA have no doubt been additional victims of the Royal Commission questioning, but also quite rightly. They are tasked with ensuring that all AFSL holders and regulated bodies are actively monitored and held accountable when things go wrong. But as we have seen, ASIC and APRA don’t take people or organisations to court except in big ticket cases and extreme circumstances. Instead the regulators regularly issue enforceable undertakings, fines and previously agreed media releases.

Management by Measurement

Management by measurement is a way of managing employees to ensure better performance by linking their remuneration to their role success, for example to incentivise them to do their job. It is often split into two payment methods, a base salary and an incentive payment for satisfactory performance. Commissioner Hayne questions whether the continued existence of these methods means that sales and revenue are still treated as the goal to pursue, with how the goal is being pursued being much less important.

The Interim Report notes that management by measurement wrongly assumes “that measurement can capture all that matters in dealings between a bank and its customers. It cannot and does not.” It is always possible that a client’s best interests may be served by not making any changes to their current arrangement and the best advice a financial service provider employee could give is to do nothing.

However, as Commissioner Hayne pointed out in his reference to the Sedgwick Review, the sales-oriented culture of the financial services industry runs deep, and even examples of balanced scorecards from ANZ and Westpac still displayed references to sales, revenue and profit, despite so-called compliance and behaviour thresholds.

Commissioner Hayne suggests that the Australian financial services industry should follow the lead of the UK, by adopting practices and procedures which loosen or sever the connection between individual conduct and entity profit. It is vital for the future success of the industry that the overriding presumption that employees will not do their jobs to the best of their abilities without incentivised remuneration be challenged.

Culture of Compliance

The evidence in the first round of hearings from the Royal Commission suggested that financial services providers were doing as little as they thought they needed to do to meet their legal obligations. Their approach was to relegate compliance to the cost of doing business rather than as a foundation that underpins how the business must be conducted. The Interim Report explains why organisations like the big four banks were not actually meeting their legal obligations, despite what they themselves thought. When asked by the Royal Commission to provide a comprehensive and detailed list of all conduct that fell short of community expectations and any misconduct identified, the big four banks protested. The reasons for protesting included that the organisation simply didn’t have time to prepare such a report and that they would need to source the information from so many different places that it would be extremely difficult.

The inability of the banks to produce the information requested is representative of the piecemeal compliance practised by the financial services industry as a whole. For NAB and CBA, their inability to readily identify how or to what extent they were failing to meet their legal obligations meant that senior management and the board could not be given any coherent picture of the state of affairs of their organisation.

If this is right, how can a culture of compliance be led from the top if the top is being provided with scant information in the first place?  All corporate entities, not just those operating in the financial services industry, could benefit from conducting a review of their compliance risk management programs to determine whether it truly is in fact an enterprise wide embedded single framework.

Legislating for Compliance

How do you ‘legislate culture’ when the requirement for compliance is already present? Additional legislation is not a solution to the current problems faced by the financial services industry.  Commissioner Hayne has derided solutions founded on an imposition of "an extra layer of legal complexity to an already complex regulatory regime” which would beg the question “what would that gain?” Instead, it is a matter for each individual licence holder to take responsibility to uphold their obligations to act efficiently, honestly and fairly.

An ethical culture driven from the top must be a core element of an organisation’s compliance framework. If the culture of the organisation does not support principled performance, then all of the people, processes, and technologies that are put in place to mitigate incidents of non-compliance and conduct risks cannot be effective.

The Royal Commission is indeed a watershed moment for the financial services industry, but it does not have to be an apocalypse. Current laws are adequate, albeit complex, for financial services organisations to not only comply with their obligations but thrive with a healthy culture of compliance. The Royal Commission should serve as a timely reminder of the obligations which already exist for an AFSL holder and be a nudge in the direction of creating an organisation-wide culture of compliance.

Previous series:

Part One of our Royal Commission Series.

Part Two of our Royal Commission Series.

Part Three of our Royal Commission Series.

Financial Services Updates

Financial Services Updates