Doing the right thing

A speech by Deputy Chair, Karen Chester, Australian Securities and Investments Commission at The Directors’ Colloquium: Conversations for Corporate Board Members, Sydney, 30 July 2019.

Check against delivery

I would like to begin by acknowledging the Traditional Custodians of the land on which we meet today, and pay my respects to their Elders past, present and emerging. I extend that respect to Aboriginal and Torres Strait Islander peoples here today.

And my thanks to the organisers of the Colloquium for inviting me to join you for dinner and share my thoughts with you this evening. The Colloquium is a terrific joint initiative of the Australian Graduate School of Management, King & Wood Mallesons and the Business Council of Australia. Bringing you all together for four intensive days of learning, reflection and insight. Applying the Harvard case study approach to ten Australian cases, hearing already some 16 experienced guest speakers in your first three days and more tomorrow. Both directly and as panels.

So today you’ve focused on how a director must robustly test management and ultimately manage financial and non-financial risks. And to do this you’ve explored and wrestled with case studies and lessons learned from the Hayne Royal Commission. In doing so, you’ve sought to better understand how best to discharge your directors’ duties.  

And what a time to do so. With the benefit of the insights and lessons we’ve all sought to glean and learn from the Hayne Royal Commission.

Last year was also (for me) the year of the Commissions. The Productivity Commission where I rounded out a wonderful 5-year chapter. The Hayne Royal Commission. In some ways the personification of the findings of the Productivity Commission’s twin inquiries on the competitiveness of the financial and superannuation systems. And then ending the year with the Government announcing my appointment to another Commission – ASIC.

Earlier this year, I started at ASIC just a matter of days before the final report of the Hayne Royal Commission landed with Government. An important time to be at ASIC and especially as the Government embarks on an ambitious legislative reform programme following the Royal Commission.

But I’ve also come to learn (from the Royal Commission no less) that my career – 10 distinct jobs across 5 industry sectors – has ultimately traversed Commissioner Hayne’s four lines of defence for competitive and fair markets. The first line of defence being public policy. The second line the consumer themselves. The third the conduct of firms and their directors. And the fourth and final line of defence, the regulator. And I’ll come back to these all important four lines of defence a bit later.

This evening I’d like to share some thoughts on why some markets today seem to be falling short in delivering competitive and fair outcomes to Australian consumers. I’d also like to share an economist’s take-out on the Hayne Royal Commission. And what it means (and perhaps doesn’t mean) for company directors, corporate Australia and ultimately consumers.

And no surprise public policy will figure a tad in the storytelling. And why? Because competitive and efficient markets when nurtured through fit for purpose public policy deliver growth alongside fairness. But absent the right policy settings, they can readily become a growth detractor and fairness the collateral damage. Especially as it relates to our financial and superannuation systems. Systems that today represent $7.6 trillion in assets. That account for over 9% of our economy. And their services and products impact the wellbeing of each and every Australian.

And systems more recently under the antiseptic of sunlight – in the form of a Hayne Royal Commission. And also the sunlight of a not so Royal Commission – the Productivity Commission. With the Commission’s ‘book end’ reports last year on the competitiveness of the financial and superannuation systems.

But perhaps the enduring message from last year is an age old, simple one. The virtue and necessity of ‘doing the right thing’. For a firm that simply does the right thing ought to be – and even more so today – of much corporate value. For today we find ourselves in a world where doing the right thing no longer seems the default business model for many. Where a Royal Commission revealed conduct beyond unbecoming. Where good people seem to confuse firm loyalty with doing the right thing. For it is only when the firm’s leaders do the right thing should such loyalty be owed. A little understood but fundamental distinction. But one studied and well espoused by the Princeton ethicist Professor David Miller.

And also examined by Professor Sunita Sah of Cornell University. Whose report Conflicts of interest and disclosure thoughtfully explores how conflicts develop and under what conditions moral disengagement takes hold. And notably a report commissioned and published by the Hayne Royal Commission. For me a must read. And clearly impacting the report’s findings especially on disclosure and conflict embedded in business models (which I’ll come to shortly).

Both identify the role of institutional signals, especially from firm leaders. And to help decide if it’s the right thing to do, ask the ‘Should we’ not the ‘Can we’ question. As posed by Commissioner Hayne. And as well articulated in the John Laker led CBA Prudential Review last year. And a question for companies and their directors to ask and answer especially in decisions and dealings with consumers.

But it was not simply the revealing of contumelious behaviour of business. The absence of effective competition featured as a distinct theme across the Royal Commission’s carefully curated case studies. Where much of the Royal Commission’s evidence can also be explained by outdated public policy architecture that no longer serves us. For in the absence of effective competition, fostered and nurtured by good public policy, firms not doing the right thing can go unchecked. With consumers ultimately paying the price, and often regressively so. And a trust lost by business the inevitable collateral.

Where the CBA Prudential Inquiry last year also concluded that the CBA’s continued financial success dulled the senses of the institution. What we economists call economic rents. The consistently high returns of Australia’s largest financial institutions are over and above those of many other sectors in the economy. And for the banks, not replicated in any other comparable banking market globally since the GFC. Where pricing power for Australia’s major banks exceeds the global average, including for high income countries – and materially and persistently so. And with those senses dulled, the poor management of non-financial risks. And most demonstrably in the form of the consumer voice being lost.

And where economic rents are described by some today as toxic revenues. Going beyond products or services with persistently higher prices (and returns) alongside sticky customers. Where revenues from products and services also do material consumer harm and erode market integrity. Think case studies of the Royal Commission.

This is why culture and conduct matter so much more in these markets. As Commissioner Hayne said in the interim report:

‘Competition within the banking industry is weak ... there being little threat of failure of the enterprise, and there being little competitive pressure, pursuit of profit has trumped consideration of how the profit is made.’ 

The Hayne Royal Commission Final Report is a sobering read. But it also proved a solid and safe landing for markets, for policy, for regulators and ultimately for consumers. And a solid landing in perhaps four ways.

First, there are no grey swan recommendations. But importantly a sober recognition that disclosure in and of itself does not deliver fair outcomes for consumers. And to quote:

This idea of ‘disclosure’ underpins the now teetering edifice of product disclosure statements and Financial Services Guides.

Second, there is no regulatory overreach. A recognition that the complete elimination of conflicts is not possible nor preferable. Akin to the Productivity Commission findings, the vertically integrated business model remains but importantly better disciplined by legislative belts and braces.

Third, legislative reform to remove the damaging swiss cheese world of exceptions in the legislative norms of conduct for the Financial System.

And fourth, the twin peaks regulatory architecture (of APRA and ASIC) is retained. But strengthened and modernised to lift performance and rebalance across the regulators. In a way that plays to the respective regulatory DNA and comparative advantage. And now with remedies (civil and criminal penalties) that are not simply a ‘cost of doing business’. Recent legislative reform (13 March 2019) is a game changer here for ASIC.

Not only strengthening existing penalties but introducing new penalties for breaches previously absent penalty. And I’ll come back to this a little later.

Now, the 76 recommendations of the Hayne Royal Commission’s Final Report can arguably be grouped into three buckets.

First, 23 recommendations directed at the public policy settings – albeit much of the focus here to remove exceptionalism (or carve outs) from the legislation. For example, the handling and settlement of insurance claims to no longer be excluded from the definition of ‘financial service’.

Second, 33 recommendations directed at lifting obligations on the corporate and trustee world. Such as making breach of trustee and directors covenants in the Superannuation Industry Supervision Act enforceable by action for civil penalty.

And third, 20 recommendations directed at the regulators – lifting the bar on expectations of regulators, expanding their remit and powers and strengthening the twin peaks model. And here for ASIC most notably, becoming the lead conduct regulator in superannuation.

So turning to the two “must reads” for corporate Australia. And in addition to Professor Sah’s report. The final report of the Hayne Royal Commission and the CBA Prudential Inquiry. And asking what they may, and may not, mean for corporate Australia and its directors. Where some opine that in a post Hayne world, ‘social license’ or the fairness expectation has become more akin to the BBC announcer of Monty Python’s Flying Circus — “and now for something completely different”. When perhaps it’s simply not. Where doing the right thing was always a ‘must have’ not a ‘nice to have’ for corporate Australia and its directors. And perhaps in four ways.

First and foremost, doing ‘the right thing’ is a legal ‘must have’. Fairness is already embedded in the corporations’ law. The obligation for companies to act efficiently, honestly and fairly (s912A) has existed since it was introduced by the Financial Services Reform Act 2001. It’s surprising that few seemed aware of this obligation. Or perhaps not. Before 13 March 2019 a breach of this provision would attract a penalty of zero. Today it now attracts maximum civil penalties of up to $1.05 million for an individual, or up to $525 million for a corporation. So perhaps a better known obligation today.  

Second, when viewed through the lens of time, factoring in community expectations and social issues should not be seen as mutually exclusive from the interests of the company. Especially with long term shareholders (think super funds). ESG issues often impact future cash flows, asset values, intangible assets and thus ultimately profitability of the company. And intangible assets such as reputation, IP and customer base today account for over 80% of total corporate value as compared to under 20% 40 years ago[1].

Third, and to quote John Maynard Keynes, in the long run we’re all dead. Similarly, mismanagement of non-financial risk (better known as short termism) more often than not becomes a financial risk over time. Clear take outs from the CBA Prudential Inquiry and the Royal Commission – where we now see remediation provisioning exceeding $9 billion.  

And this misconduct bill, provoked a sense of déjà vu. Recalling the Bank of England Governor (Mark Carney’s) estimate in 2017 that the total post GFC cost of misconduct for the banks globally was US$320 billion. So our interim tally of $9 billion perhaps not out of step when adjusted for the size of our economy. Only out of step in terms of timing and more a mismanagement of non-financial risks.

Fourth, to comply with statutory duties it’s often necessary to do the right thing. Inarguably the law has recognised the “public elements” of directors’ duties for a long time, especially with s180 (care and diligence) and s181 (best interests of the corporation). And a deepened understanding with recent judicial decisions like the Cassimatis case (perhaps better known as Storm Financial) and the Centro case.

And think too of Noel Hutley SC’s advice (and recent update) on climate risk and directors’ duties. Noting the twin risks here for the corporate. As delineated by the Taskforce on Climate Change Financial Disclosure. With their helpful definitional demarcation of physical and transitional climate risks.

So whilst some suggest that the bar has been raised for directors in the wake of the Hayne Royal Commission, perhaps all we have really seen and heard is a demonstrable restatement of the existing benchmarks. And benchmarks pretty well established in case law. But that’s not to suggest both reports do not offer enduring take-outs. They do. And three stand outs come to mind.

First, the 4 C’s matter: culture, conduct, compliance and customers. And mismanagement of non-financial risks (especially as they relate to the 4 C’s) can all too readily translate to realised financial risks. Think of the $9 billion provisioning tally to date.

Second, fairness is both a legal and ethical obligation, and when we ask the question “what is fair” we know its absence when consumer harm abounds. And the “should we” question must form part of the firm’s DNA.

Third, whilst the absence of healthy and effective competition poses a public policy imperative, it also means a greater vigilance may be needed for directors in these markets. Because the potential for misconduct and consumer harm in such markets is greater. Where both the Hayne Royal Commission and the CBA Prudential Inquiry observed that the finance voice was heard whilst the voice of risk was muted (at best). And the voice of the consumer not heard at all.

The Royal Commission brought ‘sunlight’ to the failings of some boards, and in two ways. First, to ensure effective oversight to identify potential harms to the company. And second, to take appropriate action to minimise this harm. To identify toxic revenues. To identify emerging systemic breaches. To identify systemic customer complaints and ultimately consumer harm. And once identified, the drivers are diagnosed and both the source addressed and the harm redressed.

In doing so, the Royal Commission made clear the board is paramount in setting the expectation to ‘do the right thing’. Influencing and overseeing culture. Ensuring the right governance framework is in place – one that elevates material risks to the board for attention and action. In positioning itself to constructively and robustly challenge and question management. So it can be satisfied that problems are not buried but instead identified promptly and dealt with appropriately. And not as a set and forget exercise.

Turning to the here and now. And some are already posing the pendulum question. How soon after the Hayne Royal Commission may the ‘doing the right thing’ pendulum swing back?

Now pendulums have a physics induced habit of swinging. Its currently at the ‘fairness matters’ point of its trajectory – jettisoned there by the Royal Commission. But will it swing back? Ultimately the pendulum test will be whether boards enact change that is reactionary and temporary or bear the hallmarks of enduring change. And those hallmarks may initially take the form of more than a step change to systems infrastructure for the early detection of re-emerging poor conduct. But ultimately it ought to take the form of fair consumer outcomes.

The results of a recent post Hayne (May 2019) Governance Institute Survey did prompt a moment of pause. When asked how they characterise their regulatory approach, almost 50% of member respondents collectively said defensive or reactive, instead of proactive. Other results of note include:

Do you have a strategy for dealing with regulators: 40% said no.

Will the Royal Commission impact on your organisation’s approach to remuneration: over 70% said no.

But more optimistically, perhaps there are four important counter forces at play against the physics of the pendulum.

First, the fairness factor has clearly been elevated. The Royal Commission brought sunlight to the governance and conduct of these entities. With community and political expectations on fairness both elevated and arguably here to stay. And with meaningful penalties now attached to corollary legislative obligations like s912A. Such that penalties fall ‘beyond the cost of doing business’ and with that real deterrence value for future enforcement.

Second, there is a significant programme of legislative reform ahead of us focused on strengthening the first line of defence (public policy). And lifting the legislative obligations of regulated entities alongside greater remit and powers afforded regulators (our third and fourth lines of defence).

Third, we have the advantage of a significant cohort of long term investors ideally working against short termism. In the form of our $2.8 trillion superannuation system – the savings of our workers.

And fourth, ASIC’s work will – in the words of Counsel Assisting Michael Hodge QC – seek to “keep the lights on”. We have initiatives underway to better utilise transparency as a regulatory tool.

Our new strengthened, targeted surveillance in the form of Close and Continuous Monitoring and our Corporate Governance Taskforce. The first, Close and Continuous Monitoring is a program that monitors the Big 4 banks and AMP which, since we launched it in October 2018, has involved ASIC staff onsite in these institutions for a total of 119 days and meetings with more than 425 banking staff at all levels. And targeted by focusing on ‘canaries down the mine’. Like breach reporting. Like internal dispute resolution (complaints handling).

The second, our corporate governance review of 21 ASX100 entities which has involved a taskforce reviewing over 43,000 documents, and 97 interviews with CEOs, Chairs, Board Risk Committee Chairs, Chief Risk Officers, Internal Auditors and Company Secretaries. Focussing on governance processes and practices around management of non-financial risk. And practices for the payment on variable remuneration to key personnel.

They will also collectively afford us insight into whether change is happening and does it look enduring (our pendulum litmus test).

And our approach to transparency with this targeted surveillance takes two forms. First, in the form of providing frank feedback to the leadership of those corporates on our entity specific findings. And second, we will also – in the coming months – report publicly on our observations and findings. Pointing to both good and poor practices. And share some expectations on particular practices.

At ASIC, our end game is to help ensure a fair, efficient and strong financial system.

As a markets conduct regulator this means our assessment (surveillance) needs to be risk based. And as a markets conduct regulator our action (everything available to us from transparency through to court based enforcement) needs to be incentives based.

To do this, we need ‘to keep the light on’ conduct and consumer outcomes. We need to detect and ultimately deter significant misconduct and harm. Our new Product Intervention Powers giving us the important ability to now step in and respond to significant consumer detriment in a targeted and timely way. And we are up and running in using that power. But at the end of the day we need to enforce the law. Today under our disciplined ‘why not litigate?’ stance and alongside wider powers and penalties. As Commissioner Hayne said, ‘adequate deterrence of misconduct depends upon visible public denunciation of misconduct’. So we will continue to make full use of the regulatory tools at our disposal.

But we also know from the good work of academics in our field of endeavour, that the deterrence value of our enforcement action is also a function of how active we are seen to be across all our regulatory tools. Activity across our regulatory pyramid.

And, oftentimes, the use of one tool betters the deployment of the next. A recent example is with our Close and Continuous Monitoring surveillance work, where we identified in some entities significant shortcomings in customer complaints handling. This informed our current work to enhance Internal Dispute Resolution standards – with the recent release of our consultation and draft updated regulatory guidance.

On a near final note, we are acutely aware that it is the regulator that has ultimately been “left on the field” post the Hayne Royal Commission.

But it is important to remember the regulator is Commissioner Hayne’s fourth line of defence. Not the first. The amount of heavy lifting for the regulator is very much a function of how effective, how strong, the first three lines of defence are – public policy, the consumer and the corporate.

For at the end of the day, the regulator is an agent provocateur for change. The ultimate responsibility for change rests with corporate Australia – its shareholders, its directors and its management. Commissioner Hayne made this abundantly clear when he said, ‘primary responsibility for misconduct in the financial services industry lies with the entities concerned and those who managed and controlled those entities: their boards and senior management’.

And on a final note, a snapshot on our immediate priorities. We are focused on effective and efficient enforcement action. On addressing the Royal Commission’s recommendations and referrals. On establishing ASIC as a conduct regulator for superannuation. Addressing harms in insurance. Improving governance and accountability. Protecting vulnerable consumers. And addressing poor financial advice outcomes.

These seven priorities – by no means an exhaustive list of what we will do – are our strategic priorities for the coming 12 months. As we work to effectively address consumer harm, to influence behaviour and apply new regulatory tools (or combinations of tools) in doing so. 



[1] From the UK Financial Reporting Council’s July 2016 report ‘Corporate Culture and the role of Boards’.

Last updated: 31/07/2019 12:00