There are many issues in the final report issued by Commissioner Hayne that are only relevant to the Financial Services industry and so being across all aspects of the final report is not "essential reading" for leaders in other industries. That said, there are some key elements that are very relevant to all leaders of all businesses, large or small and well worthwhile taking time to ponder. The key takeaways are:
#1 Get your priority right - know your WHY and understand profit is the result not the purpose.
#2 Remuneration, Culture & Governance are intertwined. They strengthen your business when they work together to eliminate misconduct and weaken your business when they enable and reward misconduct - activity that contravenes the law and / or community standards and expectations.
#3 Risk adjustments to variable remuneration send a clear message to people about what is not acceptable. Leaders should ensure such mechanisms are effective, including how they are personally affected and accountable for outcomes.
#4 All entities must consider, and keep considering, how they can improve the quality of information provided to boards and their committees. And in this regard, as in all other aspects of board governance, ‘quantity’ of information is not the same as ‘quality’ of information.
#5 The board of directors must challenge the company executives persistently when they feel inadequate information and explanation has been provided.
#6 Leaders must constantly track and adjust the culture of the organisation, overall and at each business level or location.
#7 Failings in governance and the occurrence of misconduct can be traced to three things: the role of the board, the entity’s priorities and accountability.
The following discussion is largely drawn from the content of the final report, using the commissioner's own written material with minimal changes to preserve the content and context, whilst simplifying and reducing the time for a reader to sift through the relevant information. The final report is available on line at the following address: https://financialservices.royalcommission.gov.au/Pages/default.aspx
The commissioner's opening remarks were: "First, in almost every case, the conduct in issue was driven not only by the relevant entity’s pursuit of profit but also by individuals’ pursuit of gain, whether in the form of remuneration for the individual or profit for the individual’s business.
Providing a service to customers was relegated to second place." This characterisation was acknowledged by Financial Institution leaders in their testimony and apologies.
This immediately raises the question of "WHY?" Why does the organisation exist? Can you articulate your organisation's and your own why? Is your why simply to make money for shareholders and/or self? If so, are you putting profits first and customers second or lower in priority. Profit and reward are important. They are the results of delivering your purpose, not the purpose itself.
At Streamwise Learning our WHY is: “We develop people to consciously connect their way of leading with accountability for the integrity, culture, communication, strategy, risk and results of their organisation.” If we deliver this why to our customers, the outcome will bring us the rewards.
The commissioner makes it abundantly clear that the primary responsibility for misconduct lies with the entities concerned and those who managed and controlled those entities: their boards and senior management. They set the tone from the top and each successive leadership layer should sound out the expectations with clarity, and echo back the understanding. Every entity must look again at its culture and the way in which it governs itself and manages not only its employees but also the entities and individuals who act as its intermediaries or are seen by consumers as representing or associated in some other way with the entity. In looking at culture and governance, every entity must consider how it manages regulatory, compliance and conduct risks. And it must give close attention to the connections between compensation, incentive and remuneration practices and regulatory, compliance and conduct risks.
For businesses not in Financial Services, the issues are the same albeit the regulations and laws that affect firms will be different. Misconduct for financial gain is unacceptable, is generally illegal, and certainly against community standards and expectations. Practices that reward misconduct, particularly financial incentives, should be avoided.
In the conclusion to the chapter on Remuneration, Culture and Governance the commissioner wrote: "Failings of organisational culture, governance arrangements and remuneration systems lie at the heart of much of the misconduct examined in this Commission. Improvements in the culture of entities, their governance arrangements and their remuneration systems should reduce the risk of misconduct in future. Culture, governance and remuneration march together. Improvements in one area will reinforce improvements in others; inaction in one area will undermine progress in others. Making improvements in each area is the responsibility of the entity itself."
The commissioner examined remuneration, culture and governance as separate issues while emphasising they are intertwined and impact and influence each other. He covered each issue in detail. Here are the major points.
The conduct identified and criticised was driven by the pursuit of profit – the entity’s revenue and profit, and the individual actor’s profit’.
Poorly designed and implemented remuneration arrangements can increase the risk of misconduct. Well designed and implemented remuneration arrangements can play an important role in reducing that risk.
The links between remuneration practices and misconduct have given particular attention to the remuneration of executives because it is the board and senior management of financial services entities who are responsible for, and have the greatest degree of control over, the way that risks – including compliance risk, conduct risk and regulatory risk – are managed within those entities.
When remuneration arrangements are designed or implemented in a way that sees executives rewarded with large bonuses despite their poor management of risks, those remuneration arrangements increase the likelihood that the entity will engage in misconduct or conduct that falls below what the community expects. By contrast, when remuneration arrangements are designed and implemented in a way that properly takes into account the way that executives have managed risks those remuneration arrangements will decrease the likelihood that the entity will engage in misconduct, or conduct falling below community standards and expectations. An entity’s remuneration arrangements, especially variable remuneration programs, tell staff what the entity rewards and what the entity values.
How remuneration arrangements are ‘designed’ and the way that those arrangements are ‘implemented’ are both important issues, and the final report delves into the two aspects in some depth.
There was a large body of evidence about the design of executive remuneration systems. Unsurprisingly, the systems differed from entity to entity, but there were some common features:
* First, each system rewarded executives with a combination of fixed remuneration and variable remuneration.
* Second, each system deferred part of the executives’ variable remuneration.
* Third, many systems distinguished between short-term variable remuneration and long-term variable remuneration where the amount of short-term variable remuneration was dependent on criteria assessed over the most recent financial year. The amount of long-term variable remuneration was dependent on criteria assessed over several years. While a proportion of short-term variable remuneration was often deferred, all long-term variable remuneration was always deferred. Only the most senior executives were generally eligible to receive long-term variable remuneration.
* Finally, each system allowed the board of the entity to adjust executives’ variable remuneration to reflect their management of risk. All systems allowed for this to occur through in-year adjustment of short-term variable remuneration, and through forfeiture of deferred remuneration that had not yet vested (referred to as ‘malus’). Some systems also allowed for deferred remuneration that had already vested to be clawed back.
Although good design of remuneration arrangements is critical to reducing the risk of misconduct, the issues demonstrated by the evidence before the Commission were often issues of implementation rather than design.
Two of the issues connected with implementing remuneration arrangements that are relevant to all business leaders are firstly, risk-related adjustments to remuneration, and secondly, disclosure of the fact of, or reasons for, risk-related adjustments to remuneration.
Several of the problems that can arise in connection with the implementation of risk-related adjustments to remuneration were demonstrated by the evidence about the process by which CBA’s board determined the remuneration of the CEO and Group Executives in the 2016 financial year.
CBA released its 2016 remuneration report in August 2016. At that time, both ASIC and APRA had continuing investigations into CBA’s life insurance business. CBA, including the board, was aware of a number of other issues that became public over the course of the following year. These included: the anti-money laundering and counter-terrorism financing (AML/CTF) issues raised by AUSTRAC resulting in a $700 million penalty imposed in 2018; the ‘fees for no service’ issues; and the mis-selling of credit card insurance.
Further, in late 2015, APRA had expressed concerns to CBA about the effectiveness of its operational risk management framework and APRA was concerned about a number of persistent significant risk issues that were not being dealt with effectively. Despite those issues, in that financial year, CBA’s board rated the CEO and all but one of the Group Executives as having ‘fully met’ relevant requirements in relation to the management of risk.
How did this happen?
First, the information made available to the board about the risk management performance of the senior executives was plainly deficient. Among other things, it did not adequately inform the board of the nature or seriousness of issues that had been identified. It did not identify to the board who, among the Group Executives, was accountable for the issues. It made no real assessment of whether those executives had behaved in a way that exemplified the sound management of risks.
It is concerning that the information made available to the board was deficient in those ways, and more concerning that the board did not seek and insist on more detailed information.
Up to and including 2016, the CBA board appears to have been unwilling to make any significant adjustment to variable remuneration as a result of risk-related matters. It appears
that, unless and until risk and compliance issues became publicly known, accountability for those issues was not reflected in adjustments to executive remuneration.
At the moment, listed companies are required to disclose prescribed information about executive remuneration in their annual reports, including the total amount of variable remuneration received by senior executives. Companies are not required, however, to disclose information about whether risk-related adjustments have been made to the remuneration of senior executives, and therefore are not required either to set out why the board made particular risk-related adjustments to executive remuneration.
The remuneration arrangements of an entity show what the entity values. If the board reduces the variable remuneration of executives for their poor management of non-financial risks and tells other staff that the variable remuneration of those who are accountable for particular events or forms of conduct has been reduced, it sends a clear message to all staff about both accountability and what kinds of conduct the board regards as unacceptable.
The commissioner expressed the view that "No public disclosure should be required."
Frontline People Remuneration
Entities should review at least once each year the design and implementation of their remuneration systems for front line staff to ensure that the design and implementation of those systems focus on not only on what people do, but also how they do it.
If we accept that an entity’s remuneration and incentive arrangements show what the entity values, then consideration of those arrangements may provide a useful starting point for an examination of the entity’s culture. But an entity’s remuneration and incentive arrangements are not the same as its culture. Culture is a broader concept that is also influenced by other matters.
The commissioner stated that "the culture of an entity can be described as ‘the shared values and norms that shape behaviours and mindsets’ within the entity. It is ‘what people do when no-one is watching’. Culture can drive or discourage misconduct."
Three general points should be made:
* First, the culture of each entity is unique, and may vary widely within different parts of the entity.
* Second, there is no single ‘best practice’ for creating or maintaining a desirable culture, but one necessary aspect of a desirable culture is adherence to the basic norms of behaviour described in the full Report: obey the law; do not mislead or deceive; act fairly; provide services that are fit for purpose; deliver services with reasonable care and skill; and when acting for another, act in the best interests of that other.
* Third, culture cannot be prescribed or legislated. Proper governance, a healthy culture, and accountability are desired outcomes, but they cannot be imposed by rules that say, ‘You must ...’ or ‘You may not ...’. ‘Culture is about behaviours. Behaviours in general are not amenable to legislation or regulation. ... Sustainable cultures need to arise from and be embedded in an entities DNA’.
Culture can – and must – be assessed by the entities themselves. It is common sense to do this and given the potential for aspects of an entity’s culture to drive misconduct, an entity must form a view of its own culture, identify problematic aspects of that culture, develop and implement a plan to change them, and then re-assess to determine whether it has succeeded. Each entity has primary responsibility for its own culture.
Managing culture is not a one-off event, but a continuous and ongoing effort that must be integrated into day-to-day business operations.’
* ‘Leadership always matters, and entities must embed conduct and culture messages and expectations from the top down, through middle management down to the lower levels in their organisation. There is increasing awareness that tone from above is as important as tone from the top, and this requires a shift in how managers at all levels of the organization are trained, promoted and supported.’
* ‘While cultural norms and beliefs cannot be explicitly measured, the behaviours and outcomes that culture drives can and should be measured’.
Governance refers to all of the structures and processes by which an entity is run. It embraces not only by whom, and how, decisions are made, but also the values or norms to which the processes of governance are intended to give effect. Notions of accountability lie at the heart of governance. Who is to be held accountable for what is done or not done? How are those who are accountable held to account?
The Prudential Inquiry into CBA highlighted the ways in which governance failings at CBA contributed to the reputational damage it had suffered. The panel concluded that:
* there was inadequate oversight and challenge by the CBA Board and its gatekeeper committees of emerging non-financial risks;
* it was unclear who in CBA was accountable for risks, and how they were to be held accountable;
* issues, incidents and risks were not identified quickly, and were not managed and resolved with sufficient urgency; and
* not enough attention was being given to compliance (with regulations and the law).
Connections between failings in governance and the occurrence of misconduct can be examined under three headings: the role of the board, the entity’s priorities and accountability.
The role of the board
Boards must have the right information in order to discharge their functions. In particular, boards must have the right information in order to challenge management on important issues including issues about breaches of law and standards of conduct, and issues that may give rise to poor outcomes for customers. Without the right information a board cannot discharge its functions effectively.
When referring to boards having the right information, this in not more information. It is the quality, not the quantity, of information that must increase. Often, improving the quality of information given to boards will require giving directors less material and more information.
There is no single answer as to how boards can ensure that they receive the right information. But boards and management must keep considering how to present information about the right issues, in the right way.
Boards must also use the information that they have to hold management to account. Boards cannot, and must not, involve themselves in the day-to-day management of the corporation. Nothing in the Commissioner's Report should be taken to suggest that they should. The task of the board is overall superintendence of the company, not its day-to-day management. But an integral part of that task is being able and willing to challenge management on key issues and doing that whenever necessary.
Many of the case studies considered in the Commission showed that the entity involved had chosen to give priority to the pursuit of profit over the interests of customers and above compliance with the law.
Some have sought to explain this emphasis on the pursuit of profit as reflecting the fact that an entity is ultimately accountable to its shareholders. That proposition requires close examination.
All entities that are incorporated and have a share capital have responsibilities, and are accountable, to their shareholders. It is shareholders who will elect directors and, in the case of publicly listed companies, will vote to adopt, or not adopt, remuneration reports. It is also shareholders who will give effect to the ‘two strikes rule’ that may see the entire board spilled.
These forms of accountability are, of course, important. But they do not mark the boundaries of the matters that the boards of entities must consider in the course of performing their duties and exercising their powers.
This gives rise to a further point about the nature and extent of directors’ duties. Directors must exercise their powers and discharge their duties in good faith in the best interests of the corporation, and for a proper purpose. That is, it is the corporation that is the focus of their duties. And that demands consideration of more than the financial returns that will be available to shareholders in any particular period.
Financial returns to shareholders (or ‘value’ to shareholders) will always be an important consideration but it is not the only matter to be considered. The best interests of the corporation cannot be determined by reference only to the current or most recent accounting period. They cannot be determined by reference only to the economic advantage of those shareholders on the register at some record date. Nor can they be judged by reference to whatever period some of those shareholders think appropriate for determining their results.
It is not right to treat the interests of shareholders and customers as opposed. Some shareholders may have interests that are opposed to the interests of other shareholders or the interests of customers. But that opposition will almost always be founded in differences between a short term and a longer-term view of prospects and events. Some shareholders may think it right to look only to the short term.
The longer the period of reference, the more likely it is that the interests of shareholders, customers, employees and all associated with any corporation will be seen as converging on the corporation’s continued long-term financial advantage. And long-term financial advantage will more likely follow if the entity conducts its business according to proper standards, treats its employees well and seeks to provide financial results to shareholders that, in the long run, are better than other investments of broadly similar risk.
Regardless of the period of reference, the best interests of a company cannot be reduced to a binary choice. Pursuit of the best interests of an entity is a more complicated task than choosing between the interests of shareholders and the interests of customers.
Accountability is centrally important to any consideration of culture, governance and remuneration.
Clear accountability is vital to effective governance. It ensures that issues are resolved and resolved effectively. It fosters a culture where risks are managed soundly. It lies at the heart of the proper operation of any variable remuneration and incentive system. It is accountability that determines what consequences must follow when things go wrong (and where credit is due when things are done well).
At Streamwise Learning we have observed many instances where businesses use the terms responsibility and accountability as if they are interchangeable. We advocate for business to be clear about the differences in these terms, and also the expression - authority.
We recommend businesses treat these as follows:
Authority is future tense: It informs a leader of what they are empowered to do, including any limitations on their decision-making capacity, and how they should deal with issues when they reach their limit of authority. Authority is not shared but can be delegated, usually in lesser degrees down through the structure of the organisation. This enables less senior leaders to be empowered whilst maintaining two way communication when limitations are reached and a higher authority level needs to be engaged.
Responsibility is present tense: It pertains to the activities that the leader has oversight for and what needs to be done in order to meet the aspirations of the organisation. Responsibility can be shared and can be delegated. Sharing responsibility bonds people together in teams and creates a community spirit within the organisation. Authority and Responsibility do not always go together - you can delegate responsibility for a task or outcome without giving any authority. Failing to delegate any authority may undermine the task if capable people are involved. Capable people should be empowered.
Accountability is past tense: It is a reflective aspect, looking back on what happened, why it happened and how reward or penalty (not blame), if any, should be apportioned. Leaders are accountable for the responsibilities they delegate to others. Whilst people down the line can be held accountable too, ultimately the buck stops at the top. When the people responsible for an outcome are dismissed or penalised, and for the people above them there are no consequences, then accountability has failed.
There are many important take-aways for business leaders as a result of the Hayne Royal Commission. It is sensible for leaders in other businesses and industries to listen to and learn from the proceedings that have been undertaken. The importance of community standards and expectations cannot be ignored, and these are constantly shifting. Honesty and fair dealings lie at the centre of these expectations. Misleading and deceptive conduct, abuse of the power balance in commercial dealings and failure to listen to customers and the community in general can have significant and long-lasting reputational damage to industries, corporations and individuals. These can be called out in a very public way to ensure accountability is attained, and this is an example of how it can play out.
We hope this summary is seen as a useful document for sharing, discussing and reflecting on the issues within your business.