ASIC has recently announced an approach to surveillance reviews which will include an examination of organisational culture. In addition, it has asked a Senate committee to consider laws that would allow it to punish individuals and companies for poor organisational culture.
Poor culture is not industry-specific
Although ASIC’s recent speeches have been directed at, and have used examples of, the practices of the financial services industry, the issue of managing organisational culture risk is common to all organisations.
In many ways, culture comes from above. The nature of an organisation’s culture is set by its leadership team – the board and senior management – through management, the execution of strategies, and practices that set the tone for an organisation.
ASIC made this point last year when, in another speech, Mr Medcraft noted that directors should ensure that the compliance function strongly drives a culture of compliance.
The bottom line is that ASIC is sending a message to directors that they have a duty not only to ensure the viable functioning of a business, but also to ensure that a culture of regulatory compliance, risk management and proper corporate governance exists and is enforced in their organisation.
ASIC’s concern about poor organisational culture has been repeatedly emphasised in recent speeches given by its Chairman Greg Medcraft.
On 3 June 2015 Mr Medcraft presented to a Senate Estimates hearing, remarking that ‘it is a sad fact that bad culture leads to bad conduct and this inevitably leads to poor outcomes for consumers’. Given there is a strong connection between poor culture and poor conduct, ASIC thinks culture is a major risk to:
investor and consumer trust and confidence; and the fair orderly and transparent operation of our markets.
Mr Medcraft announced that ASIC intends to incorporate culture into its risk-based surveillance reviews. For AFS Licensees, this could result in ASIC determining that a licence should be revoked because the culture of the Licensee breaches its obligation under section 912A of the Corporations Act 2001 (Cth) (the Corporations Act) to provide its services ‘efficiently, honestly and fairly’.
ASIC believes that breaches of the Corporations Act caused by cultural conduct should attract civil penalties and administrative sanctions.
It seems that ‘culture risk’ should now be added to an organisation’s risk register – if it wasn’t already there.
What can I do to improve culture?
In a speech delivered to the Annual Stockbrokers Conference on 25 May 2015, Mr Medcraft stated that the culture within a firm – its shared values and assumptions – has a positive influence on behaviour and good or bad culture can lead to good or bad market practices.
In the same speech he introduced the ‘3 C’s’ framework on culture risk for organisations.
The ‘3 Cs’ stand for:
Those 3 elements are important influencers of an organisation’s culture as follows:
Communication of conduct expectations needs to be clear, concise and effective. This includes communication that is proactive and regularly and consistently repeated across the organisation.
should challenge existing practices to determine whether current conduct is appropriate;
need to foster an environment where employees are encouraged to escalate concerns without fear of retribution; and
should consider rewarding staff for speaking up.
Don’t be complacent. Conduct should be continually reviewed, enforced and validated.
This article has been re-posted by Your Call from our friends at leading compliance software provider Complispace. Read the full article here