| | | Effective PR

ASIC drops compliance in the lap of boards.

Editorial Staff

Using the trendy but woefully inaccurate term "oversight" when it means supervision ( see why here), ASIC "urges companies to apply a greater focus and sense of urgency to the oversight and management of non-financial risk..particularly compliance risk. Boards cannot afford to ignore the oversight of non-financial risks." The thing is that ASIC's findings show a failure of awareness of the legal position of directors in Australian companies.

The report was produced after an extensive survey and interview process of "seven large financial institutions, 60 interviews with directors and officers, an extensive documentation review, and external resources."

ASIC Chairman James Shipton said the boards ASIC reviewed were challenged by important elements of non-financial risk management and their supervision of these risks was "less mature than required." He said "As we have seen, all risk can have financial consequences. If not well managed, non-financial risks carry very real financial implications for companies, their investors and customers."

ASIC's review found a startling lack of awareness of a broad range of risks:

- All too often, management was operating outside of board-approved risk appetites for non-financial risks, particularly compliance risk. Boards need to actively hold management accountable for operating within stated risk appetites.

- Reporting of risk against appetite often did not effectively communicate the company’s risk position. Boards need to take ownership of the form and content of information they are receiving so that they can adequately oversee the management of material risks.

- Material information about non-financial risk was often buried in dense, voluminous board packs. It was difficult to identify key non-financial risk issues in information presented to the board. Boards should require reporting from management that has a clear hierarchy and prioritisation of non-financial risks.

- The effectiveness of board risk committees (BRCs) could be improved. BRCs should meet more regularly, devote enough time and be actively engaged to oversee material risks in a timely and effective manner.

What boards also need are reports free of jargon and buzzwords and even constantly changing language. This is something that afflicts ASIC and it should take the lead on using unambiguous terms - and well established terminology. In all forms of communication, the most effective speak the language of the recipients of the message: those that require recipients to "translate" may find that more attention is paid to the medium and less to the message or, even, that recipients simply get fed up trying to keep up with an ever-changing linguistic landscape, some of which actually militates against comprehension and some of which are words which carry little or no material import.

It's not as if ASIC can't do it. This is taken from the announcement of the report:

‘While there is no “one size fits all” solution to these findings, boards need to proactively identify and assess their own characteristics and processes,’ Mr Shipton said. ‘Though the review examined companies in the financial services industry, many of the lessons learned can be applied to most public companies in other sectors of the economy.’

‘Our report concludes with a series of questions that all public companies might ask themselves. Not all will be relevant to every company, but many will be,’ Mr Shipton said. ‘We urge boards of all large listed companies to read this report and review their governance practices and accountability structures with reference to our findings.’

It's clear and concise although it would be sensible to take issue with the reference to "large" - for the sake of market integrity, surely all listed companies should require boards to be aware and, even, responsible for what happens in their business.

This is consistent with the law in Australia: about 20 years ago, a court found that a director of an Australian company was responsible for conduct that took place even though he spent the majority of his time in the offices of a sister company in the UK: directors cannot say they did not know, the case found.

It is, therefore, interesting that ASIC has conducted research which indicates that even amongst the country's largest companies, there is a tendency for directors to take the view that what happens below them, even if there is delegated authority, in some way insulates the board and that a two decades old legal development has not been taken account of enough if at all.

"However effective [supervision] and management of non-financial risk is not novel or impossible. Companies have managed some of these risks well in the past and continue to do so today. We hope this review provides boards with a useful roadmap to achieve this, " said Shipton.

Further reading:

Read the full report here: https://asic.gov.au/regulatory...
Read the full speech by ASIC's Chairman Mr James Shipton here: https://asic.gov.au/about-asic...
Listen to a podcast on the subject here: https://www.podbean.com/ew/pb-...