Good corporate governance is important for businesses of all sizes, from small businesses to large publicly traded companies. Most recently and notably, the financial services sector was subject to the Banking and Financial Services Royal Commission, which demonstrated many areas where the assessment for risk with certain non-financial practices was not adequate – leading to a large-scale review into potential misconduct of many institutions.

In light of that Royal Commission, a taskforce was instituted by ASIC to explore corporate governance measures taken by several companies. The Corporate Governance Taskforce (Taskforce) aimed to facilitate good corporate governance in the financial services sector for ‘a fair, strong and efficient system.’

ASIC have now published their first-year report on the Taskforce’s operation and specifically regarding non-financial risk and executive remuneration (Report). The Report recommends that non-financial risks to companies should be more emphasised and considered by company directors when determining the direction of the company.

Non-financial risks that companies may become exposed to as a result of their trading include:

(a) operational risk – any risk that arises as a result of inadequate processes, employee error, or vulnerabilities in any system;

(b) compliance risk – the risk of facing legal action or regulatory sanctions as a result of not complying with regulations applicable to the business (such as those relating to safety or ethics);

(c) conduct risk – the risk of illegal or unlawful behaviour being engaged in by the company’s employees or managers that are directly detrimental to its performance; and

(d) environmental risk – any adverse effects on the environment around the company as a result of its operations (such as emissions, pollutants, and resource depletion).

Failure to adequately account for the non-financial risks associated with a company’s operations will often result in greater exposure to negative consequences from regulators and a diminished ability to appropriately deal with adverse effects when they do arise.

Risk appetites

The Taskforce found that the boards of the companies surveyed did not adequately account for the non-financial risks described above (even with special risk evaluating committees), and that their processes for evaluating those risks were not prioritised or well resourced.

The Taskforce also found that the limits of the risk appetite levels set by the committees of the companies surveyed were often overstepped, particularly in relation to compliance risk, also due in part to the fewer metrics of quantification available for non-financial risks.

Information flows

Information flows relate to how the directors, employees and management communicate about risks affecting the business with each other.

The Report detailed how risk information was relayed to the directors of the surveyed companies and found that many companies were burying key risk information in large documents in an order that does not priorities their importance or the size of the risk. This meant that many risks were not addressed correctly or discovered by the company’s directors until consequences had arisen.

The Taskforce also discovered that many meetings that were held to discuss and consider risks that had been identified were occurring behind closed doors and were not minuted, creating information flow difficulties.

Risk committees

Committees for separate aspects of the direction of a company are often formed from the board of directors – including those dedicated to evaluating risk. This is a corporate governance measure as recommended by Recommendation 7.1 of the ASX Corporate Governance Recommendations.

The Report detailed how risk committee meetings did not occur frequently enough and under informal circumstances and without enough information (an issue linked to the information flow issue described above).

Conclusion

While the companies surveyed by the Taskforce were major financial services corporations (such as Westpac, NAB, ANZ and IOOF Holdings), the lessons that can be taken away from the Taskforce’s Report can be applied at any corporation’s size.

All company directors should make the effort to identify and quantify any risks associated with their business, be they financial or non-financial, and seek to minimise them as much as possible by seeking expert advice.