You are here
Enhanced GRC frameworks to drive better cultural change
Culture. A term that has been a regular feature in news reports in 2018 and 2019 and (should be) at the top of every board and senior executive’s agenda. However, is culture the cause or a symptom of an underlying deeper problem in corporate Australia? What is the impact of a rapidly changing external environment on cultural change?
What is the role of governance, risk and compliance in improving culture?
While all corporations will need to consider their own cultural DNA and how this needs to change, there is no question that immature or poorly designed governance, risk and compliance (GRC) frameworks have a direct correlation to the cultural deficiencies we have seen in recent times. The manner in which these frameworks are addressed, could be the difference between meaningful, sustainable cultural change and culture change which only touches the surface.
In the Final Report to the Royal Commission Inquiry into Misconduct in the Banking, Superannuation and Financial Services Industry, Commissioner Hayne was clearly of the view culture and governance must be addressed concurrently. When discussing governance, Hayne was referring to this in the broadest sense to encompass all levels of “governance” of a corporation including how it manages its legal and compliance obligations and other non-financial risks. Hayne considered governance as referring “to the entirety of structures and processes by which an entity is run”. In looking at culture and governance Hayne said “every entity must consider how it manages regulatory compliance and conduct risks”.
In a number of the issues concerning cultural weaknesses of Australia’s largest financial institutions, many of these issues have been identified as contributing or being linked to, poor governance or poor management of non-financial risk. For instance in the ‘CBA-Style’ Prudential Review published by Westpac, a tendency to overcomplicate and to privilege upfront conceptual work over execution and implementation were identified as being key cultural issues relating to “Corporate DNA strands” at Westpac. In addition, the review identified immature processes and systems around management of non-financial risks.
More robust GRC frameworks set a stronger foundation for culture to thrive. To illustrate, accountability and remuneration (which form part of good governance) have been a key focus of regulatory enhancement to lift human behaviours and conduct. Changes or proposed changes to enhance enforcement and tighten legislative obligations (such as recent changes to whistleblowing laws) have been increasingly directed at improving the standards of GRC frameworks.
However, enhancing GRC frameworks beyond the regulatory change agenda will be necessary to drive the cultural change which is needed. For example, ensuring appropriately qualified risk and compliance professionals are in place to report on risk and compliance matters, will lead to a deeper understanding of these issues so they are properly considered and managed by the board and senior executives. Well-designed frameworks, policies and procedures will create more certainty on the conduct which is acceptable but will also lead to more efficient performance and decision-making. Better systems and monitoring to identify issues early, will mitigate the amount of detriment suffered when things go wrong.
Those corporations which consider enhancements of GRC frameworks alongside their cultural change programs will therefore experience more meaningful and sustainable change than those which fail to consider enhancements in GRC or address these matters in silos. While Hayne and others have recognised there is a need for culture and governance to go hand in hand, a component which has perhaps been missed when considering the broader context of culture change is the rapidly changing landscape and the impact this may have on the change agenda.
The significant cultural change which is needed to uplift standards in the financial services sector may seem like an issue for boards, senior management and human resource departments. However, examined more closely, the robustness of governance, risk and compliance frameworks will be of critical importance to ensuring improved cultures are effective and long-standing.
There are a number of underlying external factors that are in the making of a perfect storm if culture and governance are not urgently addressed. Survival will not only be in the financially fittest but those with strong cultures and sufficiently robust and mature GRC frameworks. If corporations are already lagging behind in the health of their culture and standards of GRC, there is a material risk that the failures we have seen to date will become more intense and widespread, with substantially more detrimental impacts to customers and other stakeholders. There has never been a stronger burning platform to enhance culture and governance in your organisations.
Samantha Carroll is Practice Director of Governance, Compliance and Regulation at Ash St. Legal & Advisory.