ASIC’s Corporate Governance Taskforce has published its report on Director and officer oversight of non‑financial risk following its review of 7 large listed financial services companies: the 4 major banks together with AMP, IOOF and IAG.
ASIC conducted 60 interviews with executives and directors of the seven companies and received more than 29,000 documents.
Consistent with the findings of the Financial Services Royal Commission and APRA’s review of CBA, ASIC’s report concludes that many directors identified challenges with overseeing non‑financial risks in large, complex organisations.
What is non‑financial risk?
ASIC’s definition of non‑financial risk covers:
- operational risk – the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events and includes legal risk but excludes strategic and reputational risk;
- compliance risk – the risk of legal or regulatory sanctions, material financial loss, or loss to reputation an organisation may suffer as a result of its failure to comply with laws, regulations, rules, related self‑regulatory organisation standards and codes of conduct applicable to its activities;
- conduct risk – the risk of inappropriate, unethical or unlawful behaviour on the part of an organisation’s management or employees.
These risks, although called non‑financial, may lead to very significant financial loss if they are not well managed.
ASIC’s specific findings related to:
- how risk appetite statements were being used as a tool to assist boards in overseeing and monitoring non‑financial risk.
- information flows from management to the board and from board committees to full boards.
- the operation of Board Risk Committees.
Attachment A is a report entitled “Influence of Board Mindsets and Behaviours on Effective Non-Financial Risk Oversight” by a firm of behavioural scientists retained by ASIC.
It highlights board behaviours that might affect how clearly non-executive directors see and understand issues, support objective judgment and provide an impetus to address issues.
It is based on data collected from the boards of six entities, comprising three financial services firms and three non-financial services firms, complemented by insights drawn from a survey and a documentation review involving an additional 13 entities across a range of sectors.
The report is separated into four sections:
• Part A sets out common themes noted across entities in the sample.
• Part B describes four varying archetypes and their respective influence on board effectiveness.
• Part C highlights implications for better practice.
• Part D provides practical considerations for all firms.