The Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (the Royal Commission) has highlighted how detrimental misconduct can be to a business and industry. In response to the Royal Commission, ASIC has announced that it will be embedding staff into financial service organisations, starting with the Commonwealth Bank. One reason they’re doing this is to focus on the bank’s governance and reporting frameworks for misconduct. If this initiative is a success, ASIC has said that they’re keen to extend it to other industries.
With this in mind, it’s particularly important for you to look at your own business’ reporting and governance structures for misconduct.
According to the Royal Commission’s Interim Report, the majority of misconduct related to the pursuit of short-term profit at the expense of basic standards of honesty. But misconduct can cover many different aspects of behaviour in the workplace from abusive language to bullying to engaging in theft, fraud or unethical behaviour.
Your misconduct reporting and governance framework should cover all potential types of misconduct in your business.
Every business, no matter how small, should have some processes for misconduct to be reported both to senior management and to the board.
Your business policies outline what your organisation accepts and doesn’t accept when it comes to the conduct of your staff. It’s important to review your policies periodically to make sure they keep up with the needs of and changes in your organisation. If your business has grown significantly recently, then it’s possible that your policies may also need to be updated to reflect the organisational changes.
Your misconduct policy should outline what constitutes misconduct in your organisation and how different types of misconduct should be reported and dealt with. This includes outlining what the consequences of misconduct are and what your disciplinary processes are. Different types of misconduct may have different disciplinary measures to reflect the seriousness of the misconduct.
The reporting processes should also provide who misconduct should be reported to in the organisation and how they should deal with it. It should also make clear what type of misconduct must be formally reported to the board or senior management and what the format of that report should be. If the misconduct breaches are potentially criminal or may breach a law, how these should be reported to the relevant authority should also be addressed in the policy.
Other policies that are relevant to your misconduct governance framework include your whistleblower and remuneration policies. Your whistleblower policy should outline how your workers will be protected if they blow the whistle on a colleague.
Remuneration policies were reviewed in detail in the Royal Commission. In particular, how sales staff were incentivised was the subject of much discussion so it can be expected that ASIC and the government will be looking at ways to ensure organisations are encouraging ethical behaviour through their remuneration policies. In anticipation, you should review your own remuneration and incentive programs and consider what messages they may send to staff.
Another important element of your misconduct framework is training. Some businesses have ethical training so that their staff are aware of what the standard of behaviour in the organisation is expected to be. But it’s not enough to just train staff – ethics is also about role modelling behaviour at the highest level. This may involve reviewing how your senior management behave and whether staff who act ethically are rewarded or not. This goes to the core of the culture of your organisation, and is just as important, if not more so, than policies and procedures.
The culture of your organisation is driven not only by the behaviour of your senior management but also by other key signals, like how your staff are remunerated.
If your organisation is reasonably large, many of your board members may not be involved in the day-to-day operation of the organisation, but the board still have the ultimate responsibility for what happens within your company. It can be expected that the government will take a closer look at how boards address misconduct and what they’re expected to do when issues arise.
Your governance and reporting processes are just one way that your board may identify an issue of misconduct. While they may receive regular reports, boards should also be in a position to identify issues independently. They may question senior management, ask for additional information and ask questions so they understand what is being reported to them. If your board has an audit or governance committee they may also get involved in reviewing your policies and processes to make sure they’re robust.
It’s particularly important for individual directors to be proactive when it comes to misconduct because they may be personally fined or even imprisoned if their conduct is in question. If the company is found to have breached the law it may also face significant penalties for misconduct.
When it comes to misconduct, your reporting and governance frameworks must work in tandem. One weakness can undermine the entire system and expose your business to unnecessary risks. If you need help with your company compliance reporting and governance frameworks, get in touch with us.