Time To Build Out Your Culture Framework

The Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry has released its final report, and not surprisingly there is a chapter dedicated to culture, governance and remuneration. Hayne describes culture of an entity as ‘the shared values and norms that shape behaviours and mindsets’ within the entity.[1] It is ‘what people do when no-one is watching’.[2] Culture can drive or discourage misconduct. [3]

The link between culture and conduct has been heavily researched with explicit links between ‘risk culture and financial soundness, but also between organisational culture and misconduct.’[4]

As highlighted throughout the Royal Commission, poor culture can lead to poor decisions that negatively impact the end customer and consequently impact brand and trustworthiness of the entity.

Desirable culture should include adherence to the ‘basic norms of behaviour’ described in the report – these are reasonable expectations such as obeying the law, acting fairly, do not mislead or deceive, and when acting for another to actually act in their best interest.

Understanding existing culture and working towards the desired culture is now an imperative for financial services and there are two recommendations specifically focussed on changing and supervision of culture and governance, which the Government supports.

Under CPS 220 Risk Management, the Board is expected to form a view on risk culture. The above recommendation suggests that this view should be backed by an appropriate assessment.

Hayne acknowledges that culture cannot be prescribed or legislated as it is based on behaviours. But it can be assessed.

A risk culture assessment can provide a clear view of the current state of culture including governance to enable the entity to proactively identify any problems and implement actions required to influence and improve risk culture, minimising the likelihood of misconduct. Additionally, an independent assessment also removes any potential for bias and concern from staff in respect of the anonymity of information provided during any such review.

Regular re-assessments of culture can determine not only if the actions taken to address problems have been effective but also provide the ability to continue looking for areas of improvement. As culture is dependent on people’s behaviour, it will of course change over time. The goal should be consistently trying to lift culture and regular monitoring will remove any complacency.

This is a good business management practice as it provides valuable information to management and gives staff the opportunity to provide feedback. Coupled with an action plan and monitoring, the culture assessment can be a great way to measure change and attitudes.

Whilst APRA has existing prudential standards focussed on governance, we can now expect supervision and guidance focused on building culture that will mitigate the risk of misconduct.

Hayne states that there is an important role for supervisors in assessing the culture of financial services entities and he draws on views of the FSB & G30.

From the G30, he agrees that ‘supervisors should look on cultural questions as root cause analysis and intervene when they see demonstrably serious problems as opposed to making culture a generalized supervisory add-on’.[5] This requires enough supervision resources with the right skillset/seniority and expert support if needed to engage constructively… the main objective should be problem identification and entity-led corrective action. Conduct and values should be part of mainstream supervisory processes as opposed to a separate add on[6].

The government has supported this change and we can expect that APRA will receive increased resourcing to perform this prudential supervision.

To conclude, assessment and understanding of risk culture and culture more broadly can provide confidence that people are making the right decisions supported by a strong ethical framework. Regular assessment and monitoring of problems is expected and will be supervised with a risk-based approach. Whilst implementing these new requirements may take time for some entities, we expect that the insights and potential benefits will be worth the effort.

[1] Cf CBA Prudential Inquiry, Final Report, 81. I deliberately omit reference to a ‘system’ of shared values and norms if only to emphasise that culture is observed and described, not created apart from, or imposed on, the entity. 

[2] G30, Banking Conduct and Culture: A Call for Sustained and Comprehensive Reform, July 2015, 17. 

[3] FSB, Recommendations for National Supervisors: Reporting on the Use of 
Compensation Tools to Address Potential Misconduct Risk, 23 November 2018,

[4] Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry. FSRC-volume-1-final-report, Feb 2019, 382.

[5] G30, Banking Conduct and Culture: A Call for Sustained and Comprehensive Reform, July 2015, 64. 

[6] G30, Banking Conduct and Culture: A Call for Sustained and Comprehensive Reform, July 2015, 64.

Recent Posts