“Getting culture and conduct right is not a supervisory requirement. It is necessary for banks’ and banking’s economic and social sustainability¹.”

The primary task of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry was twofold: to address whether the actions of financial services entities might have amounted to misconduct, and whether their conduct fell below community standards and expectations.

There is a widely held appreciation that the focus on governance and culture post-GFC was too narrow, focusing only on financial soundness and stability. Cultural initiatives, often focusing on values, have failed to consistently lead to good outcomes for customers. With the release of the Royal Commission’s Final Report, and in echoing the APRA Inquiry into CBA, it is clear that supervision must extend to include non-financial risks, and must include culture, governance and remuneration.

In the lead up to the Royal Commission, organisations were considering how to address the issue of culture as it applies to conduct and non-financial risks. However, there is a fundamental challenge within this. Governance and remuneration systems are tangible, whereas ‘culture’ is complex, an outcome of context and many other factors. It is tempting to conflate tangible systems, regulation and culture, whilst neglecting the single most important issue, leadership. These issues begin and end with leadership at the personal and collective level. That is not to say that tangible systems, like remuneration and incentives, can be ignored; remuneration and incentives, especially variable remuneration programs, tell staff what the organisation values. Remuneration both affects and reflects culture.

Recommendation 5.6 Changing culture and governance in the Royal Commission’s Final Report, is a centrepiece of the report, and a lens through which all other recommendations should be read. Author, Commissioner Hayne, has directed that financial services entities are to take proper steps to assess the entities’ culture and governance, identify any problems, deal with those problems and thereafter determine whether the changes made have been effective.

This recommendation seems straight forward, and on the surface may not appear as though much has changed – after all, Prudential Standard CPS220 Risk Management and equivalents have requirements around risk culture already. However, it is important to note the additional expectation – that an organisation “determine whether the changes it has made have been effective”. For many organisations, conducting a risk assessment and outlining remedial actions are already part of their ongoing activities.

Risk culture is a nebulous concept, and difficult to measure in any quantitative way outside of one-dimensional risk surveys. Demonstrating genuine effectiveness of cultural change will be a challenge for many. Measuring the effectiveness of changes is made more challenging by the fact that an organisation’s culture is built over time, and is changed only slowly.

APRA has been directed to re-establish its culture supervisory capabilities, and to take a more active role in the supervision of culture in including “assess(ing) the cultural drivers of misconduct in entities”. We believe this to be a very positive recommendation, as the work by APRA in the past, we believe, was on the right track. Organisations wanting to avoid close cultural scrutiny from APRA would do well to take steps to understand and deal with their cultural problems, as the recommendation suggests a “risk‑based approach” given cultural work can be resource intensive.

Culture in many of the organisations under scrutiny at the Royal Commission was seen to be influenced by their challenges in managing conflicts of interest. Imploring individuals to act in the best interests of their clients has been a key component of value statements for many years. However, as evidenced at the Royal Commission, conflicts are often resolved in favour of the interest of the entity, favouring a ‘good enough’ as opposed to ‘best interest’ outcome for customers.

The recommendation from the Royal Commission is to simply remove conflicts where possible. This is unlikely to be feasible in all cases, so the key question is – when a conflict of interest remains, are the frameworks put in place operating effectively to manage them? Or are they, as Commissioner Hayne suggested (or found), simply ‘tick the box’ disclosure exercises? Organisations retaining conflicts, must obviously balance the interest of shareholders, employees and customers, and culture plays a critical role in how individuals respond to competing interests. It is therefore key in ensuring operating effectiveness of these frameworks.

Furthermore, developing the capability within the organisation to identify and reconcile tensions (for example between outcomes for different stakeholders) will protect the organisation and lead to better outcomes for all.

Noticeable in the Royal Commission were a number of institutions that are known for either strong risk management culture, or a very strong focus on customer or member outcomes, but not both elements at the same time.

The culture recommendations cannot be addressed by organisations in isolation of some of the other more tangible recommendations from the Royal Commission’s report. In particular, remuneration, incentives, accountability, governance, and, most importantly, leadership. Decisions about remuneration and incentive structures have a direct influence on both leaders’ and staff behaviour. Clearly defined accountability with consequences for poor risk and customer outcomes drives the required ‘tone at the top’. However, accountability without the authority to effect outcomes, and without support and trust will lead to a poor culture that will permeate the organisation.

Finally, governance processes will influence the risk culture of the organisation. They can provide rigour and set the tone through process, or conversely they can reduce risk and customer outcomes to procedural activities. The tone of an organisation must be set at the top, but must also be echoed from the bottom and reinforced at every level of management and supervision. A culture that fosters poor leadership, poor decision-making, or poor behaviour will undermine the governance framework of the entity.

In response to this recommendation, organisations should be looking at a holistic approach that agrees and assesses the behavioural norms of the organisation, invests in pinpointing the drivers of those behaviours, then works to actively change those drivers, and measures the effectiveness of theses interventions.

Only in conjunction with other initiatives will cultural change be truly embedded and enable the sustainability of our financial system. This will begin and end with leadership at the individual and collective level. To lead effectively during times of disruption and transformation, leaders need the right capability, capacity and mindset.

• Many organisations will have already completed a self-assessment – this is an opportunity to consider culture within the broader terms directed in the Final Report.
• For those who haven’t, now is the time to hold up the mirror and identify what changes need to be made.
• Organisations must consider measuring the effectiveness of culture interventions – for example, employee panels, assessing senior leader behaviour and other behavioural insights.