Speaking notes from the keynote address to the Members Health Directors' Professional Development Program by ASIC Commissioner John Price, Sydney, 5 February 2020.
CHECK AGAINST DELIVERY
Thank you for the opportunity to speak here today.
I will begin by acknowledging the Traditional Custodians of the Gadigal land on which we meet today and pay my respects to their Elders past, present and emerging. I extend that respect to Aboriginal and Torres Strait Islander peoples here today.
In preparing for today's speech I have been very mindful of the regulatory framework that governs private health insurance. As you would all know, while ASIC generally has a key role in regulating financial products such as insurance, private health insurance is specifically excluded from the financial services regime that we administer.
However, notwithstanding that fact, today I want to give some context on a few matters that I do hope will be of relevance and interest to you. The first of those matters relates to various governance issues and reforms that have arisen following the Financial Services Royal Commission that took place from December 2017 to February 2019.
Second, I want to suggest some good practice measures for Boards to consider as a result of those issues and reforms.
Finally, I want to make brief observations on some regulatory issues regarding insurance products that we regulate highlighted by the Financial Services Royal Commission. I do this as it might be worthy to consider if they are also relevant to your sector.
The Financial Services Royal Commission
Let me start with some background about the Financial Services Royal Commission.
A key piece of context about the Royal Commission involved its mandate. The mandate covered not only failures to meet the requirements of the law, but also failure to meet community standards and expectations. I think this is important because as you know a successful business in the long term is about more than just short-term profits and meeting bare minimum legal requirements. It is also about ensuring the community maintains trust in what you do.
On this subject of maintaining trust, the final Royal Commission Report demonstrated for me that individuals, firms and industry need to constantly improve their professionalism and their conduct as community expectations change. To support better professionalism and conduct, cultural change and better governance are vital tools.
This was quite concisely acknowledged in the final report of the Financial Services Royal Commission which stated, 'Because it is the entities, their boards and senior executives who bear primary responsibility for what has happened, close attention must be given to their culture, their governance and their remuneration practices.'
This strong theme of governance and accountability is now reflected in law through the Banking Executive Accountability Regime which is proposed to soon be extended to all APRA regulated entities, including private health insurers.
New supervisory initiatives
However, it is not just business and Parliament making changes following the Royal Commission. In response to the Royal Commission findings, ASIC has implemented enhanced supervisory initiatives to help improve the culture and governance practices of Australia's regulated institutions. Today I will talk about one of those new initiatives – our Corporate Governance Taskforce.
Corporate Governance Taskforce
Our taskforce aims to improve the governance practices of firms by focussing on specific areas of governance across a range of firms and highlighting both poor and better practices. Let me briefly discuss the specific governance topics considered by ASIC as part of this work.
Director and officer oversight
The first is the role of the board and officers in the oversight of non-financial risks. This work assessed the oversight of non-financial risk in 7 large financial services companies.
By non-financial risk we mean operational risk, conduct risk (such as not treating customers fairly) and compliance risk (that is risks from not following the rules). However, the truth is, even so called 'non-financial risk' can ultimately have serious financial consequences.
Our report released in October last year revealed significant challenges in the oversight of this risk.
It highlighted the following key areas:
- Management was very often operating outside of board-approved risk appetites for non-financial risks, particularly compliance risk. Boards need to hold management accountable to operate within their stated appetites.
- Monitoring of risk against stated appetites could be improved. We found that often it did not enable effective communication of the company's true risk position. Boards need to ensure and take ownership of the form and content of information they receive.
- Material information about non-financial risk was often buried in dense, voluminous board packs, making it difficult to identify key non-financial risks presented to the board. Boards should require reporting from management that has a clear hierarchy and prioritisation of non-financial risks.
- The use of board risk committees (BRCs) we found could be better utilised to achieve its stated purposes. BRCs should meet more regularly and set aside enough time to oversee material risks in a timely and effective manner.
If you haven't read the report already, I would commend it to you. It also contains a series of questions you can consider and adopt where relevant to your organisation.
We are also currently finalising a report on the governance of executive remuneration. This report will set out governance practices we observed surrounding the exercise of discretion by boards to adjust the variable remuneration of executives in 21 large listed companies. Whilst we are working closely with APRA on this review (given they will be issuing their revised prudential standard on remuneration shortly), the companies in the review extend beyond financial services companies. Like the first report, we are drafting this report so that it can aid all large listed companies improve their governance practices.
I don't want to pre-empt any findings of our work. However, an issue that I do think warrants further consideration by Boards is how best to ensure remuneration pay-outs remain sensitive to risk outcomes into the future and take into account both financial and non-financial measures to reflect risk and performance outcomes appropriately.
Given these issues have been raised in a number of other consultations and reports I am sure these will not be a surprise to you.
Good practice measures for boards
In light of these governance findings and issues, I want to turn now to some suggested good practice measures for boards in this post-Royal Commission regulatory environment.
The first is culture. Corporate culture is, and will remain, a focus for us.
The board plays an important role in setting the tone, influencing and overseeing culture, and ensuring the right governance framework is in place – one that elevates material risks clearly to the board for attention and action.
Directors need to be vigilant to ensure that risk and compliance functions are adequately resourced and have adequate expertise.
Non-executive directors need to also be active in their oversight – to constructively challenge and question management to satisfy themselves that problems are not buried rather than dealt with appropriately. This is not a set and forget exercise.
It will be difficult for boards to assess their company's culture if they are not asking for information that enables them to assess whether the message from the top is being implemented throughout the entity and serving its purposes.
Boards need to strive to find the balance between receiving enough information to ensure key concerns and root causes have been properly identified against receiving so much information that they are unable to discern what the key concerns are.
Some examples of questions boards should be asking around culture:
- What does the workforce say about 'the tone from the top' and the 'tone from the middle'?
- What action do we take against leaders or top performers who do not uphold the company's values?
- Is management using root cause analysis where cultural issues are found, examining not just what went wrong but why?
- Are our risk management functions properly resourced?
Boards and independent oversight
The second good practice message is about the role of the board and provision of independent oversight.
Of course, ASIC is mindful of the difference between the role of the board in governance and oversight, and the role of management in ensuring the day-to-day running of an institution is sound.
ASIC very strongly supports independent oversight of management by boards, and boards informing themselves adequately to perform their oversight function robustly through constructive enquiry, challenge and probing, rather than making the day-to-day decisions.
In doing this, there needs to be a focus on how charters, policies, processes and procedures translate in practice and permeate through an institution, rather than on documentation alone. In too many cases we find this is a problem.
Insurance issues identified at the Royal Commission
Before I conclude I just wanted to summarise a number of issues specific to general or life insurance that the Royal Commission highlighted.
I do this not because I have information that suggests any of them are also an issue for private health insurance. Rather, because they might be illustrative of the types of pitfalls that can be a problem if not carefully monitored.
The insurance issues covered in the final Royal Commission Report can be broadly categorised as follows:
- issues relating to the manner of selling some insurance products (which were sometimes compounded by issues relating to the low value of particular insurance products). Many of the concerns here were around unsolicited or pressure selling particularly to vulnerable people;
- issues relating to the avoidance of insurance policies as a result of pre-contractual non-disclosure or misrepresentations;
- issues relating to the use of, and reliance upon, potentially unfair contract terms. In particular, unexpected policy exclusions of particular events seemed to attract much consumer concern;
- issues relating to claims handling. In this regard, the Royal Commission Report cited ASIC's view that 'For consumers, the intrinsic value of an insurance product lies in the ability to make a successful claim when an insured event occurs.' For that reason, I would argue that the ease or difficulty of the claims handling process is critical for any insurance product;
- issues relating to the lack of enforceability of various self-regulatory obligations; and
- issues relating to dispute resolution. In other words, complaints handling really matters.
I hope my comments today have been of some interest. If nothing else I wanted to stress that maintaining trust in a sector begins with businesses themselves. Strong professionalism, good governance practice and the right culture are key tools in this regard.
That is not to ignore the role of regulators. Over the next few years, ASIC will continue to implement its strategic change agenda, including our accelerated enforcement approach and more intensive supervision, through programs like the Corporate Governance Taskforce. We want to continue to provide resources and information to enhance governance practices, and to create real and positive changes in company culture and behaviour for all Australian consumers and investors.
Thank you, and I look forward to taking questions.