OBLB Keywords

Regulators across the globe have prioritised improvements in ‘corporate culture’ for all companies – from financial institutions to energy and resources entities, manufacturers and service providers in the public and private sector – as a key supervisory and regulatory focus in recent times. Why the focus on culture? Because culture is the key driver of conduct. A deficient culture results in poor standards of behaviour, and this can cause serious harm for consumers, employees and shareholders. 

The pandemic has heightened regulators’ concerns about conduct risks deriving from a deficient corporate culture. Simultaneously, the pandemic has made corporate stakeholders more highly attuned to environmental, social and corporate governance—ESG—matters, including corporate culture, than ever before.  

This regulatory and investment alignment means that putting in place a positive, healthy and meaningful corporate culture is a key pillar of success for all entities. Far from being a distraction or a collateral matter, it is an intrinsic part of a company’s ultimate profit-making objective and directors’ obligation to act in the best interests of the company.   

What have the regulators said about corporate culture? 
In Australia, the definition of corporate culture provided by the Australian Securities and Investments Commission (ASIC) is a company’s ‘set of shared values or assumptions’.  Culture is a company’s ‘underlying mindset’ and this in turn directly informs the company’s attitudes and behaviours towards customers, employees, shareholders and compliance with the law.  

In its revised Corporate Plan for 2020-2024 released on 31 August 2020, one of ASIC’s priorities is the improved management of non-financial risks by directors, including operational risks, conduct risks and compliance risks arising from not following applicable rules and regulations.  Necessarily, the nature and extent of those risks is directly informed by a company’s culture.   

Already, ASIC has established a dedicated Corporate Governance Taskforce, which has been clear that the onus is on a company’s board to drive cultural change and instill an effective governance and risk management framework that delivers positive outcomes internally and externally.  

Likewise, in its revised Corporate Plan for 2020-2024, also released on 31 August 2020, the Australian Prudential Regulation Authority (APRA) identifies the transformation of governance, culture, remuneration and accountability across all regulated institutions as a key priority.  

In a May 2019 report, APRA reiterated the role of the board in setting and regularly reviewing a company’s risk frameworks and dealings with customers and other stakeholders to ensure responsible, ethical and legally compliant behaviours are instilled at all levels of the organisation. 

Globally, improved corporate culture has also been prioritised by regulators in other jurisdictions. In New Zealand, Reserve Bank of New Zealand Governor Adrian Orr has noted that a company’s culture is ‘the key driver of its conduct and more general risk management’, emphasising that cultural improvements are also the backbone of broader financial stability in New Zealand.  

The Hong Kong Monetary Authority (HKMA) has conducted a similar bank self-assessment process to APRA. In its May 2020 report, the HKMA emphasises the role of the board in establishing a responsible and ethical culture, values and behavioural standards that promote prudent risk-taking, the fair treatment of customers and an environment where employees are valued.

In the United Kingdom, the Financial Conduct Authority (FCA) released a discussion paper in March 2020 on transforming culture in financial services.  To the FCA, the most important common element to all healthy cultures is purpose—the reason why a company exists and what it is trying to achieve and the ‘gravitational force’ that aligns the interests of employees, customers and shareholders. 

And in its non-financial reporting directive, the European Commission now requires over 6,000 large regulated entities to publish reports on key cultural metrics.  The directive is currently being reviewed in an effort to strengthen sustainable investment and encourage directors to lead a responsible approach to business. 

What can boards do?
Instilling a healthy culture requires ongoing leadership, courage and commitment from the top. It is up to boards to take ownership for setting the cultural expectations of the company, articulating and embedding those expectations in specific risk frameworks, policies, procedures and training used in the company’s day to day operations, and regularly reviewing and auditing the effectiveness of those arrangements.

On a practical level, there are a number of things directors can do to build a healthy culture. First, they can establish and implement a comprehensive risk management framework for the company, adapted to suit the particular regulatory setting in which the company operates. This should ideally incorporate a three lines of defence model, backed by processes for risk escalation, reporting and training.  

Second, there should be processes for effective employee engagement and support as part of the company’s vision and purpose. This is especially important during the pandemic, when work from home arrangements and lockdowns have changed the very nature of work and contributed to disconnection, personal stress and mental health concerns from employees.  

The FCA and the HKMA also highlight that a healthy culture is one that is ‘safe’, insofar as employees are made to feel comfortable to express their opinions (including about matters of compliance) and are listened to. The importance of employees behaving honestly and ethically also needs to be reinforced by directors at a time when remote working during the pandemic may weaken adherence to a company’s usual policies and processes.  

Third, effective board-shareholder relations should be fostered. Shareholders are an important organ of governance and opportunities to participate meaningfully in company meetings should be actively promoted. Full and proper disclosure, with shareholders too being part of the corporate journey, is also critical.  

Fourth, there should be a focus on customer care and satisfaction. As with shareholders, transparency and openness is critical, and an approach that encourages enduring relationships should be preferred.  

Finally, the social context in which a company operates must be kept firmly in mind.  Being a good corporate citizen inevitably factors into how a company is seen by its employees, customers, suppliers and shareholders. Efforts to mitigate the company’s carbon footprint and contribute to community education, health and wellbeing initiatives are all part of a company’s purpose and its desire to be a leader of change. 

Directors’ efforts in these areas can be reviewed and continuously improved with reference to various key data measurements, for example:

  • The results of employee and customer satisfaction surveys;
  • Behaviour-related assessment components such as ethics and customer focus included in the interview process for new candidates; 
  • Mystery shopping programs; 
  • Ongoing training and testing of existing employees, including the use of conduct-related performance as part of annual reviews and remuneration policies; and 
  • Instances of staff misconduct and whistleblowing matters.

A healthy and effective corporate culture is a key priority for regulators and corporate stakeholders alike across the world. The expectation is that boards - no matter what sector a company operates in – must lead responsible and ethical practices concerning their employees, customers, suppliers and shareholders and must also be mindful of the social and environmental setting in which the company operates.  

Directors’ focus should be on setting clear standards of behaviour and ensuring continuous review and improvement. In doing so, directors’ management of culture—notionally a ‘non-financial risk’—becomes inextricably interwoven with good financial management and the discharge of directors’ own responsibilities to the company.


Scott Atkins is Partner, Deputy Chair and Head of Risk Advisory, Norton Rose Fulbright.

Dr Kai Luck is Executive Counsel and Director of Strategic Insights, Norton Rose Fulbright.