Robin Healy FCG HKFCG, Institute Council member and Vice-Chairman of the Membership Committee, and Director – Corporate Governance Secretariat, and Kevin Leighton, Independent Corporate Governance Consultant, Link REIT, review two recent examples of corporate misconduct, underscoring the importance of having a robust culture and ethics framework in place.

There are things that are wrong at law and things that are wrong in and of themselves. Today, no organisation can argue a lack of understanding or knowledge of the regulatory and legal framework within which it operates – but do we have such bright lines for matters of business ethics? As stakeholders increasingly make their voices heard, boards are finding themselves having to grapple with such issues far more often. Does your company view organisational ethics as a complicating factor or as a competitive advantage?

The natural question that follows is whether organisations are willing to commit significant resources to the development and implementation of culture and ethics frameworks – and even whether they have the internal capabilities to do so. Pertinent to organisations that have made such a commitment to ethics in the workplace is why significant malfeasance seemingly remains an immovable feature of our corporate landscape. Is it really a losing battle?

National Australia Bank

National Australia Bank (NAB) has a long-stated commitment to ensuring that its staff are guided by the organisation’s culture and values. It commits substantial resources to training to help ‘keep culture and risk management at front of mind’ of the organisation. It has a well-developed Code of Conduct, clear lines of accountability and a statement on How We Work to ‘identify the core elements of behaviour expected of colleagues for NAB to deliver its strategy and clearly articulate its target culture’.

From 2018 to 2023, NAB was the victim of significant fraud when the then CEO’s chief of staff was convicted for her part in siphoning off AU$18 million over a five-year period. NAB staff were (and still are) required to complete risk, compliance, conduct and culture training during this five-year period, yet at least one (very senior) member of staff made a conscious decision to deliberately disregard NAB’s culture and conduct framework for her own financial advantage. During the period over which it was subsequently revealed that the fraudulent acts were perpetrated, NAB had refreshed its company values, strategy and organisational structure, and launched a revised Code of Conduct outlining its expectations for staff to act ethically and responsibly.

What went wrong?

A good governance culture can be characterised by positive shared values and behaviours. A well-embedded governance culture will promote principles of transparency, accountability, integrity and ethical conduct in decision-making processes, elevating the focus from a tick-box compliance exercise to a behaviour-centric culture that can meet the expectations and long-term interests of shareholders. Crucially, it is the board that sets the ‘tone from the top’ and which must therefore embody the standards and behaviours to be inculcated throughout the organisation.

There was an obvious failure to exercise appropriate supervision over expenses incurred by executive directors and management. Further, the executive team had grown accustomed to attending off-site meetings and luxury resorts at a cost to the business of up to AU$30,000 per person for each event. The lack of oversight with respect to the appropriate use of corporate resources and the lax approach adopted by NAB as regards supervision and fiduciary duties to its shareholders may have facilitated the chief of staff’s fraudulent actions.

In this environment of excessive corporate culture, it is hardly surprising that the judge would comment that the chief of staff had been motivated by ‘greed, personal gain and self-gratification’.

How could it have been prevented? 

Tone from the top. The board and the executive must set and embody the desired corporate culture. Failure to do so lessens the organisational imperative to do the right thing. This can impact the culture not only as it relates to any specific wrongdoing, but also as it relates to the robustness of the control framework and how individual controls are designed and, importantly, tested.

An explicit, well-drafted delegation framework forms an essential part of an organisation’s governance model. It provides clear lines of accountability for decision-making and delivers improved business efficiencies. However, in the absence of challenge and ongoing testing, the effectiveness of the delegation framework can be significantly weakened.

Review process. Delegation of authority frameworks are, by their nature, often lengthy documents and often include several addendums setting out the delegations from the board to the CEO, and from the CEO to the executive leadership team members. Considerable discipline is needed to review these documents line by line, reflect on the dollar value of each delegation and raise any feedback regarding the appropriateness of the amount allocated to a specific role. This does not even take into account the input required of teams like the internal audit function, whose resources are often applied following a risk assessment to guide which part of the organisation or processes are audited and to make sampling decisions – at times there can be reticence in choosing to subject senior individuals to time-consuming internal audit processes.

It is more than reasonable to conclude that the governance and controls at NAB were, in this particular instance, less than robust. Indeed, two former CEOs, to whom the chief of staff was a direct report, stated that they were unaware of the AU$20 million delegation. Following the public prosecution of the matter, the delegation to the chief of staff role holder was reduced from AU$20 million to AU$500,000.

For most large organisations, board-owned policies such as the delegation policy will make their way to the board for review annually and may not be regarded as requiring much time on the agenda. Generally, board policies will have been reviewed by internal and, on occasion, external subject matter experts, and are provided to the board with a recommendation by management that the policy should be amended and/or approved. A possible drawback of this approach is that the board can become overly reliant on management’s recommendations and can fall into the habit of approving the policy with minimum consideration.

An alternative approach may be for those policies owned by the board to be:

• scheduled into the board’s forward planner in smaller lots and staggered throughout the year on a quarterly or monthly basis, thereby providing the board members with more time to turn their minds to the key objectives of each policy and consider whether the document remains fit for purpose, and
• scheduled with an appropriate amount of time set aside on the meeting agenda to ensure there is sufficient discussion and challenge, thereby lessening the reliance of the board on management’s recommendations.

PwC Australia

In contrast to NAB, where it may be argued that an overly lax culture contributed to the issues encountered, for PwC Australia (PwC) it appears that a culture more narrowly focused on revenue generation led the individual(s) concerned to disregard ethical considerations. In this matter, a PwC partner used confidential information garnered in his capacity as a tax consultant to the Australian Taxation Office for the financial benefit of corporate clients and therefore PwC.

PwC’s issues emerged despite its comprehensive capability framework, which sets out expectations for decision-making, values, principles and ethics throughout the organisation. However, the tone from the top was sending a contrary message to staff. The issues encountered by PwC serve as an example of what can go wrong when the achievement of aggressive financial and strategic targets are prioritised (even by one individual) over and above core values. Although failings may be attributable to a lack of implementation of appropriate conflict management policies and processes, a question from a more holistic standpoint would be what was the organisational culture such that a basic issue like conflict management was not identified and remediated at pace.

What is perhaps more instructive about the PwC example is its response. When PwC took accountability and ownership of these matters, it was able to use the findings of several self-initiated workstreams and a review by an independent expert to leverage and accelerate the implementation of a number of recommendations. As with any project of this nature, there is a danger of it becoming another tick-box exercise. Shifts in culture require leaders to demonstrate real commitment to changing behaviour, including what they say, what they do, and what they prioritise and reward.

Moving from talk to action

Culture is not a tick-box exercise

If measured in terms of documentation and saying all the right things, most large organisations will have a best practice corporate governance model in place. It is reasonable to take the position that no ethics framework, no matter how well designed, will prevent inappropriate behaviours from occurring where there is indifference or disregard on the part of those senior individuals responsible for organisational conduct.

The key to good corporate governance, however, lies in terms of an organisation’s level of commitment to the model, not just the policies it claims to adhere to. It is about the directors and executives setting the tone and being the drivers for cultural values within their organisations. The governance professional or company secretary is ideally placed and has the requisite skill set to lead on these issues.

The effectiveness and success of such models will be measured when organisations appropriately prioritise behavioural expectations to drive a culture of ethics and compliance – this is essential in order to manage reputational risk and to achieve longterm, sustainable performance.

Robin Healy FCG HKFCG, Institute Council member and Vice-Chairman of the Membership Committee, and Director – Corporate Governance Secretariat, and Kevin Leighton, Independent Corporate Governance Consultant

Link REIT