What are the lessons for all board directors from experiences in Australia on improving governance, culture and conduct?

The recent findings from the Banking Royal Commission into misconduct in the banking industry in Australia have been a strong reminder to directors in the banking industry on the importance of boards regularly assessing their organisations’ governance and culture.

Following the Global Financial Crisis (“GFC”), the banking industry has been plagued by numerous scandals and penalised, either by fines or operational risk capital charges. Further, global organisations in non-financial sectors such as automotive and high-tech have also experienced misconduct issues which have been similarly profound.

It is evident that in many of these cases, culture, conduct and behaviours have, in large led to poor or sub-standard outcomes for customers and clients. Often, systems and processes in place which were thought to have been adequate, were often not robust, allowing for complacency, judgement reflective of “group think”, and ultimately a poor culture.

With companies facing multiple issues such as growing their businesses, being innovative and competing against non-traditional players as a result of increased disruption, a challenge for many boards and senior management is how they manage their organisational culture as digitisation accelerates and impact their business models and strategies, as the sources and scope of conduct issues could change.

Experiences from the banking industry

Whilst the banking industry has devoted significant time and resources to understand the causes of the breakdowns of culture that contributed to the GFC, and to implement reforms to address them, unfortunately across all geographies and businesses, it has continued to be dogged by failures of corporate culture, conduct and governance. These scandals have ranged from lapses in customer protection, to anti-money laundering deficiencies, to manipulation of market benchmark rates to rogue trading. The banking industry continues to suffer from a negative reputation, with its trust in significant need of repair.

Since the GFC, the public at large have voiced their concerns, leading to political involvement in the banking sector. The way the political direction of the banking sector has played itself out has been through banking regulators.

As a result, in April 2018 the Financial Stability Board (“FSB”),an international body that monitors and makes recommendations about the global financial system issued a toolkit that firms and global banking supervisors can use to mitigate misconduct risk. Further, in November 2018, the Group of Thirty (“G30”) an international body of leading financiers and academics which aims to deepen understanding of economic and financial issues and to examine consequences of decisions made in the public and private sectors related to these issues, identified eight lessons and twelve recommendations to the banking community for further work and additional focus.

What is culture and conduct for a bank?

Culture is the mechanism that delivers the values and behaviours that shape conduct and contributes to creating trust in banks and a positive reputation for banks among key stakeholders, both internal and external.

Culture comprises not only of conduct and behaviours, but also a bank’s values and ethics. It has been described as “what people do when no-one is watching”, a description which captures what might be called the “internalised or “instinctive” application of shared values and norms.

Managing culture requires an understanding of visible conduct and behaviours, as well as the complex web of influences that lie beneath them.

Whilst conduct and behaviours (what people say and do) are only the visible elements of a culture, they are directly influenced by the less tangible elements, such as the bank’s unspoken rules, ideas, norms and subconscious beliefs that lie beneath the surface.

While cultural norms and beliefs cannot easily be measured, the conduct and behaviours that the cultural norms encourage or discourage can be. Conduct can be observed, monitored, managed and incentivised.

Source – Group of Thirty (2018)

The G30 noted that regaining trust will require persistent efforts across the industry, and that bank conduct and culture is at centre of the uphill battle to retain trust. Unfortunately, they are of the view that many banks still lack clarity on how the board will champion, oversee and monitor conduct and culture issues, and whether a single dedicated committee of the board is appropriate.

Their key recommendations in relation to senior accountability and governance were:

  1. The board should re-evaluate its governance structure to ensure one specific and dedicated board committee has oversight over the bank’s conduct and culture.
  2. Bank boards and senior management should work more closely with various business units and with geographical and functional heads to strengthen the quality and availability of data and insights needed to manage conduct and culture.

The G30 also made other recommendations in relation to performance management and incentives, staff development and promotions, as well as ensuring the effectiveness of the three lines of defence.

Cross-industry lessons

In its 2018 report, the G30 identified five characteristics across industries that might provide insights into characteristics that lead to greater cultural risk.

1. Lack of diversity – which can foster groupthink cultures.

2. Presence of dominant companies – a few large, successful players dominate these industries and may lead to deprioritising cultures.

3. High dependency on specialised skill sets

4. Misaligned incentives

5. Ineffective leadership and management skills

Source – Group of Thirty (2018)

Lessons for all board directors

A key responsibility of the board is to set the right tone from the top – to provide direction to their organisations regarding the culture that is expected of staff in pursuit of its organisational goals. Directors need to continually look for better ways to monitor corporate culture, understand potential cultural risks, and address problems, if any before they get out of control.

In the new world, where trust inequality remains high, and where millennials customers and employees are becoming increasingly more influential, a focus on organisational values, culture and conduct will become increasingly more important.

Based on the lessons learnt from the banking industry, some of the questions which all boards should be asking themselves are:

Questions for directors to ask and “how to avoid being bamboozled by the executive”


1. Does the board have the right skills and capability for culture oversight?

2. Is the board clear in its governance structure which committee(s) have oversight over culture and conduct matters? Where there is overlap between multiple board committees, is there sufficient communication amongst the committees in place to ensure alignment on priorities and initiatives?

3. Are culture and conduct incorporated into board agendas, and are initiatives and processes benchmarked against other players on a regular basis?

4. Does the board periodically review how conduct breaches are dealt with?

5. Does the board have the right non-financial risk data and insights to assess the effectiveness (or ineffectiveness) of the company’s culture and its governance, identify problems with the culture and governance, deal with problems, and determine whether the changes it has made have been effective. Does the data cover conduct (for example, fraud, mis selling, employee behaviour negatively impacting customers etc), cyber and technology, operational and regulatory/compliance risks?

6. Is the board a conduit of direct access for escalation and whistleblowing?

7. Are the board’s discussions focused on not only existing but emerging risks?

8. Is the board as a whole devoting sufficient time to culture and conduct matters?

9. Does the board visit functions and business units to allow them a first-hand observation of the behavioural atmosphere?

10. Is the board satisfied with the tone set by the CEO and senior management to help ensure the culture fits with the organisation’s strategic direction and plans?

11. Does the board believe that the current culture and values espoused by the board the best ones for the organisation now and in the foreseeable future?


1. Does the company have robust and relevant structures, policies and processes in place to identify and report departures from desired behaviours and conduct (such as dashboard information, customer complaints and whistleblowing activities)? How does it verify that it does?

2. Does the company have sufficient and capable resources applied to the identification, reporting and management of non-financial risks that the board and senior management are applying proper oversight over.

3. Does the board believe that the company’s processes in relation to performance management and incentives, staff development and promotions, and the effectiveness of the three lines of defence (including scope of internal audit) meet the new higher expectations? Does consequence management need enhancement? Are risk and customer objectives appropriately reflected in remuneration outcomes?

4. Does internal audit’s scope cover culture? Do they have the right skills and resources to provide insight?

5. Are the company’s metrics forward looking, relevant, effective, and aligned to reporting to identify emerging risks and manage conduct processes?


With increasing focus by companies beyond transactional metrics towards customer (and other stakeholder) outcomes, and broadening of definitions of misconduct from intentional foul play to potential unintended consequences, effective board oversight is needed to ensure that the embedding and sustaining of the desired culture will remain a permanent feature of doing business. This will become increasingly more important as businesses respond to market dynamics that require speed, agility and responsiveness, and as stakeholder views and expectations evolve. Increasingly, companies will need to prioritise people, both their customers and their employees.

Ultimately, the test of an effective board and organisational culture is the creation of value over time. A positive culture can help ensure a company is best able to build sustainable value in the future.


Original article published by INSEAD Directors’ Network on 30 July 2019 is available here.

Interested to understand why it is important to put a people lens on risk management? Read here.