Culture is a term that we all understand to mean the shared set of values or assumptions that reflect the underlying mind-set of an organisation. Management consultants have for years highlighted the need for companies to promote a positive and supportive culture.

For insurers, the culture of the organisations they underwrite is increasingly becoming a critical issue in order to assess risk. This is because companies with poor culture are exposed to greater litigation risks, regulatory scrutiny, fines and penalties. Examples of poor culture can be seen in the Australian Security and Investment Commission's (ASIC) current investigation of the incentive structures of three major Australian Banks, the misconduct investigation of IOOF Holdings, and the global response to the Volkswagen emission scandal.

Globally a number of regulators have flagged an intention to crack down on organisations with poor culture.

Against this backdrop there are a number of key factors insurers can consider when assessing whether their insured's promote a good corporate culture.

Incentives and Rewards

The incentive and rewards structure of an insured's business provides a key insight into its culture. These structures have a high degree of influence over employee conduct and their interaction with stakeholders. Excessive commissions and rewards for sales-volume have been found to encourage work practices that undermine adherence to the organisation's wider legal obligations.

ASIC has identified a correlation between inappropriate incentive structures and organisations that breach Australia's Corporations Act. The UK Financial Conduct Authority, the Reserve Bank of New York, ASIC and the Australian Prudential Regulatory Authority (APRA) have all emphasised the importance of ensuring that bonuses, promotions and other forms of incentives are connected to good outcomes for clients, and align with the compliance obligations of the company.

The Australian Stock Exchange (ASX) recommends that listed entities have a separate and independent remuneration committee to review and update remuneration policies and that remuneration should be assessed against the overall roles and responsibilities of employees, and not solely financial targets.

Training and Compliance

Training and compliance structures have also been cited as key drivers of corporate conduct by the regulators. When assessing whether companies have poor culture, the regulators have looked at the education programs in place, and whether these programs emphasise the values of the organisation and the behaviour expected of staff. Up-to-date training was identified by Australia's Trowbridge Report as being an essential tool in remedying any poor practices within an organisation. Companies that do not promote regular training will hold a greater risk of having poor culture.

Risk Management and Transparency

A lack of transparency when dealing with clients is often a sign of poor culture within a company. A lack of accountability and transparency can encourage mind-sets where it is acceptable to cover up mistakes and avoid addressing potential misconduct. The Organisation for Economic Co-Operation and Development (OECD) has blamed a lack of transparency as a key reason many company boards failed to appropriately manage risk in the lead up to the global financial crisis.

Many jurisdictions, such as Australia, also require heightened disclosure obligations for financial services organisations and include requirements that disclosure to clients be timely, relevant to the needs of clients, and sufficient to encourage product understanding and comparison. Transparency has also been found to require a strong reporting culture, where clients regularly receive information on potential risks and can make informed decisions. A failure to provide regular advice to clients has been identified as a trend leading towards poor culture.

Complaints Handling

Recently, ASIC Commissioner, Greg Tanzer, stated that a positive culture required accountability and open communication so that ineffective and risky practices can be challenged and so that employees are able to come forward without fear of retaliation. Similarly, regulators have identified whistle-blower and staff complaint policies as key culture indicators.

If a company is subject to regulatory oversight, a regulator is also likely to require evidence showing that company concerns are investigated quickly, escalated to the appropriate level of management, and are in line with principles of procedural fairness. All of these elements should be taken into account when an insurer is assessing the culture risk posed by its insureds.

What must insurers not forget?

The above all are key factors to take into account when doing a risk assessment of an insured. It is clear though that a positive culture requires active promotion by the leadership team and this should not be overlooked by insurers. The attitudes of management and company gatekeepers are key indicators of an organisation's overall attitude, and whether good culture will be promoted. Indeed, Justice Heerey in ACCC v Visy Industries Holdings Pty Ltd (No 3) noted that unless compliance is prioritised by leadership, individuals may still embark on unlawful conduct, and policies and procedure may well be written in Sanskrit for all the notice staff will take.

Risk Assessment: The Importance Of Considering The Insured's Corporate Culture

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.