Australian Securities and Investments Commission (ASIC) chair James Shipton has urged a ‘sense of urgency’ be applied by companies to their non-financial risks, including compliance risk.
In a speech in Sydney, Shipton said he found boards were being ‘challenged’ by elements of non-financial risk management and that their oversight of this risk was ‘less mature than required’.
Non-financial risk included areas such as operational risk, conduct risk and compliance risk, although ASIC primarily focused on the compliance part.
Launching a Director and officer oversight of non-financial risk report, ASIC said it had examined almost 30,000 documents and interviewed 60 directors and senior executives.
“Boards cannot afford to ignore the oversight of non-financial risks. As we have seen, all risk can have financial consequences. If not well managed, non-financial risks carry very real financial implications for companies, their investors and customers,” said Shipton.
Within its report, the regulator found managements were operating outside of board-approved risk appetites for compliance risk and failing to effectively communicate the company’s risk position. Material information about non-financial risk was also often buried in dense board packs, making them difficult to identify.
Boards should actively hold management accountable for operating within stated risk appetites and take ownership of the form and content of information they received. The effectiveness of board risk committees could also be improved as they were being ‘underutilised’, ASIC said.
“We acknowledge that there are no ‘easy fixes’ to some of these issues. However effective oversight and management of non-financial risk is not novel or impossible. Companies have managed some of these risks well in the past and continue to do so today. We hope this review provides boards with a useful roadmap to achieve this,” Shipton added.