Responses to recent corporate collapses have overlooked the importance of business ethics in managing risk * Four indicators of business ethics and their risk management aspects are discussed * Investors are wanting companies to disclose how they are managing the risks from poor business ethics practices Over the past decade, poor risk management of various kinds, for example, a lack of board independence or potentially compromised auditors, has contributed to sometimes spectacular company losses and failures. Largely absent from regulatory and (until recently) investor responses to this has been a consideration of business ethics.
As the collapse of Enron demonstrated, all the correct oversight structures of an independent board and corporate governance charters cannot compensate for the lack of an ethical corporate culture. The importance of business ethics in risk management has hovered around the edges of inquiries such as the Owen Royal Commission and the Jackson Inquiry. Both inquiries looked beyond mere legal boundaries on company behaviour, to wonder if all the costs and reputation damage could have been avoided by (in Justice Neville Owen’s words) someone asking ‘is this right? Why has the issue of business ethics not received more systematic attention from business and investor groups? One explanation could be that ethics is a contentious subject that overlaps, sometimes uneasily, with questions of law. Another explanation is that real measurement of ethics by outsiders is difficult, although not impossible. However, investors are beginning to focus on business ethics as one of the missing pieces to the risk management puzzle.
Research commissioned by BT’s superannuation fund clients and performed by Monash Sustainability Enterprises, has shown that poor business ethics practices can translate into a range of risks to company performance and returns to shareowners. This article discusses the business ethics indicators used, the need for investors to be informed about how companies are managing the risks posed by poor ethical practices, and the need for listed companies to ensure such information is disclosed and to develop a strong ethical business culture.
Defining business ethics To try and define business ethics, we selected four indicators that focused on ethical breaches which threaten to harm a company’s major external stakeholders: consumers and the general public. Such breaches in turn, create material business risks. The four indicators we chose were: * avoiding unfair business practices * protecting consumer privacy upholding community safety and welfare, and * responsible marketing and promotion. These indicators are by no means exhaustive, rather a set of ‘measurable’ risks.
We discuss the risk management aspects of these indicators below. Avoiding unfair business practices Unfair business practices such as price fixing, bid rigging and market collusion can be punished with fines of $10 million under the Trade Practices Act (TPA). Proposed amendments to this Act, now before the Parliament, would substantially raise the penalty for violations to up to three times the amount of revenue generated by their collusive practices, or if this cannot be quantified, 10% of their annual turnover.
Other legislation implementing the OECD’s Anti-Bribery Convention makes bribery of foreign public officials an offence, punished with a maximum fine of $330,000 for companies and up to 10 years in prison for the responsible executives. There are similar penalties for bribery of an Australian official, not to mention the associated negative publicity. Protecting consumer privacy Customers want to feel their information is safe and protected by the companies they give their business to, otherwise they will switch to a competitor, so it is vital for a company to manage the risks of a privacy breach.
Certain companies, by the very nature of their activities, have access to a huge amount of information about their customers including personal details and patterns of usage. For example, telecommunications companies can be fined for breaches of consumer privacy. Companies that have access to consumers’ health data are subject to a separate set of regulation and fines for violations of consumer privacy. Whatever industry you are in, be sure you have systems, checks and procedures in place to protect your customers’ privacy. Upholding community safety and welfare
Ethical breaches that cause harm or potential harm to consumers can have enormous consequences beyond the narrow impact of fines for breaches. For many companies, harming the community could destroy the company and will inflict serious damage to the relevant industry and its reputation. Take a drug company: While the fines for mislabelling a product may be small as a percentage of profits, the damage that news of such a mislabelling can do to its reputation can be incalculable. There are also more serious regulatory responses for companies that depend on a formal licence to operate.
Pan Pharmaceuticals, for example, had its business as a drug company destroyed by the combination of news of its product recall and the suspension of its licence by the Therapeutic Goods Administration. The Pan example may be extreme, but any company supplying goods to the public runs similar risks, from food producers and manufacturers to retailers and building products companies. Responsible marketing and promotion Companies engaged in misleading or deceptive conduct can be fined up to $1 million under the TPA.
A larger potential cost of misleading or deceptive advertising campaigns can come from an injunction halting the campaign, with no compensation for the loss caused by the injunction. Damages, in the form of rebates or full refunds of consumer payments can also be sought. Courts can also order companies to publish corrections via major media outlets and pay for independent compliance audits of their operations. The ACCC has shown it is prepared to pursue companies through the courts for advertising campaigns it deems misleading or deceptive.
While the direct costs in the context of listed companies are likely to be small, the damage to the company’s reputation may be substantial. The role and threat of further regulation A corporate regulatory regime involves penalties for breaches such as fines and even prison sentences for company directors and executives. Although these fines may not have a great financial impact on large listed companies, the more serious impact may be damage to the company’s reputation or morale of its employees.
The four areas discussed above are all currently subject to extensive regulation, indicating the community’s existing levels of concern about company practices in these areas. If companies continue to commit such ethical breaches, a serious consequence is the potential it creates for even more regulation. Governments do not legislate in a vacuum and the demand for them to ‘do something’ to address a perceived or actual crisis can drive further regulation that is costly for business and actually fails to address the root cause. For business, the best way to avoid further regulation is prevention.
Central to preventing more regulation is a robust corporate culture and practice of good business ethics, driven, implemented and upheld by the company at every level. Can investors assess how well a company is managing the risks posed by poor business ethics? Given the potential costs to investors of ethical lapses, it is not surprising that investors are interested in just how companies seek to ensure a strong ‘business ethics culture’. This is not because investors are anxious for companies to be doing ‘the right thing’, but because good business ethics practices make sense as a risk management tool to help protect investors’ capital.
Avoiding unfair business practices At present, investors concerned about just how S/ASX200 companies manage risks posed by poor ethical practices have little information to base decisions on. Of all companies in the top 200 as at 19 January 2005, more than 160 give no indication of how their boards oversee their companies’ business practices with regards to competitors. For investors, the thought that more than 80 per cent of the benchmark index does not, based on public reporting, have a company-wide approach to avoiding breaches of the Trades Practices Act or other laws against uncompetitive conduct is of concern.
This is especially so, given the maximum fines of $10 million and potential new fines outlined above. Protecting consumer privacy When it comes to consumer privacy, investors are similarly unable to get an understanding of how companies ensure they do not breach consumer privacy laws. More than half of the top 200 listed companies give no public information on internal control systems for avoiding and minimising breaches of consumer privacy. Companies that do not give public information include some with a high exposure to consumer privacy risk, including companies in the telecommunications and health care sector.
Upholding community safety and welfare Just under half of the top 200 companies do not tell investors how they train staff and contractors in ensuring products are safe for the community or ensuring that hazardous materials do not cause damage to public health. Product safety and service integrity incidents can be extremely damaging, especially for well-known brand names. Given the costs of a product recall, or litigation on the basis of product liability, to investors and companies, these are potentially material risks–and investors have no way of knowing how they are being managed by many companies.
Responsible marketing and promotion Just over half of the top 200 do not specify in their codes of conduct, any policy dealing with responsible marketing and advertising. As a result, investors do not know how many companies are managing these risks, which range from fines of up to $1. 1 million on companies engaged in misleading or deceptive conduct to community calls to restrict and further regulate advertising to children. These risks are evidence of the importance to investors of understanding how companies ensure their marketing is responsible–not to mention legal.
The importance of disclosure Of course, mere disclosure of policies relating to the above areas does not necessarily mean that a company is managing the risks posed by poor business ethics practices. But without such disclosure, investors are largely in the dark about an important component of risk management for many companies. For those companies that do disclose their trade practices compliance or conflict of interest programs, investors do at least have a public indication from a company that its directors and management are addressing these risks.
What investors want Investors are starting to call for companies to take these kinds of steps. The superannuation funds participating in the BT Governance Advisory Service and that commissioned the business ethics research (which, between them, invest nearly $7 billion in Australian equities) want listed companies to ensure: * Boards oversee areas of business ethics practices that are a potential risk area for a company. * Management processes are in place to review, monitor and manage business ethics issues across all company divisions. Company codes of conduct provide employees with detailed and illustrative instructions on how to respond to business ethics issues. At the very least, the corporate code of conduct should target compliance with the code. * Governance measures are supported by a whistleblowing policy and compliance training for staff and contractors. * They publicly report on their performance on business ethics issues, and disclose policies on political donations to evidence transparency. At the heart of growing investor concern about business ethics is the recognition that every company faces different risks from poor business ethics practices.
Companies dealing in industries with few competitors, for example, would have a higher exposure to potential risks from unfair business practices while companies that manufacture, package or sell goods to consumers would be more exposed to risks relating to product safety. There is no universal approach to ensuring a particular company’s culture and practices encourage an ethical approach to business, but there is a universal need for company boards and management to address themselves to the potential risks.
And good business ethics, is, after all, the most efficient form of risk management. BT GAS is retained by five superannuation funds–PSS/CSS, the Catholic Superannuation Fund, the Northern Territory Government & Public Authorities Superannuation Scheme , VicSuper and ESS–to assess how S&P/ASX200 companies manage social, environmental and corporate governance risks and engage with those companies to encourage better risk management and disclosure. Monash Sustainability Enterprises is sub-adviser to BT on social and environmental issues.