The Evolving Duties of the Board

The Evolving Duties of the Board: From Compliance to Culture and the ‘Social License to Operate’

In an era of relentless scrutiny and rapid stakeholder expectation shifts, the responsibilities of the Board of Directors have expanded far beyond mere financial oversight and regulatory tick-boxing.

While quarterly earnings and strategic growth remain paramount, a new, equally critical mandate has emerged over the last 10 years – the active cultivation and protection of the company’s culture and its overarching social license to operate. This evolution is starkly articulated in the ASX Corporate Governance Principles and Recommendations (4th Edition), released on 27 February 2019, particularly within Principle 3: Instil a culture of acting lawfully, ethically and responsibly.

For ASX listed companies, the cost of cultural missteps can be catastrophic, leading to reputational damage, regulatory fines, leadership churn, and a precipitous erosion of shareholder value.

The global financial crisis, numerous royal commissions, and ongoing corporate scandals have indelibly demonstrated that robust governance is fundamentally underpinned by a sound culture, not just a comprehensive compliance manual.

Navigating the Rise of Non-Financial Risk

The emphasis on Principle 3 signals a profound shift.

Boards are now unequivocally responsible for overseeing non-financial risks. These are the intangible, yet immensely impactful, dangers that emerge from employee conduct, ethical lapses, compliance breaches, and a failure to embed core values throughout the organisation. Historically, risk committees might have focused predominantly on financial, operational, and market risks. Today, their remit must explicitly extend to:

Conduct Risk: The potential for employee or executive behaviour to cause harm to customers, markets, or the organisation itself.
Reputational Risk: The likelihood of negative public perception impacting brand value, customer loyalty, and investor confidence.
Environmental & Social Risk: Non-compliance or perceived non-compliance with societal expectations around sustainability, human rights, and community engagement.
Cyber & Data Ethics Risk: Beyond technical security, the ethical implications of data usage and the cultural approach to privacy.

The corporate landscape for ASX-listed entities has been repeatedly tested by recent high-profile failures that highlight a critical vulnerability in modern corporate governance: the inadequate oversight of non-financial risks and corporate culture.

1. The Qantas Board Governance Issues (2023–2024)

The Qantas board faced intense scrutiny for prioritizing shareholder interests over customer and social license interests, leading to a significant breakdown of trust. Failures included inadequate oversight of operational decline post-COVID, a contentious retention of substantial customer flight credits, and approving executive actions amid public outrage. This demonstrated a critical governance gap where the board was perceived as insufficiently independent and failed to maintain an effective balance between stakeholders.

2. Board Governance Failures (Crown and Star)

Royal Commissions and regulatory inquiries into both Crown Resorts and The Star Entertainment Group exposed massive systemic failures in risk management and ethical conduct oversight. Directors were found to have presided over a culture that allowed extensive breaches of anti-money laundering and financial crime laws to occur. These cases highlighted a catastrophic failure to establish a robust non-financial risk framework, leading to regulatory action, massive fines, and widespread board and executive turnover.

3. Rex Continuous Disclosure Case (2024)

ASIC initiated legal action against Rex and four of its directors alleging breaches of continuous disclosure obligations and directors’ duties. The core of the complaint is that the company issued an “optimistic” profit forecast without a reasonable basis, and then failed to correct the market promptly when financial information clearly indicated a material downgrade was necessary. This serves as a pointed reminder of the board’s duty to ensure the integrity of market disclosures and avoid misleading investors.

Effective oversight of these non-financial risks requires Boards to move beyond traditional reporting structures. It demands probing questions, access to diverse internal metrics (not just financial KPIs), and a willingness to challenge management on the qualitative aspects of their risk culture.

This proactive approach helps to pre-empt crises rather than merely react to them.

Whistleblowers & Anti-Bribery: Barometers of Culture

Two specific recommendations within Principle 3 serve as vital indicators of an organisation’s cultural health: Recommendation 3.3 (whistleblower policy) and Recommendation 3.4 (anti-bribery and corruption policy). These are not merely administrative requirements; they are fundamental tools for fostering transparency, accountability, and ethical conduct.

A truly effective whistleblower policy does more than just provide a channel for reporting; it creates a safe environment where individuals feel empowered to speak up without fear of reprisal. For ASX boards, this means:

Ensuring the policy is widely communicated and understood.
Verifying the independence and impartiality of the reporting mechanism.
Actively monitoring the number and nature of reports, and critically, the outcomes and remedial actions taken. A low volume of whistleblower reports in a large organisation might signal a culture of fear, not a lack of issues.

Similarly, a robust anti-bribery and corruption policy, supported by consistent enforcement, signals zero tolerance for unethical practices. The Board’s oversight here ensures that the company’s values are not merely aspirational but are deeply ingrained in everyday operations, especially in complex international dealings. These policies act as a crucial feedback loop, giving the board direct insight into the integrity and efficacy of their ethical framework.

Aligning Board Remuneration with Risk and Values

The link between executive remuneration and corporate culture is undeniable, as highlighted in ASX Corporate Governance Principle 8 (Remunerate fairly and responsibly). Where incentive structures overly reward short-term financial gains without sufficient consideration for long-term value creation, ethical conduct, and risk management, they can inadvertently foster a culture of excessive risk-taking and compromise.

Boards must ensure that remuneration frameworks, particularly those for senior executives, explicitly integrate non-financial performance metrics. This includes:

Safety metrics: Especially critical in high-risk industries.
Customer satisfaction scores: Reflecting a commitment to external stakeholders.
ESG (Environmental, Social, Governance) targets: Aligning with sustainability goals and community expectations.
Adherence to risk management frameworks and ethical conduct: Penalising breaches and rewarding responsible behaviour.

By aligning incentives with the entity’s core values and its risk appetite, Boards can reinforce the desired culture. This sends a clear message from the top: sustainable success is built on ethical foundations, and individual rewards are intrinsically linked to collective, responsible performance.

This strategic alignment is paramount for securing and maintaining the “social license to operate,” ensuring long-term viability and stakeholder trust for ASX listed companies in an increasingly scrutinised global market.

How We Can Help Your Board

We understand the importance of good governance for Australian listed entities. Since 2001, we have assisted listed entities strengthen their risk management framework to align with better practice and the Corporate Governance Principles and Recommendations (CGPR).

Our services are designed to help boards quickly translate the Principles into actionable compliance and disclosure practices, enabling listed entities to meet the higher standards expected.

For small to medium listed entities, we offer bespoke services that include:

Virtual Risk Officer: We offer expert guidance in establishing formal risk frameworks and conduct independent reviews to assess framework maturity. Additionally, we conduct risk workshops, risk culture assessments, and provide specialised services in areas like business continuity, crisis management, fraud control, modern slavery, and climate change risk.
Virtual Chief Information Security Officer (vCISO): We provide fractional or on-demand cyber security leadership to help you meet the evolving cyber risk landscape, without the cost of a full-time executive.
Internal Audit Services: We provide outsourced or co-sourced internal audit functions, ensuring independent assurance on your controls and operational efficiency, which is vital for maintaining board and stakeholder confidence.

Take Board Governance to the next level and contact us to discuss your needs.

The Evolving Duties of the Board

The Evolving Duties of the Board: From Compliance to Culture and the ‘Social License to Operate’

Navigating the Rise of Non-Financial Risk

1. The Qantas Board Governance Issues (2023–2024)

2. Board Governance Failures (Crown and Star)

3. Rex Continuous Disclosure Case (2024)

Whistleblowers & Anti-Bribery: Barometers of Culture

Aligning Board Remuneration with Risk and Values

How We Can Help Your Board

All Publications

ASX Takes Control of Corporate Governance

The Evolving Duties of the Board

GRC Capability vs Technology: The Differences

New GRC system: Fix Post Go-Live Issues Early

GRC System Readiness Assessment: 5 Key Questions

Why GRC Systems Fail & How to Unlock Real Value

New Third Party Requirements Reshaping Australia

The 4 Chief Risk Officer Archetypes For Success

Your First 90 Days as a New Risk Officer

The AI Governance Maze: Navigating AI Risks and Chaos

CPS 230 Deadline Nears – Fix Blind Spots Now

Essential AI Governance Documents to Build Trust in AI

Mastering the Machine: Navigating the Top 10 AI Risks