ACSI report finds gaps in ASX200 codes of conduct, whistleblowing

ASX200 companies are not addressing key risks in codes of conduct and whistleblowing systems, according to new research by the Australian Council of Superannuation Investors (ACSI).

ACSI found that of the ASX200 companies, 67% “failed to cover five of the 13 recommended topics in their code of conduct,” with omissions including well known business risks including fair dealing/product responsibility, data protection and cybercrime, anti-money laundering and counter-terrorism finance (AML/CTF). ACSI noted that overall, ASX50 companies had better coverage than the ASX51-200, in terms of codes of conduct and whistleblowing systems.

The report found that 199 of the ASX200 companies disclose a code of conduct, but only 14 of those codes meet ACSI’s definition of leading practice.

“In some ways, I was really quite surprised with the results of this research, because it seems to me, there’s such a focus on corporate culture, putting in place these levers or frameworks aren’t going to fix anything, but they’re your bare minimum, and to find out so many companies don’t do it, it was surprising,” said Louise Davidson, ACSI CEO. “There’s been so much evidence over the last, say two years, about the critical role that whistleblowing plays in making sure that people feel empowered to come forward when things are going wrong.”

ACSI’s research turned up many gaps ASX200 codes of conduct – most do not include an introduction by the CEO, don’t provide practical tools to assist employees to apply the code of conduct and are not regularly reviewed. ACSI notes “these are all features of effective implementation.”

“Everyone is in furious agreement that the concepts are valuable and that you should have a code of conduct and whistleblowing systems, but it’s in the implementation of those that we’re seeing things not really delivering,” Davidson said. “For example, even in this high-level implementation in terms of how seriously people are taking their codes, how often they’re refreshed or how often the CEO is talking about them, those fairly basic issues seem to be falling down in many cases. In terms of the more detailed implementation one can only wonder how rigorously that’s being pursued.”

ACSI defined 13 risks covered in ASX50 codes of conduct as EEO/non-discrimination, safety, gifts, environment, bribery, fraud/corruption, conflict of interest, bulling, human rights, anti-competition/anti-trust, AML/CTF, data protection/cybercrime, and fair dealing and product responsibility.

The report noted that in the ASX 50, there is also “significant room” for improvement in coverage around bullying, conflict of interest, fraud and corruption and bribery. The report notes that some of these topics have been receiving “more attention by regulators and boards since the ASX Corporate Governance Council published the ASX Principles and Recommendations in 2014, we expect the 200 largest companies in Australia to inform their employees about appropriate conduct in respect of these topics. The code of conduct is a practical way of doing this.”

“Risk coverage in ASX51-200 codes of conduct was weaker,” the report said. “Six topics (fraud and corruption, bullying, human rights, and fair dealing/product responsibility) were covered by approximately 50% or fewer codes of conduct. In addition, 48 codes (32%) of ASX51-200 companies did not cover bribery, 38 companies (25%) did not provide guidance for safety, 28 (19%) did not include conflict of interest, and 25 companies (17%) of codes of conduct did not highlight the importance of managing the receipt or offering of gifts. These gaps in coverage are significant and need to be addressed.”

In addition to the need to cover areas of risk, companies also have gaps around whistleblowing systems – the report found that 38 ASX200 companies (19%) do not mention whistleblowing (including how to report wrongdoing) in their code of conduct.

ACSI will use the findings of the report in engagements with companies this year.

“We are identifying companies with particularly poor outcomes and results and will be talking to companies about that,” Davidson said. “This report goes to companies, it goes to government, it goes to regulators and I hope will be used to inform their thinking and discussions as well.”