Corporate culture has been a particular emphasis of financial services in recent times and was a primary focus of the Hayne Royal Commission. But what are the consequences of having a poor culture – and who is ultimately liable for it?
Corporate culture and criminal liability
The Corporations Act 2001 (Cth) does not define "corporate culture". However, the concept is defined in the criminal commercial context. Section 12.3 of the Criminal Code Act 1995 (Cth) defines corporate culture as "an attitude, policy, rule, course of conduct or practice existing within the body corporate generally or in the part of the body corporate in which the relevant activities take place".
Whether a corporation, as a legal entity, should or can be charged as a criminal defendant has historically been, and continues to be, a complex and contentious subject.
The Criminal Code addresses the fault elements of an offence through the use of ideas of organisational blameworthiness, taking into account such factors as the corporation's culture, systems and, operating policies. (See Part 2.5, sections 12.1 – 12.6.) Though criminal prosecutions in the area are relatively rare, corporate culture has been mentioned in regulatory offences and investigations as a factor in sentencing. Consideration of corporate culture at the liability stage encourages corporate self-monitoring and the development of a general culture of compliance. Failure to self-monitor and develop a compliance culture often increases the penalties imposed.
Corporations are generally found either directly or vicariously
liable for conduct. Corporations are able to be found directly
liable in line with the "alter ego" theory which attaches
liability for the acts of those individuals who make up the
directing "mind or will" of the company.
Alternatively, the corporation may be found vicariously liable for the acts of an individual agent if they commit the crime within the scope of their employment.
Historical framework for direct liability
Traditionally, direct liability has only been attributed to a company where the act or omission was performed by an employee who was authorised to "embody" the corporation or is considered to be a "directing mind" of the company. A string of case law explores the "Tesco principle", derived from Tesco Supermarkets Ltd v Nattrass  2 All ER 127. The Tesco principle draws on an earlier case (Bolton (Engineering) Co Ltd v T J Graham & Sons Ltd  1 QB 159), in which Lord Justice Denning said:
Some of the people in the company are mere servants and agents who are nothing more than hands to do the work and cannot be said to represent the directing mind and will of the company, and control what it does. Others are directors and managers who represent the directing mind and will of the company, and control what it does. The state of mind of these managers is the state of mind of the company and is treated by the law as such.
The Tesco principle, therefore, asserts that direct liability has tended to be imposed only when the person performing the act or omission was a director, secretary, or a similarly senior individual in the corporate hierarchy. The Tesco criterion is still the most frequently used for determining which individual can be identified as the embodiment of the corporation itself. It was applied by the High Court of Australia in Hamilton v Whitehead 5 (1988) 166 CLR 121. The guilty mind of the corporation therefore, must be a "vital" organ of the corporation, an individual who is sufficiently senior within the corporate structure to represent, in a metaphorical sense, the mind of the corporation.
This theory is problematic from an enforcement perspective. The limited number of individuals that are identified with the mind of the corporation substantially constrains the applicability of the criminal law. This results in this theory having the most applicability to traditional hierarchical corporations and less to corporations which have flatter structures and a higher rate of delegation to junior officers.
An Australian example
Justice French discussed similar concerns in the context of a Corporations Act contravention in the case Re Chemeq Ltd (ACN 009 135 264); Australian Securities and Investments Commission (ASIC) v Chemeq Limited (2006) 234 ALR 511. He stated that "[i]n considering the appropriate penalty for the contravention by a corporation of a regulatory requirement... it is relevant to consider whether the corporation has in place policies and procedures designed to achieve compliance with such requirements."
Importantly, French J further stated that:
"[t]he Court will consider the form and content of the policies and procedures and also the measures adopted by the corporation to ensure that they are understood and applied. A well drafted set of policies and procedures will mean little if there is no follow up in terms of training of company officers (including directors) and, where appropriate, refresher training."
In Chemeq, a "culture of compliance" was stated as a positive obligation. French J described a culture of compliance as "a degree of awareness and sensitivity to the need to consider regulatory obligations as a routine incident of corporate decision making".
Can good culture help?
The more recent case of Director of Public Prosecutions (Cth) v Nippon Yusen Kabushiki Kaisha  FCA 876 demonstrates the power of a good corporate culture (even post conduct) to mitigate liability.
The offender was a large foreign company which had for many years shipped motor vehicles to Australia from various countries of manufacture. The offender was charged with giving effect to a cartel provision contrary to s 44ZZRG(1) of the Competition and Consumer Act 2010 (Cth). It was alleged that six major shippers including the accused were parties to cartel provisions relating to the fixing of freight rates, the rigging of bids, and the allocation of customers (being the manufacturers) among the parties.
In this case, the conduct of the corporation post offending was taken into consideration and mitigated their liability as they were able to demonstrate that they had altered their corporate culture to one of compliance, had renounced their wrongdoing and had established structures, systems and programs to prevent reoffending.
The Royal Commission into Banking
The Royal Commission identified norms which should be implemented and monitored within a corporation. These included obeying the law, not misleading or deceiving others, acting fairly, providing services which are fit for purpose and delivering those services with reasonable care and skill in conjunction with acting in the best interests of others. Culture and governance practices (including remuneration arrangements) both in the industry generally and in individual entities, must focus on non-financial risk, as well as financial risk.
Recommendation 5.6 asserts that all financial services entities should take reasonable steps to assess their entity's culture and governance, identify any problems with them and monitor whether relevant changes made to address these issues have been effective.
Are directors liable?
Regulators ultimately find little utility in fining corporations for breaches of the law given that the monetary payments are often insignificant amounts for large players and do not prevent future misconduct.
They are instead increasingly willing to try and move the liability on to individuals such as directors and senior managers. For such individuals, monetary penalties can be significant and the prospect of imprisonment has a large deterrent effect (as does the prospect of being removed from the industry during that time).
Regulators have therefore increasingly taken an approach of alleging that directors and officers breached their duty to the company by causing it to breach the law and prosecuting them accordingly.
Primary responsibility for misconduct in the financial services industry lies with the entities and those who manage and control them. Good governance and corporate culture are fundamentally important.
To avoid liability, management should take an active approach to ensure that the company is complying with its legal obligations. Drafting policies that articulate these obligations will not be enough. These policies will need to be actively implemented and internalised by the organisation. In essence, the behaviour of the organisation's representatives needs to reflect the stated values of the organisation. Now, more than ever, in the financial services industry, it is important for the board and management to create and maintain a compliance culture within the organisation.
The Australian Law Reform Commission recently announced that it will conduct a review into Australia's corporate criminal responsibility regime. This inquiry will consider, among other things, the recommendations of the Royal Commission into misconduct in the Banking, Superannuation and Financial Services Industry.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.