Governance Bites
Mark Banicevich interviews a series of experts about governance, including company directors, lawyers, executive managers, and governance consultants.
Each interview is on a different topic related to governance, tied to the guest's expertise. He also asks interviews for the best governance advice they've received, or they would give to new directors.
Governance Bites
Governance Bites #55: leveraging regulation from other jurisdictions, with Peter Kenny.
In this episode, Mark Banicevich talks to Peter Kenny about leveraging the regulations and guidance from other jurisdictions. New Zealand regulation in many industries is very principles-based. Are there benefits to researching the regulations and guidance of regulators in other jurisdictions? Peter and Mark particularly discuss financial services resources from Australian regulators. Are there other useful jurisdictions? Are there other useful sources? They discuss how these can be found, reviewed and used. Mark also asks Peter what advice he would give to a new director.
Peter Kenny is a specialist in risk management, compliance and governance. He spent over 16 years in various management roles at AMP New Zealand, including Head of Risk and Compliance, and Head of Strategic Partnerships. More recently, Peter has been contracting in risk roles for Southern Cross Travel Insurance, and Resolution Life (as Chief Risk Officer for New Zealand, and Head of NZ Governance for Australasia.
#governance, #governancebites, #director, #boardroom, #boardcraft, #regulation
Hello, I'm Peter Kenny. My background is in financial services, at least for the purposes of this discussion, in risk compliance and a bit of governance here and there. Today, I'm going to talk to Mark about leveraging overseas regulators' content. Hi, welcome to Governance Bites. I'm Mark Banicevich, and as you just heard, today I get to spend some more time with Peter Kenny. Thank you, Peter. Thanks, Mark. Peter and I worked together many years ago, at AMP, as it was then, and stayed in touch over the years. We worked together recently in the Financial Services Council on a number of projects. So, we still work together in the same industry, in different companies. Peter is someone who I've always admired for having a really strong ability to get to the nugget of what really needs to be seen in particular issues. And so I really appreciate having time with you. Thank you, Peter. Thanks, Mark. Today, as you said, we're going to be talking about leveraging foreign guidance and regulation. New Zealand's regulation tends to be very principles-based, so you end up in many industries, particularly in financial services, where we work, with broad ideas about what you need to do, but nothing really specific. Nobody is saying,"This is how you have to do it." And overseas regulators can be far more prescriptive. So, we want to talk a little bit about how well that can be used. My first question for you, then, is - let's look at Australia, because we know that Australia has a very dictatorial approach to their regulation. If we look at ASIC [Australian Securities and Investments Commission] and APRA [Australian Prudential Regulation Authority] in the financial services, for example, can New Zealand entities benefit from Australia's prescriptive regulations? In a word, yes. So look, one of your challenges—and to start out, we've got quite similar products in some instances and services. And you know, we do have a lot of commonality between Australia and New Zealand. I mean, let's face it, it's not exactly a foreign place to go when you visit and vice versa, right. So, the benefit that you get from the foreign jurisdiction, in this case Australia, is that prescription when you're lacking it, you can use it to your advantage, right. A principles-based regime is great, but quite often you're sitting there wondering,"Well, how do I actually go and apply this?" or "What type of rules can I apply to my business that might make sense for me?" And that's actually where you can win the Bledisloe Cup[Australia-New Zealand rugby trophy] by having your cake and eating the Australian piece of the cake too. Right, yes. And by what you're suggesting, that principles-based regulation is very flexible, so you have the ability to run the business the way you want it to run. No one's telling you,"You have to do it this way." But the Australian regulations and guidance on those regulations can give you some very firm direction and a way that you can meet those principles-based regulations. Well, I guess the key point is don't be allergic to the fact that it's got an Australian badge on the front of it. You're not required to use it — well, some of you may be because you might be in entities that are trans-Tasman and there can be tentacles between the two — but if you're not, then don't ignore it. Because if you're sitting there trying to struggle, say you're in a risk area or a governance area, and you're saying, "I don't really know what I'm going to put in for," we'll pick something,"reporting to the board on particular matters." You might find it sitting inside - I can tell you, you will find it - sitting inside say, some of the APRA standards and guidance. Right. Particularly standards. Where they'll say,"These particular things absolutely need to be reported." You might go, "Oh, actually that's saved me a bunch of effort"thinking about what I would actually put in there." But, the good news is, say you find a particular area where there's ten things, you don't have to take all ten. You might say, "Hey, I only like six of these, and I'll only take six." And that's fine, because you're not forced to. Yes, right. You've alluded to the fact that many large New Zealand companies are Australian-owned, and those Australian parents are required what sorts of responses do you have from Australian parents trying to encourage New Zealanders to follow New Zealand regulation? Do they say, "Look, just make it consistent and do the same as we do, and we'll be fine." Or, "Actually, take the benefits of your non-prescriptive regulation and just use the good stuff?" Well, sometimes you do get the kind of obnoxious thing which is, "We have to follow our standards and you have to follow"yours and ours," which is one that rankles at times. Yeah. In fact, more than at times, it just rankles full stop. Yeah. Look, there's multitudes of answers to that question, I guess, is the thing. It depends on each individual company, right. And it can depend on the particular scenario. We'll pick one which causes some interesting debates and discussions, which is AML/CFT [Anti-Money Laundering and Countering Financing of Terrorism]. There's enough differences between that regime in Australia and the regime here, and different types of regulators. They've got one(AUSTRAC) [Australian Transaction Reports and Analysis Centre], we've got three supervisors. The setup is very different. We have a risk assessment and a program, and you have to show a very clear connection between your program to what's actually been in the risk assessment. So, it's a kind of different fundamental setup, even though they've got some similar things required. Yes. Which is just standard AML/CFT things everywhere, right. There's going to be some CDD [Customer Due Diligence] or KYC [Know Your Customer], depending on your flavour of what you want to call it, and all those sorts of things with some differences. Yes, and that's a really good example because in Australia, AUSTRAC is a centralised reporting entity, right. Whereas here in New Zealand, each entity is responsible for their own identification through customer due diligence. Politically Exposed Persons [PEPs] — everyone has their own way of identifying them, rather than saying,"Oh, they're on a centralised database." Pretty costly approach. Now, you've alluded to some of these already, but there may be others. What benefits are there for New Zealand entities, boards, and risk teams, and so forth, of looking to, let's say, Australian guidance and regulation? Yeah. I can give you one specific example, right. Say you were challenged with, we want to have some clear things that we are absolutely going to report to our board. Now, if you go and look at some of the New Zealand-based guidance around that, you might not actually get a lot. In fact, you probably won't get much. You won't , yeah. Whereas if you pick that up and have a look and say,"Okay, well, why don't we just go and see what the Australians"would be required to do in our industry?" Right. So, if you jumped in there and had a look at, say, the insurers' space in Australia, you'll find across all of those CPSs (that's the Common Prudential Standards), you'll find masses of things in there that are actually required to be reported. So again, you can say, "Well, okay, I've got my nice principles-based thing here,"but actually, if I'm going to write something that's going to be a bit more hardcoded for us, because we want to put that into"our risk management program", for example, then you've got the ability to just go and say, "Okay, what type of things"would we actually put in there?'" And they're probably things that, when you look at them, are quite common sense. So, you can save yourself a little bit of time and energy. What you might want to do — and it's not the topic for today though — is, you might want to get your AI [artificial intelligence] out there and say, "Can you go and trawl those and tell me"what the reporting requirements are?" That's true, yes. That might be a bit quicker. I might try that when I go home. Particularly if you then start looking outside, as well. If you start looking at other countries like the United Kingdom and Canada, and maybe the European Union [EU] and take all of their regulations and pop them into your large language model, and say, "Pull out the best for me. Tell me what's there." Yeah, yeah. Look, I mean, and it's probably a natural place for us to go with this conversation. What can you use from some of those overseas jurisdictions as well? The really obvious one, since we were on the AI topic at the moment, would be, the EU is light years ahead of everyone else at the moment in terms of what they're doing with AI regulation. AI regulation. Interesting. You know, if you look at where we're at, we've got absolutely nothing, no real sign of anything happening. It will be interesting to see what Judith Collins [Attorney-General and cabinet minister] comes out with in that space, because she's got quite a few portfolios in her space that actually overlap in there. Yes, yeah. That will be an interesting area to follow over the next few years. Certainly, the image generators, and requirements to identify that it's a fake image, and those sorts of things, that are coming through the European Union — hopefully we'll catch up sooner rather than later before all the harm. Might be all over before we get anything. Yeah, maybe. Just coming back to the Australian regulation and our example in financial services, that we can then broaden outside of financial services. How can a New Zealand entity go about finding Australian regulation and, very importantly, understanding it? Finding it? Okay, so websites is the really obvious one, although it can be a little bit tricky finding what you're looking for in there. But the APRA stuff you can tend to find reasonably easily if you go down a few layers. Say you're interested in superannuation, you'll be able to find all of the prudential standards regarding superannuation and then the guidance to the CPGs (Common Prudential Guidance) and, the CPSs (Common Prudential Standards) and the CPGs. And in the ASIC space, that's reasonably straightforward, finding it, as well. You've got the regulatory guides and those sorts of things. So yeah, look, I mean, that's not usually too hard. In terms of understanding it, it depends what your use case is. You're not going in there, in all likelihood. Well, I'll take the non-lawyer perspective, right? If you're going in there to fully understand it as a lawyer, you're asking the wrong person, 'cause I'm not one. If you're going in there to try and pick the eyes out of it, to find some nuggets, gold nuggets in Australia, it's quite appropriate isn't it. Then, you know, then it's just common sense, I think. You know, what am I looking for? Some searches across it. Does it look like it's covering the type of area that I'm actually looking at? Yeah, I mean, it's just, I'd just call it, be pragmatic. So, having some expertise in the realm, - Oh, yeah. Sure. Of course. - so that you're then able to dig in, find out who the regulators are, is if you don't already know. So, if you go into a jurisdiction that you haven't been to before, identifying who the regulator is, finding the material, as you say, by following your nose to a large extent. And then, I guess, ideally, critically reading it and, you know, reading it with an educated eye to say, "This makes sense to me,"and this doesn't fit for our regulatory environment in New Zealand." Yeah, well, I mean, we'll take an example, right. So, say you're in this insurance space again. You know, here we've got the, in The Reserve Bank space for insurers, you've got, you know, the governance guidance. Yeah, yes. There was obviously the FMA [Financial Markets Authority] and the RBNZ's [Reserve Bank of New Zealand] last year governance thematic. Yes, that's right. But, you know, if you wanted some further reading and, you know, that was what you were being asked to go and look at and think about it a bit further and say, you know, "Is there any other best practice out there?" Then, obviously, go and have a look and see what's in the governance space inside, say, the APRA guidelines or standards. Yes. Yeah, and I guess, going out further abroad, you know, Australia is the obvious place to go over the ditch. And as we've discussed, New Zealand's regulation tends to be very principles-based; they tend to be a lot more defined, in Australian regulation. It's very easy then to stretch out to the United Kingdom, to stretch out to Canada, being Commonwealth entities. Europe is, you know, big and also very influential, regulatorily. Well, I mean, there's another example just thought of then was that, you know, sometimes they can be a good portent of things to come, as well. So, you know, we'll take, you know, the payment insurance in the UK, you know, which sparked, you know, enormous furor. That's right. And then, you know, realistically though, it was the, you know, lead into conduct and culture that, you know, occurred then, you know, five to seven years later here. And then you're starting with the FMA's conduct guide. And then, of course, the infamous Australian Royal Commission [into banking, superannuation and financial services industry] and the fallout. and then the life insurers and banks reviews by FMA and RBNZ. So, you know, sometimes when you're looking at what those developments are in those foreign jurisdictions and what they're developing in terms of their regulatory rules, you know, that can be helpful for giving you a bit of a view as to what might be coming down the pipe. Right, right. A really good insight for what can be happening. Are there any, in your experience, particularly useful foreign sources for regulation or guidance? I've probably mentioned most of those already, but, you know, I think Australia is probably our key one. When you're going a little bit further afield, yeah, look, I mean, maybe, maybe not so much. I mean, it's probably best to stick to Australia, for the most part. Yeah. I mean, maybe some of the UK material. I mean, if there's nothing else in terms of, you know, between the jurisdictions, then you're probably further afield. I think the good example there was, you know, say the AI developments at the moment. And look, I mean, others should be probably doing it to us in reverse, right? Because, you know, climate reporting here is a good lead for, you know, many overseas because, you know, Australia is now going down that path. So, you know, they should be having a look at what's happening or what actually happened in terms of what we've rolled out. So, I would say, then broadening the conversation beyond our experience in financial services, in every industry there would be countries that you would follow because they tend to lead, in many ways, in your industry. It's likely to have significant overlap with Commonwealth because that's our history. But there may be certain industries where it might be places in Asia or things, that lead the way in these things. Or it might be Europe, or it might be the US [United States] in some cases. Yeah, I mean, I'd say it's more of an open-minded thing on that. And, you know, if you're not doing it because you're looking for the rules to something, but you're looking for, you know, help, then, you know, it's whatever actually works for you, I think. Are there any non-government sources that you would suggest, or would you recommend non-government sources? And let me elaborate a little bit. Regulators are what we've been talking about so far. Quite often in this country, if you want to understand regulation, you might get a good steer from the Financial Services Council or from one of the law firms. Or those sorts of places. Well, we'll go back to the AML, which I think we touched on before, didn't we? So, you know, there's a lot of FATF material, for example, you know, Financial Action Task Force. There's a lot of material there that's absolutely great when you actually go and dive in there if you're an AML compliance officer, for example. Yeah. Made some, you know, excellent use of some of that material for doing the submission on the AML/CFT Act [2009], for example. Yes. So, yeah, the other organisations. And just actually some of the compliance entities, as well. Yeah. So, you know, if you're looking at Australia, you've got the Australian Compliance Institute. I can't remember the UK one, but I've had a look at a little bit of their material before. Right. Yeah. And like anything, when you're Googling, right, it's about trying to understand who you've got this from. Yeah, yeah. So, do a little bit of background check, to make sure it's a reputable source. Yeah, yeah, correct. Yeah. But you know, in the insurance world, you've got IOSCO [International Organization of Securities Commissions] as another example. Yeah. There's, look, there's lots of others that we could have called out. Yeah, right. Yeah, so, so a bit of a summary then. Very useful because New Zealand's regulation tends to be very principles-based, so you end up with a lot of flexibility for how you meet regulations, but you've still got to try and meet them. And when you're looking for, well, how exactly am I going to meet these, quite often foreign regulation can be a good source, particularly in a country that is much more prescriptive in its approach. And while you wouldn't want to pick it up and drop it because it'll have its own local context, you'll be able to read through with your critical and educated eye to find out what's relevant, and pull it out and potentially use what works. Save yourself a lot of time and energy, yes, and you know, make use of what's there. If it's been done before, don't reinvent it. Absolutely. And your sources, you've got your regulatory bodies, industry groups in those various countries, and potentially your law firms and compliance companies, and industry groups, as well. But when you're doing your research, just make sure you're identifying, well, again, it's just thinking critically, right? You might even get some nuggets of information from a less reputable source, but if you know, higher reputable sources can be useful. Yes, as long as you, you know, apply your critical eye to it. And if it still makes sense, then yeah, if it sparks some insight, then well and good. Absolutely. Okay, well, a bit of a change of topic for the final question for you. What advice would you give to a new director? Okay, well, I'm going to partly leverage an answer that actually was a reasonably recent. One is: read. But a little bit more than that, actually make use of Institute of Directors' material. And in particular, you know, and I did it a long time ago now, I think it was 2010, go on the Company Directors' Course, because. Is that a plug? I don't know. No, but I mean, it was really valuable, particularly when you hadn't actually been inside, you know, the governance space for a long, long time. And, you know, looking back on that now, it was actually really good content, good people, great presenters. So, you know, I would say, you know, do that. Yeah, excellent. Thank you. On that point, one of the things I recall, you know, one of the duties of a director is the standard of care, diligence, and skill, right? And I do a lot of work with financial advisers where they've got a care, diligence, and skill requirement, as you know. Yeah, yeah. The Code [actually, Financial Markets Conduct Act, section 431L] I say to them, you know, many of them are directors of financial advice providers, got their own businesses and so forth. And I say, well, that care, diligence, and skill relates to you being a financial adviser. You also have this requirement of having care, diligence, and skill to be a director of your company. And training like The Institute of Directors, the Chartered Governance Institute of New Zealand, those sorts of bodies, have some really great material. So, yeah, great advice. Cool. Thank you, Peter. Thanks, Mark. Thanks very much for your time. Great to chat again. Okay. See you next episode.