16 March 2021

Vetting and Regulatory Failure

RAND's 'Updating Personnel Vetting and Security Clearance Guidelines for Future Generations' by Marek N. Posard, Emily Ellinger, Jamie Ryan and Richard S. Girven asks  

What are the new or emerging areas of risk related to potential personnel vetting improvements? The United States could face challenges in the near future with recruiting and retaining younger generations into both public trust positions and, specifically, sensitive positions that require more in-depth personnel vetting for the purposes of receiving a security clearance. For one, there is some evidence that expectations by younger adults for these positions — particularly in the government sector — may differ from those of older age groups. Furthermore, several factors that traditionally and historically have been used to gauge an individual's eligibility for a security clearance (e.g., lifestyle choices and behaviors, personal and professional associations, financial circumstances) no longer may be feasible or applicable to younger age cohorts in the same manner they were applied to earlier generations. The authors identified select trends, including age-based factors, among younger adults to understand broader social changes that may affect current security clearance adjudication guidelines for positions in the U.S. government.

The 24 page report comments  

 Age-based trends among younger adults may serve as an early signal for broader social changes There are more opportunities for people to interact with foreign nationals today than in the past. Student loan debt and alternative financial instruments are potential risks. Marijuana use is less of a concern, while nonmedical prescription drug use is a rising concern. Digital personal conduct is seen as an emerging risk. 

The consequent recommendations are

The criteria about risks should focus on the nature of contacts with foreign nationals and the risk levels of their home countries. Specifically, risk levels should be assigned for certain countries that are determined by regular assessments to be higher risk. The federal government should consider the legality of marijuana at the state and local level as a mitigating factor. Such a mitigating factor would take into account the severity and frequency of use within states or locales where it is legal. Student loan debts from accredited institutions of higher education should be weighted less than more risky forms of debt for applicants. Emphasizing the management of essential debts, instead of satisfying these debts, should be a risk factor. New guidelines should broadly address the personal conduct that individuals may exhibit online. Guidelines should include the timing, frequency, and context of problematic conduct by clearance applicants. Regardless as to whether they are a standalone criterion or listed within existing criteria, they should be considered a ubiquitous factor for clearance adjudicators. The federal government should continuously reassess risk factors based on trends from expert data sources.

A perspective on vetting is provided in the report of the Inquiry under section 143 of the Casino Control Act 1992 (NSW) into the Crown Casino group (Bergin Inquiry).

The report states 

 Q: Whether the Licensee is a suitable person to continue to give effect to the Barangaroo restricted gaming licence? A: No. Q: Whether Crown Resorts is a suitable person to be a close associate of the Licensee? A: No. Q: In the event that the answer to either (a) or (b) above is no, what, if any, changes would be required to render those persons suitable? A: These matters are dealt with in Chapter 4.6 of the Report. Q: Whether the disposal of shares held by CPH in Crown Resorts to Melco or KittyHawk, on or around 6 June 2019, constituted a breach of the Barangaroo restricted gaming licence or any other regulatory agreement? A: No. Q: Whether the agreement by CPH to dispose of the second tranche of shares in Crown Resorts to Melco or KittyHawk on or before 30 September 2019 constituted a breach of the Barangaroo restricted gaming licence or any other regulatory agreement? A: No.

Q: Whether the transfer of the shares in Crown Resorts referred to in (d) above, constituted a breach of the Barangaroo restricted gaming licence or any other regulatory agreement? A: No.

Bergin's recommendations are - 

1 Section 4A of the Casino Control Act be amended to include an additional object of: Ensuring that all licenced casinos prevent any money laundering activities within their casino operations. 

2 The Independent Casino Commission (ICC) be established by separate legislation as an independent, dedicated, stand-alone, specialist casino regulator with the necessary framework to meet the extant and emerging risks for gaming and casinos. 

3 The ICC have the powers of a standing Royal Commission comprised of Members who are suitably qualified to meet the complexities of casino regulation in the modern environment. 

4 The Casino Control Act be amended to make clear that any decision about a casino licence and any disciplinary action that may be taken against a licensee is solely that of the ICC, and that any term of a regulatory agreement that has been entered into by the Government or the Authority is of no effect to the extent that it purports to fetter any power of the ICC arising under the Casino Control Act. 

5 The Casino Control Act be amended to ensure that the casino supervisory levy is paid to the ICC or recognised in the budget of the ICC. 

6 The Casino Control Act be amended to make provision for each casino operator to be required to engage an independent and appropriately qualified Compliance Auditor approved by the ICC, to report annually to the ICC on the casino operator’s compliance with its obligations under all regulatory statutes both Commonwealth and State in particular the Casino Control Act, the Casino Control Regulation and the terms of its licence. 

7 The Casino Control Act be amended to make provision in respect of the Compliance Auditor’s obligations in line with the following: (a) activity within the casino operations may put the achievement of any of the objects of the Casino Control Act at risk; or (b) a contravention of the Casino Control Act or the regulations or of any other Commonwealth or New South Wales Act regulating the casino operations has occurred or may occur; If the Compliance Auditor, in the course of the performance of the Compliance Auditor’s duties, forms the belief that: the Compliance Auditor must immediately provide written notice of that belief concurrently to the casino operator and to the ICC. 

8 Consideration be given to an amendment to the Casino Control Act to include a provision similar to Singapore legislation for the concurrent reporting by the casino operator of suspicious transactions to AUSTRAC and the ICC. 

9 The Authority consider amendment to casino operators’ licences to impose an obligation to monitor patron accounts and perform heightened customer due diligence, the breach of which provisions will be regarded as a breach of the Licence and give rise to possible disciplinary action. 

10 The Casino Control Act be amended to impose on casino licensees an obligation that they require a Declaration of Source of Funds for any cash over the amount as determined by the ICC modelled on the reform introduced in British Columbia discussed in Chapter 5.1. 

11 The Casino Control Act be amended to prohibit casino operators in New South Wales from dealing with Junket operators. 

12 The Casino Control Act be amended to impose on any applicant for a casino licence an express requirement to prove that it is a suitable person by providing to the ICC “clear and convincing evidence” of that suitability. This should apply to all suitability assessments under the Casino Control Act, including in the context of retaining a casino licence or in any five yearly review or for approval as a close associate. 

13 The definition of “close associate” under the Casino Control Act be repealed and replaced to mean: (a) any company within the corporate group of which the licensee or proposed licensee (Licensee) is a member; (b) any person that holds an interest of 10 per cent or more in the Licensee or in any holding company of the Licensee (“holding company” as defined in the Corporations Act 2001 (Cth) so as to capture all intermediate holding companies); (c) any director or officer (within the meaning of those terms as defined in the Corporations Act) of the Licensee, of any holding company, or of any person that holds an interest of 10 per cent or more in the Licensee or any holding company; and (d) any individual or company certified by the Authority as being a “close associate”. 

14 The Casino Control Act be amended to include a provision that the cost of the investigation and determination of the suitability of any close associate of any applicant for a casino licence or any existing casino licensee be paid to the ICC in advance of the investigation and determination in the amount assessed by the ICC. Such amendment should include a provision for repayment of any over-estimate or payment of any shortfall against the estimate made by the ICC before the publication of the ICC’s determination. 

15 Item 4 of Schedule 1 of the Casino Control Act be amended to ensure that any transaction involving the sale or purchase of an interest in an existing licensee or any holding company of a licensee which results in a person holding an interest of 10 per cent or more in a licensee or holding company of the licensee is treated as a “major change” event. 

16 The Casino Control Act be amended to provide that a person may not acquire, hold or transfer an interest of 10 per cent or more in a Licensee of a casino in New South Wales or any holding company of a Licensee without the prior approval of the ICC. 

17 An amendment be made to section 34 of the Casino Control Act to permit the regulator to apply to the Court for an injunction to restrain “any person” in respect of a breach of the above recommended provision or to obtain appropriate orders in connection with an interest acquired, held or transferred in breach of the provision. 

18 The “gaming and liquor legislation”, as defined in section 4 of the Gaming and Liquor Administration Act 2007 (NSW) be reviewed for the purpose of considering amendments to ensure clarity and certainty in relation to the powers to be given to the new independent specialist casino regulator and consequential enactment of amendments to relevant legislation. 

19 In any legislative review and/or consideration of legislative powers for the ICC, it would be appropriate to consider an express provision to include ASIC as one of the relevant agencies to which the ICC may refer information. It would also be appropriate to consider the inclusion of any other relevant agency not already expressly included in the legislation.

Volume 2 of the report states 

Corporate governance is the term used to describe the internal structures by which a company operates and is accountable to its stakeholders. It has been described as:  The framework of rules, relationships, systems and processes within and by which authority is exercised and controlled within corporations. It encompasses the mechanisms by which companies and those in control are held to account. 
 
2 There are certain aspects or themes relevant to corporate governance that are of particular relevance to the issues in this Inquiry including: (a) Ethical conduct; (b) Risk management and oversight; (c) Board composition, primarily, board independence and board tenure; and (d) Remuneration and incentivisation of directors and senior executives. 
 
3 Given its relevance to every corporate enterprise, from small incorporated businesses to ASX listed companies, corporate governance is the subject of considerable scrutiny, guidance and thought leadership by a variety of regulators, advisors and corporate commentators. 
 
4 In recent years, the level of scrutiny into matters of corporate governance across corporate Australia has intensified consequent upon events such as the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Financial Services Royal Commission) and investigations into the conduct of specific entities, such as into the CBA by the Australian Prudential Regulation Authority (APRA). 
 
5 Important sources of regulatory and best practice guidance are published regularly by the Australian Securities and Investments Commission (ASIC), APRA and other relevant Australian organisations, such as the Governance Institute of Australia, the Ethics Centre and the Australian Institute of Company Directors (AICD). There is also a significant body of international guidance and commentary. Much has been written on the topic, for example, in the Harvard Business Review or published by the Financial Stability Board. Corporate regulators in many jurisdictions are focused on the importance of effective corporate governance practices to ensure the best outcomes for investors, customers and the public at large. It is a focus that envisages Australian companies adopting “sound corporate governance practices that support market integrity and good investor outcomes”. 
 
6 In August 2018 ASIC received special funding to establish a Corporate Governance Taskforce (Taskforce) in the wake of the Financial Services Royal Commission. Its first report, “Corporate Governance Taskforce – Director and officer oversight of non- financial risk report” (Non-Financial Risk Report), provides significant insight into corporate governance and the management of risk within organisations. 
 
7 Guidance for ASX listed entities is provided by the ASX Corporate Governance Council’s Principles and Recommendations (ASX Principles), which set out a “world- leading standard on corporate governance by listed entities”.  The 3rd edition of the ASX Principles applied to entities from 1 January 2014 and was superseded by a 4th edition from 1 January 2020.  The 3rd edition was in force at the time many of the events described in this Report occurred, and the 4th edition sets the expectations for Crown’s current and future conduct. 
 
8 Although the ASX Principles are not mandatory and do not have the effect of law, the ASX Listing Rules require every ASX listed entity to disclose the extent to which it adheres to the ASX Principles in a Corporate Governance Statement to be made available on its website or in its Annual Report. Divergence from recommendations made in the ASX Principles must also be identified and explained in the Statement. 
 
9 The ASX Listing Rules do not require entities to abide by the ASX Principles in their entirety, accepting that different governance practices may legitimately be appropriate for different entities depending on their size, complexity and history. Nonetheless, the requirement for a corporate governance statement obliges those in control of an entity to consider, acknowledge and to the extent necessary for that business, embrace appropriate corporate governance standards into their business. 
 
10 The 3rd edition of the ASX Principles promoted eight central principles of corporate governance as: (1) Providing solid foundations for management and oversight; (2) Structuring the Board to add value; (3) Acting ethically and responsibly; (4) Safeguarding integrity in corporate reporting; (5) Making timely and balanced disclosure; (6) Respecting the rights of security holders; (7) Recognising and managing risk; and (8) Remunerating fairly and responsibly. 
 
11 Directors and senior officers of companies are ultimately responsible for setting, monitoring and maintaining a company’s corporate governance standards, practices and processes. The 3rd edition of the ASX Principles explicitly links this function to a director’s obligations to exercise their duties with due care and diligence in the best interests of the company. 
 
12 In 2014 the then chairman of ASIC described directors as “gate-keepers” explaining that:  Directors should ensure that their company has strong internal audit and compliance functions. A compliance function is meaningless if it is not backed up by supervision and review, and reflected in the company’s culture. It is this last point, culture, that I consider is the most important. Directors should ensure that their stewardship drives the right compliance culture in their organisation. 
 
Connection between corporate culture and corporate governance 
 
13 “Culture” has been defined as follows:  Culture is a set of shared values and assumptions within an organization. It reflects the underlying ‘mindset of an organisation’, the ‘unwritten rules’ for how things really work. It works silently in the background to direct how an organisation and its staff think, make decisions and actually behave. 
 
14 It has been similarly defined as “a set of shared mental assumptions that guide interpretation and action in organisations by defining appropriate behaviour for various situations”, including situations not prescribed by laws and policies.  Culture and governance has also been said to depend upon “people applying the right standards and doing their jobs properly”. 
 
15 Commentators have emphasised that corporate governance and corporate culture are inextricably linked. 
 
16 While corporate governance establishes the rules, policies and principles, culture is “what people do when no-one is watching”.  It is therefore critical that the boundaries that are set by the corporate governance principles are understood and respected by individuals in the company. 
 
17 Risk culture should be understood to mean an organisation’s collective mindset towards risk. 
 
18 The “most spectacular governance failures” in the last two decades have been attributed to deficient risk cultures. For instance APRA described the 2008 Global Financial Crisis, as follows:  This was not solely an issue of poor risk measurement, or weaknesses in internal control structures. It also reflected deficiencies in institutions’ attitudes towards risk. In combination, a poor risk culture and weak risk management (the former often being the root cause of the latter) led to unbalanced and ill-considered risk-taking, to significant losses and, in some cases, to institutional failures. 
 
18 The 4th edition of the ASX Principles also introduced a recommendation that an entity “articulate and disclose its values”. It was explained as follows:  Values create a link between the entity’s purpose (why it exists) and its strategic goals (what it hopes to do) by expressing the standards and behaviours it expects from its directors, senior executives and employees to fulfil its purpose and meet its goals (how it will do it). 
 
19 The corporate regulators have over time made suggestions to assist corporations with some practical steps towards establishing good corporate governance. They have included:  effective communication; encouragement of debate and challenge; learning from past experiences; awareness and active stewardship of risk; clear escalation processes; and clear consequences for breaches of risk. 
 
Acting ethically 
 
20 It has been said that directors need to “navigate the complex ethical terrain that is encountered in every boardroom” being the “ultimate source of the ethical tone that flows throughout a well-governed organisation”.  There is pressure on directors to balance the needs of shareholders, employees, customers, suppliers and the wider community. Ethical issues can arise for a Board in a variety of ways, from core matters, such as the nature of the business and business practices, to specific issues such as conflicts of interest, being independent and acting without self-interest. 
 
21 Events in recent years have exposed the ethics of corporate institutions to excoriating public scrutiny. 2019 in particular, was described as “a year of scandals”.
 
22 The 3rd edition of the ASX Principles described acting “ethically and responsibly”, as “acting with honesty, integrity and in a manner consistent with the reasonable expectations of investors and the broader community”. 
 
23 The 4th edition of the ASX Principles reformulates this principle and highlights the importance of corporate culture in the pursuit of ethical behavior. Rather than merely “acting” with integrity, entities are recommended to actively “instil a culture of acting lawfully, ethically and responsibly”. 
 
24 In this regard the 3rd edition said it is the role of the Board to “lead by example” and instruct Management to create “a culture within the entity that promotes ethical and responsible behaviour”.  The 4th edition also expands on the responsibilities of the Board, recommending that it approve the entity’s statement of values, and of management to set the “tone at the top”, by ensuring that employees receive training and reinforcement of those values, including through their interactions with senior executives. 
 
25 The requirement for tone to be set from the top is a theme that frequently emerges with respect to concepts of corporate governance best practice. 
 
Risk management, risk appetite and oversight 
 
26 Risk management is a core pillar of corporate governance. In an article published on 1 December 2019, the AICD noted the following:  Risk management encompasses the culture, processes and structures directed towards taking advantage of potential opportunities while managing potential adverse effects. The goal of risk management is to increase certainty that a decision’s intended outcome will be achieved. It involves identification, evaluation and prioritisation of risks. 
 
27 There is a critical, reciprocal relationship between the Board and Management in relation to managing risk:  The board of a listed entity is ultimately responsible for deciding the nature and extent of the risks it is prepared to take to meet its objectives. To enable the board to do this the entity must have an appropriate framework to identify and manage risk on an ongoing basis. It is the role of management to design and implement that framework and to ensure that the entity operates within the risk appetite set by the board. It is the role of the board to set the risk appetite for the entity to oversee its risk management framework and to satisfy itself that the framework is sound. 
 
28 Consistent with the concept of setting the “tone from the top” the fundamental roles of the Board comprise: setting the entity’s strategic objectives; setting the entity’s risk appetite; and overseeing Management’s performance, including the execution of the entity’s strategic objectives. 
 
29 An entity’s risk appetite is best understood as “the amount of risk it is willing to accept in pursuing its strategic objectives”. A Board is expected to determine what risks  (their nature, likelihood of occurrence and impact on the business) the entity is prepared to accept. The risk appetite sets the parameters for the risk management framework within which Management is expected to operate. 
 
30 In order for Management to clearly comprehend the Board’s risk appetite and its impact on the business, entities need an effective risk appetite statement which communicates the Board’s risk tolerance with respect to particular risks. The risk appetite statement cannot merely express aspirations of total compliance, but must articulate the Board’s expectations in specific instances of non-compliance, such as consequences for breach as well as escalation and rectification processes. A successful risk appetite statement includes organisation-wide engagement in designing the risk appetite statement, risk escalation and reporting protocols and the linking of remuneration and performance processes with risk management. 
 
31 It is the role of Management, under the supervision of the Board, to design and implement the risk management framework and ensure that the entity operates within the risk appetite. Management must also provide the Board with sufficiently accurate and timely information for the Board to perform its supervisory duties. 
 
32 The Joint Australian and New Zealand Standards for Risk Management recognise that corporations must take account of the organisation’s specific needs in setting their risk appetite. This obviously includes objectives, structure, projects, products and services. 
 
33 The concept of non-financial risk includes: operational risk (risk from breakdown or deficiency in an entity’s internal process); compliance risk (risk of legal or regulatory consequences and associated reputational costs); and conduct risk (of inappropriate, unethical or unlawful behavior on the part of a company’s Management or employees). 
 
34 When a company operates outside the Board’s stated risk appetite, the Board must exercise “active stewardship” and hold Management to account. This includes challenging Management’s proposed responses and timeframes and proactively requiring senior executives to conduct root cause analysis of recurring deviations from the risk appetite. A touchstone of active stewardship involves the Board asking itself: When we fall outside appetite, are we requiring management to do everything within their power to return the company to within appetite, or otherwise cease activities that place it outside appetite? 
 
35 A failure to do so suggests the Board’s “tacit acceptance” of operating outside risk appetite. 
 
36 In what may be seen as falling into a jargonistic trap ASIC encourages Boards to develop and employ metrics to monitor compliance risk which correspond to the risk  being measured, and in accordance with its risk appetite statement. It is suggested that these metrics should also incorporate “leading indicators” which foreshadow future breaches, rather than “lagging indicators”, which measure breaches that have already occurred. 
 
Risk Committee 
 
37 The ASX Principles recommend that organisations establish a risk committee. A Board committee dedicated to risk can “bring the transparency, focus and independent judgment” required to scrutinise the organisation’s risk management framework and make recommendations to the Board regarding its adequacy. 
 
38 The Risk Committee should be equipped with sufficient size, independence, technical and industry knowledge and powers under its charter to fulfil its function. These powers include obtaining information, interviewing Management, interviewing internal and external auditors and obtaining specialist advice. 
 
39 It is imperative to enhance information flow between Management, Risk Committees, the full Board and individual directors, in order for each to perform their functions. 
 
40 It is also imperative to institute and maintain practices of taking minutes of all meetings, formally recording the subject and key decisions of informal discussions and establishing transparent processes for escalating information outside committee meetings. 
 
Role of the Board, including Board independence and Board tenure 
 
41 Although ASIC has previously described directors as “gate-keepers” of corporate governance, Boards are increasingly expected to not only be responsible for governance but also to be a challenger of the business, of the decisions made by executives, Management and each other. 
 
42 The 3rd and 4th ASX Principles include the following: A high performing, effective board is essential for the proper governance of a listed entity. The board needs to have an appropriate number of independent non-executive directors who can challenge management and hold them to account, and also represent the best interests of the listed entity and its security holders as a whole rather than those of individual security holders or interest groups. 
 
43 Those ASX Principles caution that the designation of independence is “not one that should be applied lightly” to directors, as it is one that “gives great comfort to security holders” for the Board’s role in safeguarding their interests. In addition to acting as a counterpoint for management, directors must also check and balance each other. Accordingly, a director should only be classified as “independent”, if they are:  Free of any interest, position, association or relationship that might influence, or reasonably be perceived to influence, in a material respect, his or her capacity to bring an independent judgment to bear on issues before the board and to act in the best interests of the entity and its security holders generally. 
 
44 Examples of situations that could jeopardise a director’s independence include:  (a) Current or previous executive roles with the entity or its subsidiaries within a certain timeframe; (b) Current or previous employment, partnerships or directorships (c) Being the entity’s substantial shareholder or associated with a substantial shareholder of the entity; and (d) Having close family ties with any person belonging to the above categories. 
 
45 Unsurprisingly, the majority of the ASX Principles relating to structuring the Board to add value are aimed at maximising its independence, including the following:  (a) Independent directors should constitute a majority of the Board; (b) Entities should disclose the names of the independent directors; (c) Entities should have a nomination committee chaired by an independent director, and comprised of a majority of independent directors; and (d) The Chair of the Board should be an independent director, “and in particular, should not be the same person as the CEO of the entity”. 
 
46 A Board with a majority of independent directors diminishes the likelihood that a singular experience, skillset or perspective will dominate decision making, and skew outcomes from the best interests of shareholders and the entity as a whole.  This also highlights the relationship between Board independence and diversity, in terms of personal attributes and professional expertise. A pertinent observation on this topic is the following:  Boards will be far more effective in their challenger role if they offer seats to individuals with professional experiences and viewpoints that are very different from those of the executive team. Directors can learn to be more direct with management, but it’s hard to fake contrarianism when everyone is of the same mind. When a board resembles the CEO in mindset and outlook, it’s a recipe for a gatekeeper board, not a challenger board. 
 
47 The independence of the Board Chair, who is responsible for leading the Board and setting its agenda, can encourage a culture of constructive debate and receptivity to diverse opinions. Separation of the roles of Chair and CEO also serves to separate the Board from Management, in order to promote scrutiny of the latter’s conduct,   particularly in relation to the management of risk. The 3rd and 4th editions of the ASX Principles provided:  Good governance demands an appropriate separation between those charged with managing a listed entity and those responsible for overseeing its managers. 48 Effective discharge of Board Chair duties is a significant time commitment, which should not be compromised by other demanding roles. 
 
49 The 3rd edition of the ASX Principles also recommended establishing a separate nomination committee, similar to the separate risk committee, to “bring the transparency, focus and independent judgment needed” on decisions of directorship appointment. Entities should also undertake sufficient checks before appointing or nominating a candidate for director, and equip security holders with all material information for election, including all interests and associations that could influence, or reasonably be perceived to influence their independence. 
 
50 Another aspect of director independence is the tenure of directors on Boards. Longevity of service has been linked to the question of independence, as well as proper functioning of the Board as a whole. It has been noted that a number of jurisdictions are taking the view that a director will not be considered independent after they have served on a Board for nine years. 
 
51 This approach reflects a concern that an extended tenure may inhibit directors’ abilities to discharge their duties in the best interests of the shareholders and the company as a whole. Long-serving directors may “fall into a rut, making judgments out of habit, complacency, or overconfidence”.  The requirement of challenge and oversight of Management and executives may be diminished as a consequence. 
 
52 It is also acknowledged that longevity of tenure may provide consistency in leadership, but that it may also prejudice innovation at a time when “innovation has never been more important to an organisation’s success”. 
 
53 Other jurisdictions including the United Kingdom and Singapore set limits on director tenure for listed entities.  However in Australia, the ASX Principles do not endorse a rigid approach to dictating director terms, although it is acknowledged that a director’s independence should be more frequently evaluated after a decade of service. 
 
54 It has been suggested that entities should endeavour to have directors with varying tenure lengths and be “well served by having a mix of directors some with a longer tenure with a deep understanding of the entity and its business, and some with a shorter tenure with fresh ideas and perspective”. 
 
55 This approach appears to balance the so called “expertise hypothesis” and the “entrenchment hypothesis”.61 The “expertise hypothesis” suggests that a director’s  effectiveness increases with their length of service and corresponding understanding of the business. The “entrenchment hypothesis” suggests that directors becomes stagnant after a period of time. The aim should be to achieve “a healthy balance that combines experience and continuity with new capacity”. 
 
 Remuneration and incentivisation of directors and officers 
 
56 In 2009 the Financial Stability Board released its Principles for Sound Compensation Practices (Compensation Principles), in response to revelations that the GFC could be traced to the remuneration practices of large financial institutions. It was noted that:  High short-term profits led to generous bonus payments to employees without adequate regard to the longer-term risks they imposed on their firms. These perverse incentives amplified the excessive risk-taking that severely threatened the global financial system and left firms with fewer resources to absorb losses as risks materialised. 
 
57 APRA adopted the Compensation Principles through the Prudential Practice Guide PPG 511 Remuneration. 
 
58 Although the Compensation Principles were aimed at financial institutions, they illustrate the importance of ensuring that remuneration structures are consistent with “prudent risk taking”.  ASIC has also announced that the next issue to be investigated by its Taskforce is executive remuneration practices, to assess whether they are “driving the right behaviours and accountabilities of executives in Australia’s listed companies”. 
 
59 The 3rd ASX Principles recognised the relationship between remuneration and risk management observing that remuneration for senior executives must balance attracting, retaining and motivating high quality personnel, without encouraging them to take “undue risks”. Further, performance-based remuneration should be attached to specific targets, and “appropriate” to the entity’s “circumstances, goals and risk appetite”. 
 
60 Similarly, the 3rd ASX Principles highlighted the need to ensure that rewards and remuneration for executive directors do not conflict with their duty to exercise independent judgment in decision-making at Board level. They recommended that entities establish a separate and independent remuneration committee and disclose its structures and guidelines regarding the remuneration of executive directors, non- executive directors, and other senior executives.  Through transparent, formal and rigorous processes, entities should aim to achieve fair and responsible remuneration. The 4th ASX Principles proposed that, “discretion should be retained, where appropriate, to prevent performance-based remuneration rewarding conduct that is contrary to the entity’s values”, in addition to its risk appetite. Apart from ensuring that their practices do not inadvertently promote poor behaviour, companies can also deploy their remuneration structures to reinforce desired outcomes. One such method is to incorporate appropriate, non-financial targets aligned with the organisation’s values into employee incentive schemes. 
 
62 To achieve good corporate governance, remuneration practices should strive to be aligned with the company’s culture, values, risk appetite, strategic and financial objectives, and be complemented and fortified by other systems of recognition and reward. 
 
Suitability 
 
The Authority is obliged to “keep under constant review” all matters connected with casinos; the activities of casino operators; persons associated with casino operators; and persons who are in a position to exercise direct or indirect control over casino operators. The Authority established this Inquiry for the purpose of the exercise of this function under the Casino Control Act. 
 
2 The Authority is prohibited from granting an application for a casino licence unless it considers that the applicant for the licence and each close associate is a “suitable person” to be concerned in or associated with the management and operation of a casino. In determining whether an applicant is a “suitable person” to operate a casino, the Authority is required to consider whether the applicant satisfies certain statutory criteria. Although the Casino Control Act does not expressly define the term, the statutory criteria describe the attributes expected of a “suitable person”. 
 
3 Those attributes include that the person: (i) is of good repute, having regard to character, honesty and integrity; (ii) is of sound and stable financial background; (iii) has access to suitable and adequate financial resources to operate the casino; (iv) has sufficient experience and business ability to operate the casino; (v) if not a natural person, has or has arranged a “satisfactory ownership, trust or corporate structure”; and (vi) does not have any business association with any person, body or association who, in the opinion of the Authority, is not of good repute, having regard to character, honesty and integrity or otherwise has undesirable or unsatisfactory financial sources. In addition to considering these attributes the Authority must also consider whether each director and officer determined by it to be associated or connected with the ownership, administration or management of the operations or business of the applicant or its close associates is a suitable person to act in that capacity. 
 
4 In July 2014 the Authority approved the Licensee as a suitable person to be concerned in or associated with the management and operation of the Barangaroo Casino.  At the same time it also approved Crown as a suitable person to be a close associate of   the Licensee. This Inquiry does not involve an investigation into whether the Licensee and Crown satisfy all the statutory criteria of which the Authority was satisfied when it granted the application for the Barangaroo Licence and approved Crown as a close associate of the Licensee. 
 
Amended Terms of Reference 
 
5 The Amended Terms of Reference define the ambit, nature and content of the tasks for inquiry and report to the Authority. 
 
6 Part A of the Amended Terms of Reference is the “Suitability Review”. It required an inquiry into the veracity of the Media Allegations that were published on and from 27 July 2019 by the Nine Network, The Sydney Morning Herald, The Age and other media outlets which included but are not limited to claims that Crown or its agents, affiliates or subsidiaries: (i) engaged in money-laundering; (ii) breached gambling laws; and (iii) partnered with Junket operators with links to drug traffickers, money launderers, human traffickers, and organised crime groups. The findings in respect of the veracity of the Media Allegations are contained in Chapters 3.2 to 3.4 of the Report. 
 
7 In response to, or in consequence of, the findings in respect of the Media Allegations it also requires an inquiry into: (i) whether the Licensee is a suitable person to continue to give effect to the Barangaroo Licence; (ii) whether Crown is a suitable person to be a close associate of the Licensee; and (iii) any matter reasonably incidental to those matters. Finally, there is the requirement to provide a report on these matters to the Authority by 1 February 2021. 
 
Suitable person 
 
8 At the time of the grant of the Licence for the operation of the Barangaroo Casino to the Licensee and the approval of Crown as a close associate of the Licensee, the Authority was satisfied that each of the Licensee and Crown was a “suitable person”. It can be assumed that they each satisfied the criteria identified as the indicia of suitability in the Casino Control Act. 
 
9 The ultimate questions in the Suitability Review under the Amended Terms of Reference are whether, as a consequence of the findings in response to the Media Allegations, each of the Licensee and Crown is a “suitable person”. That is, whether the findings in respect of the Media Allegations have an impact on the good repute of the Licensee and/or Crown “having regard to character, honesty and integrity” such that they either remain suitable or are no longer suitable to be the Licensee and/or a close associate respectively. 
 
10 The determination of those questions in the context of the Amended Terms of Reference includes a consideration of whether the Licensee and Crown have or have had any business associations with any person, body or association who is not of good  repute having regard to character, honesty and integrity, or has undesirable or unsatisfactory financial sources. 
 
Good repute having regard to character, honesty and integrity 
 
11 Previous reports to the Authority have explored the expression “good repute having regard to character, honesty and integrity”. Comparisons have been made with tests of fitness and propriety to hold certain licences, and requirements to be of “good fame and character”. 
 
12 Reference has also been made to judicial observations in relation to the concepts of “character” as it “provides an indication of likely future conduct” and of “reputation” as it “provides an indication of public perception as to the likely future conduct” of a person. It has also been observed that findings as to character and reputation “may be sufficient” to ground a conclusion that a person is not “fit and proper to undertake activities”.  The analysis of the concept of character can become somewhat circular with reference to a person’s “nature and good character”. However, it is clear that a person of good character would possess “high standards of conduct” and act in accordance with those standards under pressure. 
 
13 Some observations by Regulators in other jurisdictions when considering a casino operator’s “integrity, honesty, good character and reputation” are of assistance. 
 
14 In 1981 the New Jersey Casino Control Commission made the following observation in relation to the assessment of “character” in the context of individuals:  We find this a most difficult task for several reasons. First, ‘character’ is an elusive concept which defies precise definition. Next, we can know the character of another only indirectly, but most clearly through his words and deeds. Finally, the character of a person is neither uniform nor immutable. Nevertheless, we conceive character to be the sum total of an individual’s attributes, the thread of intention, good or bad, that weaves its way through the experience of a lifetime. 
 
15 In 2018 the Massachusetts Gaming Commission observed that when assessing the suitability of a corporate casino operator, it must be remembered that “the corporate entity itself is made up of individuals and has no independent character or morality standing alone”.  The Commission referred to the remarks in Merrimack College v KPMG LLP (Merrimack College) that: Where the plaintiff is an organisation that can only act through its employees, its moral responsibility is measured by the conduct of those who lead the organisation. Thus, where the plaintiff is a corporation ... we look to the conduct of senior management – that is, the officers primarily responsible for managing the corporation, the directors, and the controlling shareholders, if any.   
 
16 It is accepted that a company’s suitability may ebb and flow with changes to the composition of the company’s Board and Management, and others who influence its affairs, over time. If a company’s character and integrity has been compromised by the actions of its existing controllers, then it may be possible for a company to “remove a stain from the corporate image by removing the persons responsible for the misdeeds.”  However, this would only be possible if the company could “isolate the wrong done and the wrongdoers from the remaining corporate personnel”.  It would be necessary to ensure that “the corporation has purged itself of the offending individuals and they are no longer in a position to dominate, manage or meaningfully influence the business operations of the corporation.” 
 
17 A person is of “good repute” if they have a reputation or are known to be a good person. A person may have flaws and may make mistakes but still have a reputation or be known as a good person. They may be of “good repute” because they are honest; because they have integrity; and because their character is not adversely affected by the particular mistakes they have made. 
 
18 In the context of this Inquiry good repute or reputation is to be judged by reference to matters including character, honesty and integrity. Although there was some debate about whether the assessment of good repute includes consideration of matters other than character, honesty and integrity, it is necessary in assessing character to take an “holistic view” of both the Licensee and Crown including the assessment of the integrity of corporate governance and risk management structures and the adherence to adopted policies and procedures.  This focuses squarely on whether the findings in respect of the Media Allegations have an impact on their character, honesty and integrity. Clearly, they were each regarded as persons of “good repute” and a “suitable person” at the time of the grant of the Barangaroo Licence. It is necessary to determine whether they are still suitable as a result of the findings in respect of the Media Allegations. 
 
19 It is appropriate at this point to make some observations about the reasonable expectations of directors of a publicly listed company generally but more specifically of a company that holds a licence in New South Wales to operate a casino. 
 
Complex Corporations 
 
20 In the early 1990s temporally proximate to the grant of the first casino licence in this State, the Supreme Court of New South Wales made observations on the role of directors, including in the context of large and complex corporate structures. 
 
21 It was observed that many companies “are too big to be supervised and administered by a board of directors except in relation to matters of high policy” with the “true oversight of the activities of such companies” residing within the “corporate bureaucracy”.  In what may be viewed as a rather prescient observation to some of the events that have given rise to this Inquiry the following was said: Senior management, and in the case of mammoth corporations, even persons lower down the corporate ladder exercise substantial control over the activities of such corporations involving important decisions and much money. It is something of an anachronism to expect non-executive directors, meeting once a month, to contribute anything much more than the decisions on questions of policy and, in the case of really large corporations, only major policy. 
 
22 However more focused guidance was provided at the appellate level which included the following:   (a) Directors must take reasonable steps to place themselves in a position to guide and monitor the management of the company; (b) Board meetings should occur as often as necessary to enable the Board to carry out its functions in the particular circumstances of the company; (c) Directors who know, or should know of facts “which would awaken suspicion and put a prudent person on guard” are required to act with care “commensurate with the evil to be avoided”; and (d) Directors must keep themselves informed about the activities of the corporation by a “general monitoring of corporate affairs and policies” rather than a “detailed inspection of day-to-day activities”. 
 
Crown and its directors 
 
23 The duties referred to above need to be viewed and measured against the “particular circumstances of the company”. The pivotally important circumstances of the companies the subject of the Suitability Review of this Inquiry are their roles as Licensee of the Barangaroo Casino and close associate of the Licensee respectively. These are not entities simply operating in the cut and thrust of the commercially competitive corporate environment, although their success in that environment is obviously at the core of their continued viability. 
 
24 These are companies with the overlay of responsibilities to stakeholders well beyond just their shareholders. The regulatory and contractual framework of the Barangaroo Licence imposes obligations on each of them to the NSW Government, the Authority and the broader community to ensure that the casino operations remain free from criminal influence and exploitation; to ensure that gaming in the casino is conducted honestly; and to operate the casino in a manner that contains and controls any potential harm to the public interest, individuals and families.  These frameworks provide a lens through which suitability may be assessed. 
 
25 The investigations of the Media Allegations the subject of the Amended Terms of Reference require analysis of events in or in relation to the operation of Crown and the wholly owned subsidiaries, Crown Melbourne Limited as Licensee of the Crown Melbourne casino, Burswood Limited, as Licensee of the Crown Perth casino, Southbank and Riverbank. 
 
26 It should be said that the Licensee is a company that does not, as yet, have a ‘track record’ of operating a casino. As an entity, it has not been ‘personally’ involved in the circumstances that have been identified in the Amended Terms of Reference. However, it is a wholly owned subsidiary of the close associate, Crown, and its directors are directors of Crown. The conduct of these directors and of Crown and its other directors is relevant because the assessment of suitability requires consideration of those who own and control the corporation. 
 
27 It is appropriate to emphasise that the breadth and focus of the Suitability Review is defined by the Amended Terms of Reference. This is not an assessment of an inexperienced applicant for a fresh grant of a casino licence. It is an assessment of a close associate whose subsidiaries are experienced casino operators in Melbourne and Perth previously determined to be suitable persons, whose conduct whilst holding their licences and being so associated respectively has been called into question in the Media Allegations. 
 
28 It should be emphasised that when assessing good repute having regard to character, honesty and integrity for the purpose of determining whether a person is suitable to continue to hold a licence to operate a casino or to be a close associate of a casino operator, it is necessary to take into account the whole character and nature of the person whose repute and character is being assessed. Although an assessment must be made of the particular conduct alleged in the Media Allegations, it is necessary to take into account the breadth of the person’s operations and previous determination as a suitable person. 
 
29 A casino operator in New South Wales must ensure that its operations are free from criminal influence or exploitation. If it be found that its operations have been burdened by such criminal influence or exploitation then the operator’s character and reputation can be adversely affected so that it becomes an unsuitable person to operate a casino. If that be shown to be the case, the only way to convert it into a suitable person would be, at the very least, to establish to the regulator’s satisfaction a capacity to ensure that in future its operations will not be so burdened. Part of the process of determining suitability is an assessment of whether a regulator could have confidence and satisfaction that a casino operator is to be trusted; that is, whether it has such integrity so that it can be relied upon when it claims to have the capacity to repel criminal influence and exploitation. 
 
30 A casino operator may operate a casino free from criminal influence and exploitation but at the same time have corporate governance problems such that the decision- making processes in respect of its operations may be flawed. For instance, it may not have the appropriate mechanisms for elevating risk to the appropriate entities that determine risk appetite within the corporation. Those corporate governance problems on their own may not convert a previously suitable licensee or close associate into an unsuitable person but rather require adjustment of its processes to ensure that it does not slip into unsuitability by reason of an absence of systems that appropriately defend it from the infiltration of criminal influence or exploitation. However it may be that a lack of proper processes and barriers to such infiltration might mean that the entity is unsuitable. It will all depend upon the circumstances and the nature of the problems that are identified. These observations are made to highlight the need to consider the whole character of the person when assessing suitability. 
 
Corporate Character 
 
Introduction 
 
1 Observations have been made elsewhere in the Report about the reasonable expectations of directors of a company generally but more specifically of a company that holds a licence in New South Wales to operate a casino. 
 
2 A necessary step in the Suitability Review in determining whether each of the Licensee and Crown is a “suitable person” to operate or to be associated with the operation of a casino is an understanding of the character of the corporation. This involves a recognition not only of its strengths but also of its willingness to: (i) accept the existence of its failures; (ii) to analyse the reasons for such failures; (iii) to remove the cause of its failures; and (iv) to commit to a reformation that will remove the likelihood of a repetition of such failures. Although the pivotal importance of reliable executives and senior management is recognised the character of the company can in the main be understood through the conduct, attitudes and values of those who set its course. This is the Board including the CEO. 
 
3 It is intended in this Chapter to review the approach adopted by the Chairman, the CEO and the other directors in respect of these matters in response to the serious corporate failures exposed during the Inquiry. It is also intended to review some aspects of the evidence of two members of senior management, Mr Felstead and Mr Preston, upon whom the Crown Board placed much reliance. 
 
Corporate failures 
 
4 The serious corporate failures relate in the main to: (i) Crown’s operations in China and the arrests of the employees in October 2016 with numerous failures to escalate indicators of real risks to the staff to the proper decision making mechanisms within the company (China Arrests); (ii) the probability of money laundering in Crown’s operations both in the bank accounts of its subsidiaries, Southbank and Riverbank; and in the casino premises with hundreds of thousands of dollars brought into the casino in cooler bags and shopping bags and exchanged for chips and plaques (money  laundering); and (iii) Crown’s failures to ensure that it only had commercial associations with Junket operators of good repute (Junket relationships). 
 
5 Other matters of importance that have required review relate to the structures in place that have contributed to the corporate failures including: (i) the existence and operation of the Services Agreement; (ii) the existence and operation of the Controlling Shareholder Protocol;  (iii) Crown’s relationship with CPH and Mr Packer; (iv) Crown’s risk management structures and their resourcing; and (e) the governance and culture of the organisation. 
 
6 Another aspect of the assessment of the directors’ conduct relates to their understanding of the regulatory agreements with the NSW Government and the Authority and undertakings given to the NSW Government and the Authority at the time of the grant of the Barangaroo Licence in 2013 and 2014. It is clear that each director understood as at 2019 that Crown had given an Undertaking to the NSW Government and the Authority that it would not allow the late Mr Stanley Ho to acquire a direct, indirect or beneficial interest in Crown. Each director was aware of the importance of this Undertaking and each understood the sensitivities the NSW Government and the Authority had in this regard.   At the time of the Melco Transaction it is apparent that none of the directors with knowledge of the transaction prior to it being signed brought this Undertaking to mind. As discussed in Chapter 4. 
 
7 Mr Johnston and Mr Jalland did not appreciate that at the very least enquiry should have been made to ensure that the late Mr Stanley Ho did not have an interest in Melco to which CPH Crown Holdings was to transfer its shares in Crown. Amazingly, Mr Packer, as the former Chairman and director of Crown, who negotiated and secured the grant of the licence to the Barangaroo Casino did not turn his mind to the prospect that the late Mr Ho may have had an interest in Melco; or the need to ensure that some investigation was completed so that the Undertaking that had been given to the NSW Government and the Authority was honoured. 
 
8 As it turned out the late Mr Ho’s associated entity, Great Respect, had an interest in Melco and he thereby obtained an indirect interest in Crown. 
 
9 The fact that Melco sold its shares and since April 2020 is no longer a shareholder and the fact that Mr Stanley Ho is now deceased, does not mean that it was unnecessary to explore these matters further. It is necessary in the Suitability Review to give consideration to whether in the circumstances of the discussion in Chapter 4.7, the Authority could rely upon any undertakings that may be given by Mr Johnston and Mr Jalland having regard to their failure to even think about the Undertaking to ensure that the late Mr Ho did not acquire any interest in Crown at the time of the Melco transaction. 
 
Response to failures 
 
10 Some of the corporate failures were the subject of the Media Allegations published in July and August 2019. Indeed some of them had been the subject of previous publications in 2014 and 2017. The directors’ response to the 2019 Media Allegations was a strident and powerful public denial of the existence of any of the corporate failings by way of an ASX announcement and an advertisement in the print media which is detailed elsewhere in the Report. 
 
11 However Crown has responded differently to the exposure of these serious corporate failures during the course of the Inquiry. 
 
12 It should be recognised here as elsewhere in the Report that after the China Arrests in October 2016, Crown suspended all of its operations in Mainland China. It also carried out a review of its Junket operators in Mainland China and ceased its relationship with all Junket operators based in Mainland China. 
 
13 In August 2020 Crown suspended all of its Junket operations and associations with its international Junket operators and in September 2020 extended that suspension to the end of June 2021. On 17 November 2020 Crown announced that it had determined that it would “permanently cease dealing with all junket operators” and would only recommence such dealings if the Junket operator “is licensed or otherwise approved or sanctioned by all gaming regulators in the States in which Crown operates”. 
 
14 The bank accounts of Southbank and Riverbank were closed in December 2019. This was not at the behest of Crown or recognition of the problems within the accounts. Rather it was a position imposed by the CBA. In September 2020 Crown advised the Inquiry that it was intended the companies would be deregistered. 
 
15 On 21 October 2020 Crown announced that the Services Agreement and the Controlling Shareholder Protocol had been terminated. 
 
Analysis 
 
16 The evidence in relation to many of the matters relied upon to contend that corporate failures had occurred was not in dispute. It should be recorded that Crown, the Licensee, and CPH did not proffer any evidence that challenged the evidence in this regard that was led by Counsel Assisting the Inquiry. 
 
17 Matters of significance in the Suitability Review include assessing whether the directors: (i) accept that corporate failures occurred; (ii) accept that these corporate failures were serious; (iii) were able to provide an explanation as to why these serious corporate failures occurred; (iv) accept responsibility for these failures; and (v) were able to propose mechanisms to prevent similar corporate failures in the future. 
 
The directors 
 
18 It is intended in the following parts of this Chapter to focus on the evidence of the directors of Crown who were serving at the time of the relevant events. This will include the evidence of Mr Barton who as CEO of Crown since January 2020 now serves as a Crown director, although his involvement in some of the relevant events was when he was the Chief Financial Officer of Crown and a director of Southbank and Riverbank. 
 
19 Although one part of the Chapter relates to two members of senior management it is more for the purpose of identifying the problems that arose for the directors from their reliance upon them. 
 
20 The discussion elsewhere in the Report in relation to “suitability” includes reference to the concepts of “character, honesty and integrity”. Although the concept of integrity overlaps with the separate quality of honesty, it embraces the concept of an adherence to strong ethical principles and values. 
 
21 A person’s performance in a field of commercial endeavour which may be layered with multiple duties and obligations can be harshly judged if it is infected by dishonesty. A person’s performance in a witness box in Court proceedings or in an Inquiry after taking an oath or making an affirmation to tell the truth can also be harshly judged if it is infected by dishonesty. Both situations impose heavy burdens. 
 
22 One can easily satisfy the requirement of honesty in the witness box by telling the truth. The commercial environment is more complex. There will be circumstances where care would need to be taken to make judgments about constraints of confidentiality, obligations to superiors and/or regulators and fairness to officers and employees. That is not to say that the concept of honesty should not be at the forefront of the mind of the commercial operative in the marketplace. Rather it is to recognise that there are more obligations in play than when one is giving evidence on oath. In that instance there is just one obligation or one duty: to tell the truth. 
 
23 All but one of the Crown directors who were on the Board at the time of the events relevant for investigation under the Amended Terms of Reference have given evidence in the Inquiry, consequent upon the taking of an oath or the making of an affirmation to comply with that obligation or duty. It is appropriate to say something about the process of making a judgment about whether evidence can be accepted as truthful, going to a person’s credit, and/or reliable, going to a person’s credibility. Albeit the latter is in part reliant upon the former. 
 
A person’s credit may be adversely affected if they fail to tell the truth. A person’s credit may remain intact but because their memory, judgment or appreciation of things may be unreliable, their credibility may be questionable. A person’s credibility in respect of a particular topic may also be adversely affected if they have failed to tell  the truth about a particular matter and are therefore unreliable in this regard, but their evidence in other respects may be quite credible or reliable, unaffected by the failure to be honest in respect of a particular matter. It will all depend upon the circumstances, context and content of the evidence that is given by the person as to whether their credit and or credibility remains intact. A person may be honest but their evidence may be unreliable. 
 
24 A person can lack honesty in some respects but be found to be reliable in other aspects of their evidence that are untouched by the lack of honesty. A person who is dishonest in some respects and unreliable in others may have both their credit and credibility called into question. 
 
25 These observations have been made because it has been suggested that the evidence of three directors, Mr Johnston, Mr Demetriou and Mr Barton should not be accepted, because their credit or honesty has been called into question during the evidence before the Inquiry. Additionally, it has been submitted that Mr Packer’s integrity has been called into question, not by reason of an attack on his honesty or credit in giving evidence before the Inquiry, but because his conduct in making a very serious threat against a business colleague demonstrates a flaw in his character such as to adversely affect his integrity.