ASIC’s approach to enforcement after the Royal Commission


A speech by ASIC Commissioner Sean Hughes at 'Banking in the Spotlight': the 36th Annual Conference of the Banking and Financial Services Law Association, Gold Coast, Queensland, 30 August 2019


Thank you for inviting me to speak at your conference.

I welcome this opportunity to outline ASIC’s priorities, explain our strategic focus for 2020 and beyond and, where any misunderstandings exist, set the record straight. ASIC’s approach to enforcement after the Royal Commission is the title for this presentation and I promise not to disappoint you.

In particular, I will address that most debated of phrases Why Not Litigate?. I will then outline some other features of our renewed and re-invigorated enforcement approach, namely:

  1. that we have established an Office of Enforcement within ASIC,
  2. we are accelerating enforcement outcomes, and
  3. we now have strengthened penalties available to us.

I also want you to think about our expectations of licensees for continued cooperation with ASIC, including enhancements around breach reporting. Beyond our traditional enforcement and disclosure remedies, I will demonstrate how we will use all the regulatory tools available to us, including new powers in relation to product intervention. And in closing, I will outline the objectives of our supervisory work and in so doing, clarify the interplay between supervision and enforcement.

Before all of that, let me first start with some reflections on the Royal Commission and what it brought to the fore.

Royal Commission

The Royal Commission clearly highlighted the substantial harms that misconduct in the financial sector can inflict on consumers and investors.

Although not often spoke of since the Final Report, such harms can broaden their impact to depress investor confidence and undermine trust in institutions. If allowed  to persist, such harms ultimately damage systemic confidence and market reputations from a global perspective.

Commissioner Hayne made four key observations about misconduct and its causes within the financial services sector:

  • First, the connection between poor conduct and the pursuit of profits and gains.
  • Second, the asymmetry of power and information between financial services entities and their customers.
  • Third, the presence of conflicted intermediaries not acting in the best interests of their customers; and
  • Fourth, that too often, financial services entities that broke the law were not properly held to account.

Clearly the community expects better and it should continue to do so.

The Royal Commission confirmed the regulatory principle that the primary responsibility for the misconduct and harms caused, lies with the entities concerned, and their boards and management.

Notwithstanding this, we recognise our important role in driving behaviours that will build and restore trust. We aim to do this by being a strategic and forceful regulator.

In the Royal Commission Interim Report delivered in September 2018 Commissioner Hayne was critical of ASIC’s approach to enforcement. He highlighted that ASIC had, in his view, the wrong starting point:

‘when deciding what to do in response to misconduct, ASIC’s starting point appears to have been: How can this be resolved by agreement?[1]

Commissioner Hayne’s view was as follows:

‘This cannot be the starting point for a conduct regulator. When contravening conduct comes to its attention, the regulator must always ask whether it can make a case that there has been a breach and, if it can, then ask why it would not be in the public interest to bring proceedings to penalise the breach. Laws are to be obeyed. Penalties are prescribed for failure to obey the law because society expects and requires obedience to the law.’[2]

While we did not accept that an approach of “how can this be resolved by agreement” was in fact the starting point we had used previously, we certainly do agree that this can never be an appropriate starting point for a conduct regulator such as ASIC.

In our submission to the interim report we said:

'ASIC acknowledges that for larger financial institutions it should deploy enforcement tools towards the apex of the enforcement pyramid more frequently, particularly criminal and civil court actions. Strategic regulation can only work where the regulator evidences a clear willingness to employ severe sanctions to punish those who commit serious or repeated violations.'

In October 2018 we adopted the Why Not Litigate? enforcement approach and committed to that approach going forward.

In his Final Report delivered February 2019, Commissioner Hayne identified ASIC’s enforcement culture as the focus of the change needed at ASIC. He also identified that ASIC had acknowledged the need for that change and had already initiated action to do so. He noted with approval our adoption of the Why Not Litigate? question. He noted also that:

‘[ASIC] should be given time to demonstrate that changes can be made and to demonstrate that, once made, the changes are durable.'[3]

Commissioner Hayne also stressed the importance of compliance with the financial services laws. ‘Obey the law’ is the first of six basic norms of behaviour prescribed in the Final Report for all actors in the financial system to adhere to. The others: do not mislead or deceive; be fair; provide services that are fit for purpose; deliver services with reasonable care and skill; and, when acting for another, act in the best interests of that other.

Commissioner Hayne’s view is clear. He said:

'The starting point for consideration is, and must always be, that the law is to be obeyed and enforced.'[4] 

And that:

'…breaches of the offence and civil penalty provisions of the financial services laws are not to be dismissed as ‘just a breach of those laws’ as if the laws governing the conduct of financial services entities are some less important form of law. The financial services laws regulate the conduct of central actors in the Australian economy.'[5]

The recommendation for ASIC’s approach to enforcement, as articulated by Commissioner Hayne in the Final Report, was:

'ASIC should adopt an approach to enforcement that:

  • takes, as its starting point, the question of whether a court should determine the consequences of a contravention;
  • recognises that infringement notices should principally be used in respect of administrative failings by entities, will rarely be appropriate for provisions that require an evaluative judgment and, beyond purely administrative failings, will rarely be an appropriate enforcement tool where the infringing party is a large corporation;
  • recognises the relevance and importance of general and specific deterrence in deciding whether to accept an enforceable undertaking and the utility in obtaining admissions in enforceable undertakings; and
  • separates, as much as possible, enforcement staff from non-enforcement related contact with regulated entities.' [6]   

This is consistent with the strategic direction the Commission has adopted for our approach to enforcement – evidenced through both the adoption of our Why Not Litigate? approach and other changes to our enforcement stance. Let’s now move to the features of ASIC’s enforcement model in more detail.

Why Not Litigate?

First, Why Not Litigate?

I have explained how we arrived at our Why Not Litigate? approach. But what does it mean? How does it operate? As I said in my opening, it has proven to be a most debated of phrases.

That we should frame a question to ask ourselves is an appropriate and logical discipline. It is in the style of Socratic questioning – Socrates having believed that the 'disciplined practice of thoughtful questioning enables the scholar to examine ideas and be able to determine the validity of those ideas'.

And this is exactly what the Why Not Litigate? question is. It is a procedural discipline that we have adopted for ourselves to ensure that we ask and answer this question. Importantly, we ask it of ourselves. Other commentators and even legal experts may decide the question differently. But they are not Commissioners. For it is our duty and our responsibility to challenge ourselves on this test.

It is not a ‘litigate first’ or ‘litigate everything’ strategy. This would not be appropriate from a discretion perspective nor practical from a resource allocation or cost perspective.

Why Not Litigate? means that once:

  • ASIC is satisfied breaches of the law are more likely to have occurred than not and
  • the facts of the case show pursuing the matter would be in the public interest,
  • then we will actively ask ourselves: why not litigate this matter? 

We are funded with public money. And litigation is costly. It takes time. It is unpredictable. We don’t know what surprises the other side may have up their sleeves. But the question of whether pursuing a matter to court-based enforcement would be in the public interest goes to more than just responsible and effective use of our budget. In grappling with the question of what is or is not in the public interest, the task we face is, I believe, akin to a prosecutorial office.

It may be informative therefore to consider how the Commonwealth Director of Public Prosecutions (CDPP) weighs the consideration of whether the public interest requires prosecution. The CDPP has a prosecution policy containing a non-exhaustive list of factors which may arise for consideration. Albeit non-exhaustive, the list is more than 20 items long. Some of the factors include:

  • whether the offence is serious or trivial,
  • any mitigating or aggravating circumstances,
  • the youth, age, intelligence, physical health, mental health or special vulnerability of the alleged offender, witness or victim,
  • the alleged offender’s antecedents and background,
  • the passage of time since the alleged offence,
  • the availability and efficacy of any alternatives to prosecution,
  • the prevalence of the alleged offence and the need for general and personal deterrence,
  • the attitude of the victim,
  • the need to give effect to regulatory or punitive imperatives, and
  • the likely outcome in the event of a finding of guilt.

It goes without saying, but I will state it nonetheless, in making decisions about whether to litigate and then in the conduct of such litigation, we will of course meet our model litigant obligations. 

And when we ask, Why Not Litigate?, we need to also ask and answer some subsidiary questions including:

  • Whether to pursue criminal or civil action (or alternatively licensing or banning action), and
  • Whether any action is against the corporation or individuals or both.

On the first of those questions – criminal vs civil – what we decide will again depend on the facts and circumstances of each matter and will be heavily influenced by the evidence that is available to establish those facts.

If we believe we have gathered sufficient evidence to support the view that a criminal offence has been committed and that the circumstances of the matter warrant a criminal prosecution, we refer the matter to the CDPP – except in the case of some minor regulatory offences which we prosecute on our own behalf.

Our consideration of whether the public interest requires a criminal prosecution involves balancing a number of factors.  A key consideration will be whether the nature, severity, impact and prevalence of the conduct is such that it requires the level of deterrence (specific or general) or moral opprobrium that would result from a criminal action.  

On the other hand, without being exhaustive, some factors that suggest a matter might not require a criminal prosecution include where:

  1. the available civil penalty action is likely to result in a stronger deterrent impact (specific and general) and more effectively encompasses the misconduct of concern than the available criminal action. This may be particularly relevant where the offender is a corporate entity; or
  2. the effective and efficient administration of justice strongly favours the civil penalty action be pursued instead of the criminal action. 

On the question of pursuing the corporation or the individual, allow me to share with you the philosophical underpinning to this question.

In the corporate enforcement context, there is no such thing as a company.[7] A company is an artificial legal entity. The artifice of the corporate entity impacts the pursuit of general and specific deterrence, as well as the ability to remove bad actors from corporations, financial services and other regulated industries.

How is effective deterrence achieved, where the directors and officers of a corporation are insulated from the impact of any fines or behavioural requirements imposed upon the corporation, where it is found to have contravened the law? Implicit in the imposition of any such penalties is the anterior fact that an individual, or group of individuals holding senior positions of importance in the company, caused that company to act in breach of the law. Yet those officers are hardly deterred where the shareholders suffer, because the imposed penalties diminish the profitability of the company and thus the dividend it can pay to shareholders in any given year.

The evidence to the Royal Commission raises the spectre of a ‘cost of doing business’ attitude towards financial penalties and enforceable undertakings imposed on companies. Such an attitude cannot be tolerated, and ASIC’s enforcement approach needs to deter any such unacceptable attitude. When appropriate, proceeding against both the corporation and the individual corporate officers responsible for the contravening actions of the company should be our primary objective.

The large corporations deriving substantial profits in the financial services sector must also be held to account for civil and criminal breaches of the law. The reputational risks to all corporations (and to those who aspire to be appointed directors of them) must be real and significant to compel cultural change within those parts of corporate Australia, where our own enforcement history, plus the revelations of the Royal Commission, have demonstrated that compliance with the law has been unacceptable.

The obtaining of judgments and the imposition of penalties against companies reinforces the message that complying with the law is not a choice, but a legal obligation.

Successful individuals must be encouraged to disassociate themselves from a culture which is cavalier about compliance with the law. Boards which fail to drive a culture of strict compliance with the law will find their directors subjected to reputational damage. Significant reputational harm is adverse to shareholder value. Loss of shareholder value in turn drives the directors to search for a sustainable future for their companies. Shareholders, and potential shareholders, well understand that a sustainable future for their investment cannot be achieved if the corporate culture is one of ignoring the law.

So if I am to summarise our Why Not Litigate? approach, I would do it in this way. It is a procedural discipline that we have adopted for ourselves to make sure that we ask, and answer this question. Its aim is to deter future misconduct and address the community expectation that wrongdoing be punished and publicly denounced through the courts. But it does not mean that we will take every matter to court.

Other aspects of new enforcement approach

Let’s move to the other features of our renewed and re-invigorated enforcement approach.

Office of Enforcement

We have established an Office of Enforcement within ASIC. The decision to do so followed delivery of the Royal Commission Final Report and responds to a recommendation of the ASIC Internal Enforcement Review conducted between mid-October and December 2018 led by ASIC Deputy Chair Daniel Crennan QC.

The objective of the Office is to strengthen ASIC’s enforcement culture and effectiveness and implement a single enforcement strategy for ASIC. It is responsible to the Commission for all of ASIC’s enforcement activities and policies.

It will:

  • centralise decision-making processes and ensure the consistent adoption of the Why Not Litigate? approach
  • increase the focus on priority matters and ensure adequate and flexible resourcing of matters, and
  • adopt uniform procedures and achieve greater consistency in our enforcement approach.

It will also ensure the functional separation of ASIC’s enforcement teams as much as possible from non-enforcement related contact with regulated entities.

The Office will have an oversight committee chaired by ASIC Deputy Chair Daniel Crennan QC which will provide oversight and guidance to teams within the Office of Enforcement. 

Accelerating enforcement outcomes

I mentioned also that we are accelerating enforcement outcomes. 

Statistics highlighted in our most recent ASIC Enforcement Update point to our focus on increasing and accelerating enforcement outcomes. Between July 2018 and June 2019:

  • there has been a 20% increase in the number of ASIC enforcement investigations,
  • a 51% increase in enforcement investigations involving the big six financial services firms (or their officers or subsidiary companies), and
  • a 216% increase in wealth management investigations.

The next year will see ASIC continue with its recruitment program to increase the number of analysts, investigators and lawyers in our ranks. This will increase our capacity to investigate – and where necessary litigate against – market, corporate and financial sector misconduct. This expansion is being funded by the $404 million over four years provided to ASIC by the Government following the Royal Commission. We are also expanding our use of external resources to provide advice and to support us increase and accelerate our enforcement action.

New penalties

I mentioned also the strengthened penalties now available to us.

In the past, our enforcement caseload was impacted by the absence of effective penalties or remedies (even for such fundamental licensee obligations as s912A). And so we welcomed the passage of the Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Act 2019 in March this year. For contraventions occurring from 13 March 2019:

  • Civil penalties now apply to certain misconduct that before had no penalty
  • Penalties have been strengthened, including by:
    • Increasing maximum prison penalties for the most serious offences to 15 years; and
    • Increasing the maximum civil penalties to $1.05M for individuals and $525M for companies.
    • And there is an extended infringement notice regime and the availability of disgorgement remedies.

This reform follows lengthy advocacy by ASIC over an extended period about the need for penalties in the legislation administered by ASIC to be substantial enough to represent a credible deterrent and to meet community expectations as to the seriousness of the misconduct. The penalties reform was the culmination of recommendations by the ASIC Enforcement Review Taskforce in late 2017 that were almost entirely accepted in principle by the government in April 2018. That Taskforce was led by Treasury and ASIC was a major contributor to the formulation of the recommendations.

Let me emphasise the point. Before this reform no penalties were available to be pursued by the regulator for breaches of section 912A which contains the cornerstone obligations owed by Australian Financial Services Licensees including banks to their customers. Many of the referrals by the Royal Commission to ASIC related to breaches of s912A. Many of the Case Studies, some of which in turn are the subject of ASIC investigation or assessment, relate to breaches of s912A.  Many of the matters that were subject to ASIC pursuing court enforceable undertakings and remediation programs in recent years, related to breaches of 912A.

Some of the other misconduct that civil penalties now apply to include failure to report breaches, carrying on a financial services business without a licence, defective disclosure, and breaches of the duty of utmost good faith under the Insurance Contracts Act.

Any perception that regulatory sanction is just a ‘cost of doing business’ is an attitude that we will not allow to persist. The new penalties will, we hope, be an effective deterrent, but we will revisit that with the benefit of experience and in particular upon a review of how the Courts are applying them to different types and scales of offending and misconduct. 

Enforcement priorities

Having traversed the key features of ASIC’s renewed and reinvigorated enforcement approach, what will ASIC most focus on you may ask?

In our strategic priority setting for 2019-20, we have resolved to give particular focus to cases with a high deterrence value and where there has been egregious harm, especially impacting vulnerable customers. And we’ll be pursuing cases where we can utilise our new powers and penalties.

Our enforcement focus will be on both corporate and individual accountability. We will be paying attention to whether people at the executive and board levels are carrying out their legal responsibilities. We will be prioritising enforcement cases where we are holding individuals accountable for governance failures that have led to harm.

We are also prioritising our continued investigation, and where appropriate, litigation arising from the 13 matters referred to ASIC by the Royal Commission and 30 of the matters that were examined as case studies in the Royal Commission hearings. Proceedings have already commenced on one referral and two case studies, and we have referred two case studies to the Commonwealth Director of Public Prosecutions.

Most recently, as you will know, last week we commenced proceedings in the Federal Court against National Australia Bank for breaches of the National Consumer Credit Protection Act 2009. We allege that, as part of its ‘Introducer Program, NAB accepted loan information and documentation in support of consumer loan applications from third party introducers who were not licensed to engage in credit activity. A range of misconduct in relation to the NAB Introducer Program was detailed in the Royal Commission case studies.  

We will also continue to pursue cases where the law is unclear. As a regulator, it is our role to test the law and its ambit. Judicial clarification is important for both regulator and regulated. Two recent cases come to mind:

  1. Our appeal to the High Court on whether Mr Kobelt’s provision of a book-up service to his customers – most of them Anangu people of the APY Lands in remote South Australia – was unconscionable. By a narrow 4:3 decision the High Court found it was not; and
  2. Our responsible lending case brought against Westpac, and dismissed by Justice Perram of the Federal Court earlier this month.

Obviously these are not the outcomes we were after. When our interpretations don’t win the day, we may need to find other ways to address our concerns. The next step for us following the Kobelt decision is to work with various stakeholders and the government to address the aspects of book up provision in remote communities that we think fall below community standards and expectation.

Our four-year Corporate Plan covering 2019-20 to 2022-23 was published just two days ago. It gives further insight into ASIC’s key priorities and how we aim to achieve our vision. 

Continued cooperation and breach reporting

It has been put to ASIC by a number of parties that the changed environment – post Royal Commission and with ASIC’s resolve to a strengthened approach to enforcement – will necessarily mean companies are far less likely to cooperate with ASIC than previously.

To this we say, that is not only illegal and illogical, but highly risky.

Let me make a few general remarks about our expectations for continued cooperation with ASIC, and then turn particularly to the breach reporting obligation.

A cooperative approach to dealings with ASIC may benefit a person or entity in many ways. For example:

  • early notification of misconduct or a cooperative approach during an investigation will often be relevant to our consideration of which type of action to pursue and what remedy or combination of remedies to seek; and
  • in any proceedings commenced by ASIC we will give due credit for any cooperation we have received from the person or entity against whom the proceedings are brought.

More fundamental however is that good regulatory relationships are valued both by companies and the market. The point here, of course, is that the question of cooperating with regulators is not simply a legal one and indeed I would argue is not even primarily a legal one in today’s environment. And we are well beyond the days when merely fulfilling your legal obligations (e.g. by complying with reporting obligations under the Corporations Act 2001, or by producing documents in response to statutory notices issued by ASIC) is seen as cooperation.

ASIC’s Report 594 on compliance with breach reporting obligations published in September 2018 found serious, unacceptable delays in the time taken to identify, report and correct significant breaches of the law among Australia's most important financial institutions.

We found the major banks were taking an average time of over 4 and a half years to identify an incident that may constitute a breach, and a further 150 days to investigate a breach prior to reporting to ASIC. Our report also identified delays in remediation for consumer loss, with an average of 226 days taken from the end of a financial institution's investigation into a breach and first payment to impacted consumers.

Licensees need to do better. And we believe they can.

Now, almost 12 months after this report, what are we seeing?

Our Close and Continuous Monitoring program has been reviewing breach reporting processes. The initial indications are that there are some positive steps that (if embedded within the organisation) should lead to longer term improvements. We have seen tangible steps being taken by organisations to reassess programs, resources, policies and procedures in the spirit of improving.      

One improvement has been an increase in the number of breach reports received. We have seen an increase in breach reports by Financial Services licensees of over 50% compared to the previous year, and an increase of 99% compared to two years ago. However, our observation is that the time taken to both identify and report breaches has not improved overall.

We have seen some slight improvement (though not universal) in time to remediate customers. The importance of fair and timely outcomes for consumers affected by institutions mistakes and breaches, cannot be understated.  

We can speculate that the Royal Commission together with ASIC’s focus on the area, has led to a proverbial ‘clearing out the skeletons’, which has had an influence. Whether these changes are only short term remains to be seen, but ASIC’s focus on breach reporting is very much long term and will continue to be so. 

Breach reporting should be part of the entity’s process to identify areas for improvement, fix errors and importantly action customer remediation in a timely way. From this perspective breach reporting should be part of the entity’s overall governance and risk management.

As we move further away from the Royal Commission and other day-to-day pressures come to the fore, we expect entities to continue to take their regulatory obligations – including but not limited to breach reporting – seriously.  

Using all the regulatory tools

Let me now tell you about how we are using all of the regulatory tools available to us.

We know – and this is supported by academic work in the field too – that the deterrence value of our enforcement is also a function of how active we are seen to be across the regulatory pyramid. We continue to see an important role for all the regulatory tools, and often, using them in combination.

An example is our four-pronged response to our concerns about Consumer Credit Insurance (CCI). We’ve recently released our Report 622 Consumer Credit Insurance: Poor value products and harmful sales practices. We reviewed the sale of consumer and credit insurance by 11 major banks and other lenders, and found that the design and sale of CCI has consistently failed consumers. These are very low value products and they are promoted and sold in unfair ways that cause consumer harm.

While one component of our response is to investigate the suspected misconduct of several entities in the CCI product market with a view to enforcement action, our response is,  as I mentioned, four-pronged. Investigation, Intervention, Remediation and Guidance.

  • Intervention – due to the consumer harms we have seen, we are consulting on a proposal to ban the practice of unsolicited telephone sales of direct life insurance and CCI when only general advice or no advice is given at the point of sale. We propose to use our modification power in the Corporations Act to implement the ban. The recently released Government Roadmap indicates that the legislative reform to prohibit the hawking of insurance and superannuation products (as recommended by the Royal Commission) will be introduced by 30 June 2020. In the meantime, ASIC’s proposed ban will provide interim protections to consumers ahead of the broader law reform.
  • Remediation – ASIC’s work has led to a significant remediation program expected to exceed $100 million paid to over 300,000 consumers. To date, over $51 million has been paid to over 186,000 consumers. ASIC’s work to secure further compensation will continue. Just earlier this week we announced that Allianz Australia Insurance Limited will refund over $8 million in CCI premiums and fees including interest to more than 15,000 customers; and
  • Guidance – we have made clear our expectation that all CCI lenders incorporate a four-day deferred sales model for all CCI products across all channels, not just those entities that subscribe to the Banking Code of Practice. We expect all lenders and insurers to meet the standards we set out in our report or entirely cease selling CCI until they do. Several lenders have already ceased selling CCI.

Another regulatory tool is transparency. We have initiatives underway to better utilise transparency as a regulatory tool to deter poor behaviour, promote better outcomes and drive improved industry behaviour. Our publications clarify expectations and, where the circumstances call for it, can make evident that certain entities are falling short of our expectations. In December 2018 we reported on credit card providers responses – where they had changed or committed to change practices and where not – six months down the road after our July 2018 report identified concerns with credit card lending in Australia and set out our expectations for improvement. We chose to transparently outline what changes had been committed to, and the progress made to date, by each of the 10 largest credit providers. I suspect those entities will tell you, there’s nothing that spurs you on quite like being identified and transparently benchmarked in this way.  We plan to conduct a further follow-up review within two years.

Often, our use of one tool betters the deployment of the next. A recent example is where, through our Close and Continuous Monitoring program onsite surveillance visits, we identified (in some entities) significant shortcomings in customer complaints handling. These deep supervisory insights into how consumer complaints are being dealt with, plus our research into the consumer journey through the internal dispute resolution process, have informed our current work to enhance Internal Dispute Resolution standards. Our consultation on new standards closed early in August and we plan to finalise our response late this year.

A recent addition to our regulatory toolkit is our new Product Intervention Power - or ‘PIP’ for short. The PIP strengthens ASIC’s consumer protection toolkit by equipping us with the power to directly confront, and respond to, actual or likely significant consumer detriment. It gives us the ability to respond to market problems in a flexible, targeted and timely way. We no longer need to rely on legislative reform alone to address gaps in the current law.  Similar intervention powers are used by ESMA, the UK FCA and the Consumer Financial Protection Bureau in the US.

We closed consultation on our general approach to exercising the Product Intervention Power at the end of July.  The draft regulatory guide that we consulted on sets out the scope of the power, when and how ASIC expects to use the power and how a product intervention order is made. We expect to release our final regulatory guide in the coming months.

Before we exercise the power, we must consult on a proposed intervention with affected and interested parties. This is an opportunity for us to receive comments and further information, including details of any other firms providing similar products, before we make a decision.

We have consulted on two proposed uses of the product intervention power. The first, in the short term credit industry (that consultation closed on 7 August so we are now in the determination phase), and just last week we released a second consultation on use of the power, this time in the retail over-the-counter derivatives market to ban OTC binary options and restrict OTC contracts for difference (CFDs) for retail consumers. Comments close on that consultation on 1 October.

With the introduction of the PIP power came Design and Distribution Obligations. This brings accountability for issuers and distributors to design, market and distribute financial and credit products that meet consumer needs. Issuers must identify in advance the consumers for whom their products are appropriate and direct distribution to that target market. We will consult on guidance for these obligations later this year before the obligations commence in April 2021.

Both of these reforms represent a fundamental shift away from relying predominantly on disclosure to drive good consumer outcomes. The research, and our own experiences, tell us that disclosure alone is insufficient as a consumer protection mechanism. Next month we will release a joint publication with an overseas regulator which discusses several key limitations of disclosure.   

From this discussion I hope to have made clear that the responses we take to misconduct and consumer harm are diverse and multifaceted. We make use of all regulatory powers available to us.


Let me now focus on our supervisory work.

As well as reinvigorating our approach to enforcement, we have enhanced our supervisory approaches.

Our enhanced supervision aims to be more strategic, forward looking and pre-emptive. Our goal is to encourage firms to look beyond current known non-compliance and consider instead the things that create a significant risk of future breaches. We do this by focusing on cultural, organisational and management shortcomings that may lead to conduct problems, breaches of the law and unfair outcomes.

Our enhanced supervision also involves understanding and testing the strategies, business models and risk management processes that are operating in the marketplace, as well as conducting benchmarking reviews across sectors of the financial industry.

Our Close and Continuous Monitoring Program and our Corporate Governance Taskforce are both examples of ASIC’s enhanced supervisory approaches. They are responses to the demonstrable deficiencies in a firm’s ability to identify and manage non-financial risk. Let me say a bit more about each.

Our Close and Continuous Monitoring Program features an increased ASIC presence in the Big 4 banks and AMP coupled with an emphasis on C-suite engagement designed to encourage a shift in mindset, risk management, day-to-day behaviours and decision making. This on-site, more ‘continuous’ rather than just reactionary surveillance program also starts to bring ASIC’s regulatory approach to these institutions more into line with international peers such as the UK FCA, Hong Kong SFC, US Fed and others. Between its commencement in October 2018 and June 2019, our staff have been onsite for more than 119 days, had meetings with 425 banking staff at all levels and reviewed thousands of documents.

Initial areas of focus are:

  • how CCM institutions detect and respond to reportable or potentially reportable breaches of financial services laws, and provide comprehensive and timely rectification and remediation of those breaches; and
  • an analysis of internal dispute resolution (i.e. customer complaints management) arrangements, including processes, practices, information technology systems, communications and reporting.  

Collectively, a focus in these areas is expected to improve customer outcomes.

We also established a dedicated taskforce, ASIC’s Corporate Governance Taskforce, to conduct a proactive and targeted review into certain corporate governance practices in large listed companies. The 21 entities include the CCM institutions, and also a broader range of financial services organisations and other ASX 100 entities.

The purpose is to identify and report on our observations of governance practices – both the good and the bad – in large listed entities; inform the market about ASIC’s observations and findings; and recommend improvements to lift corporate governance standards. We are reviewing how directors and officers have overseen and managed:

  • non-financial risk; and
  • variable remuneration for key managers.

We are also focused on reviewing entities’ public disclosures regarding their corporate governance practices to ensure that they are reflective of what happens in practice, inside these entities.

The work has involved the review of over 43,000 documents and 97 interviews with CEOs, Chairs, Board Risk Committee Chairs, Chief Risk Officers, Internal Auditors and Company Secretaries. 

We will provide valuable insights for the sector on the findings of our CCM and corporate governance work. The first of these publications on our Corporate Governance Taskforce review will be released mid next month.

While both our CCM program and Corporate Governance Taskforces do not have an enforcement focus, where instances of misconduct are uncovered during our supervisory activities, appropriate action will be taken. Nothing less should be expected.

ASIC report Looking for a mortgage: Consumer experiences and expectations in getting a home loan  

On a near final note, I want to mention a report that we published yesterday that I expect will be of interest to you. Our Report 628 Looking for a mortgage: Consumer experiences and expectations in getting a home loan sets out the findings of research we commissioned to examine the experience and expectations of consumers taking out home loans. The research followed over 300 consumers in the process of taking out a home loan directly through a lender or through a mortgage broker, and surveyed another 2,000 consumers who had recently taken out a home loan or were looking to do so.

The findings highlight the importance of planned and proposed reforms for mortgage brokers and home lending. And in two main ways:

  1. By confirming that consumers who use mortgage brokers expect mortgage brokers to act in their interest. The Royal Commission recommended the introduction of a best interests duty for mortgage brokers, and the Government’s recent Implementation Roadmap indicates this will be introduced by the end of 2019.
  2. And, by highlighting that competition in the home loan market remains a concern. The research suggests some consumers are taking out home loans when cheaper alternative options exist. Consumers are most likely to take out their home loan with an existing lender (or lender they already have a banking relationship with) and do very little shopping around. Following a recommendation from the Productivity Commission’s inquiry into competition in the Australian Financial System, ASIC is currently working with other regulators to develop a home loan interest rate tool to improve home loan price transparency and enable consumers to compare their interest rate with actual rates offered. We expect this tool will be made available on ASIC’s MoneySmart website next year. 


Let me conclude by reinforcing that our enforcement work has a core focus on deterrence, public denunciation and punishment. We continue to pursue this work via our Why Not Litigate? approach.

The degree of consternation generated by our adoption of that 3-word question suggests to me that people are looking for it to be something more interesting than it actually is. I’ll reiterate: Why Not Litigate? does not suggest that we will take every matter to court as the default option, or that we will pursue litigation where it would be inappropriate, or not in the public interest, to do so. What it does is ensure that we actively ask ourselves – and answer – why we would not progress a given matter through to court-based enforcement action.

ASIC’s vision is for a fair, strong and efficient financial system for all Australians. Enforcement, including court action, is a key regulatory tool that serves in our pursuit of this vision. But it is not our sole one. We will continue to use all of our regulatory tools (often in combination), and our supervisory work is vital to achieving this vision.

As ASIC Chair James Shipton said this week with the release of our Corporate Plan:

'The public expects financial firms to treat Australians fairly and live up to the expectations of the community and the law.

The public expects ASIC to see that they do. If the firms or individuals we regulate do not, we have the will, the resources and the regulatory tools to hold them to account. '

And I remind you that no matter what is the regulator’s enforcement approach, all actors in the financial system bear frontline responsibility for obeying the law. Commissioner Hayne emphasised that compliance with the law is not a matter of choice:

'All financial services entities must obey the law, not just those who are willing to do so. And all financial services entities must comply with all the laws that apply to them, not just with those bits of the law that they find to be commercially acceptable.'[8]  

he articulated in the Final Report.

Your role as lawyers and other professionals in giving and heeding good advice that results in compliance with the law is paramount. And I encourage you to remember that what happens in the financial system matters in a very real way to the lives of everyday Australians.

Thank you.


[1] Interim Report, p 277.

[2] Interim Report, p 277.

[3] Final Report, p 431.

[4] Final Report, p 432.

[5] Final Report, p 433.

[6] Final Report, p 446.

[7] Lord Hoffman in Meridian Global Funds Management Asia Ltd v Securities Commission [1995] UKPC 5.

[8] Final Report, p 425.

Media enquiries: Contact ASIC Media Unit