Corporate regulation in Australia: The legacy of Ian Ramsay

Speech by Chair Joe Longo at the Melbourne University Law School Symposium in honour of Professor Ian Ramsay, Wednesday 30 March 2022 – Keynote address

Check against delivery

Good afternoon everyone, both here and online.

I would like to begin by acknowledging the Traditional Owners and Custodians of the lands on which we meet today, and to pay my respects to their Elders past, present and emerging. I extend that respect to Aboriginal and Torres Strait Islander peoples present today.

It is a great honour to be asked to speak at this symposium in honour of Professor Ian Ramsay.

For over 35 years, Ian has been a prolific contributor to Australian corporate law and regulation, including serving on a range of ASIC consultative panels, taskforces and official inquiries.

His wide-ranging research has shaped and influenced the development of modern Australian corporate regulation, its framework and its substance.

Ian has also been a great friend and mentor to many academics and practitioners, making a unique contribution not only to Australian legal education and the legal academy, but also to generations of practitioners. This has encouraged the maintenance of high professional standards and understanding of key areas of economic regulation.

Today I want to speak about three things.

I will start with some reflections about Ian’s legacy and aspects of Ian’s work, followed by some observations on regulatory purpose and accountability, and will conclude with some thoughts about technology and the need for ASIC to accelerate its strategy for a digital future.

Ian Ramsay’s contribution: An overview

So, how should we think about Ian’s legacy?

An overarching theme for me is this: Ian’s story is ASIC’s story.

Ian, either writing alone, but often collaborating with others, has analysed and thought about issues touching virtually every aspect of ASIC’s diverse jurisdiction and mandate.

On Australia’s tortuous journey to national regulation, Ian has observed that ‘in a climate of much wrangling between the states, external events emerged to finally force recalcitrant hands’.

This led to what became known as the cooperative scheme, the precursor to what we have today. Australia, unlike the US and Canada, now has a system of truly national regulation under a ‘twin peaks model’.

ASIC started life as a markets and corporate governance regulator. However, neither the original architects of the Corporations Law, nor even Ian, could have imagined the scope and range of ASIC’s work today – in particular, the extent of ASIC’s involvement in consumer protection across financial services and credit, including external and internal dispute resolution.

The growth in ASIC’s responsibilities reflects the dynamism of the financial system, the growth of financial services and especially superannuation as mass consumer products central to people’s wellbeing, and changing community expectations over time.

Throughout, Ian has emphasised a disciplined, data-driven empirical approach. More about that in a moment.

In 1992, with remarkable prescience, Ian wrote about Australia’s love affair with legislation and complexity. He noted that ‘it is now very clear that the way in which significant social problems are resolved is through legislation rather than the courts’ and that ‘nowhere is this more evident than in corporate law’. Remarkably, Ian raised a number of questions which are presently the subject of an ambitious and wide-ranging review by the Australian Law Reform Commission (ALRC) into the Legislative Framework for Corporations and Financial Services Regulation.

Ian wondered why we have complex legislation, concluding that it is impossible for legislators to foresee all of the problems to be dealt with under a statute, and pressures upon legislators meant that they cannot make statutory amendments to accommodate every one of these changes. The implications of this insight lie at the heart of the ALRC’s work and relate, in particular, to how ASIC should be reasonably expected to administer the legislation.

In the time I have today, I will focus on just three areas of Ian’s legacy:

  • enforcement, in particular with respect to directors’ duties
  • complaints handling and dispute resolution, and
  • consumer access to redress.


Enforcement is a fundamental part of ASIC’s work. Here Ian Ramsay and his collaborators have done ground-breaking and enduring work.

One of the reasons for the creation of a national regulator was the repeated failure of state-based law enforcement to deal with serious cases of corporate malfeasance. Writing as far back as 1894 after corporate collapses of the early 1890s, one author observed that ‘remedial legislation is urgently needed to remedy existing abuses, and to diminish losses which are now sustained’.

Starting with Tony Hartnell’s famous top 16 investigations when the Australian Securities Commission first opened for business, enforcement has been a touchstone of ASIC’s perceived success or failure as an effective regulator.

At a time when I was ASIC’s head of enforcement, then ASIC Chair Alan Cameron and I keenly supported empirical research conducted by Ian and others into ASIC’s approach to civil penalties and the enforcement of directors’ duties.

In 1999, in work that was seminal for the time, Ian’s team analysed the issues under the following four themes, which resonate to this day:

  • ASIC’s resource constraints, including financial, geographical and personnel constraints
  • ASIC’s relationship with other regulatory agencies, including the Commonwealth Director of Public Prosecutions and the courts
  • the availability of alternative enforcement mechanisms to civil penalties, and
  • particular legal issues, including the unclear nature of parts of the Corporations Law.

A feature of this and subsequent work was reviewing what was called ‘court-based enforcement action’, suggesting the possibility of assessing other options open to ASIC which constituted ‘enforcement’.

Civil penalties had been introduced in 1993. At the time of this research, ASIC had commenced 14 civil penalty cases and the authors concluded, curiously, that ASIC’s then view was that they had served ‘a limited deterrent function’.

This work also grappled with attempting to clarify enforcement concepts and terminology.

Strategic regulation and the ‘enforcement pyramid’ featured in the analysis. The conclusions expressed by the authors were informed by data provided by ASIC and interviews with senior ASIC case officers drawn from regional offices across Australia.

In 2004, Ian and his team published a research paper more ambitiously entitled ‘ASIC enforcement patterns’ – a detailed empirical survey of ASIC court-based enforcement activities during the years 1997 to 1999.

One of the study’s conclusions, taken from analysis of a data set of ASIC’s court-based matters, was the predominant use by ASIC of penal enforcement activities and sanctions. However, the nature of that data analysis led the authors to note that they could not comment on whether these trends were predominant in all ASIC’s enforcement work, or merely court-based activity.

Ian and his co-authors have also written extensively on the question of directors’ duties and ASIC’s approach to enforcement in this core area of ASIC’s jurisdiction. The approach has always been data driven.

In more recent times, this research has included an extensive contribution to the debate around ASIC’s frequent use of what has come to be known as ‘stepping stone’ liability in pursuing directors.

In 2016 Ian also undertook, with colleagues Helen Bird and George Gilligan, a study of enforceable undertakings accepted by ASIC over 17 years from 1998 to 2015. Their analysis examined the ‘who, why and what’ of enforceable undertakings accepted by ASIC, and highlighted their impact both in achieving specific outcomes as well as firm-wide changes in approach to compliance.

Ian and his co-authors are to be commended for this piece of work, as I am not sure anyone else has taken the time to read and analyse all 414 enforceable undertakings in existence at the time of publication.

In 2019 the Hayne Royal Commission’s findings about ASIC’s enforcement performance had a chilling effect on ASIC’s willingness to accept enforceable undertakings.

However, in more recent times, ASIC has made it clear that where the circumstances merit the use of an administrative remedy, ASIC may choose to accept an enforceable undertaking – and this may be as an alternative to, or in conjunction with, civil court action or other administrative action.

Over the last two years ASIC has assumed responsibility as the conduct regulator for superannuation. This has sharpened ASIC’s enforcement role in this very important sector, as regulatory settings tighten to encourage good outcomes for all Australians.

Another critical element in effective regulation is the availability of adequate penalties. Ian has long been an advocate for a strengthened enforcement toolkit and increased penalties, as now reflected in the outcomes of the 2016 ASIC Enforcement Review. Ian was a member of the expert panel that supported that review.

In an essay published earlier this year reviewing the history and efficacy of the ‘twin peaks’ model of regulation in Australia, Ian and his co-authors touched on aspects of ASIC and the Australian Prudential Regulation Authority’s (APRA’s) enforcement performance and culture. They concluded that their analysis of coregulation revealed that ‘the distinctions between each peak are increasingly being blurred’.

Ian’s research and scholarship have encouraged a thoughtful and data-driven approach to assessing how ASIC undertakes enforcement within a ‘twin peaks’ framework.

In doing so, Ian has contributed to a better informed discussion of ASIC’s enforcement record.

Complaints handling and dispute resolution

I now want to turn to complaints handling and dispute resolution.

In 2016–17 Ian chaired the Government’s review of the financial system external dispute resolution and complaints framework.

The central recommendations of what has become known as the ‘Ramsay Review’ were:

  • to establish a single external dispute resolution (EDR) body for financial services and superannuation complaints, to be known as the Australian Financial Complaints Authority (AFCA), and
  • to introduce reforms to improve the transparency and accountability of financial services firms’ responses to consumer complaints and their approach to internal dispute resolution (IDR).

The package of legislative reforms implementing the Ramsay Review recommendations was transformational for complaints handling and dispute resolution in Australia – a true ‘game changer’ in financial services consumer protection in this country.

Consumer access to redress

In AFCA, Australia now has a single, well-resourced EDR scheme, which in its first two years of operation received 153,246 complaints and saw more than $477.4 million in compensation and refunds awarded through its dispute resolution work.

ASIC is currently implementing the final piece of the IDR reforms, which will result in the first recurrent data set on consumer complaints from more than 10,000 licensed financial services firms. ASIC will publish IDR data about the many millions of complaints that these financial firms deal with each year, thus making public valuable information about the issues consumers complain about and how those complaints are resolved.

Lifting the quality and transparency of complaints handling at the internal dispute resolution stage and having a single, fair and effective EDR scheme in AFCA, has real world impacts on consumers and their level of trust and confidence in the financial system – knowing that there are robust and effective processes in place to respond to complaints when things go wrong.

Finally, the Ramsay Review recommended a compensation scheme of last resort. Legislation to introduce such a scheme is currently before the Parliament.

I now want to move from Ian’s contributions to consumer protection policy to ASIC as a regulator.

Regulation and regulatory accountability

It is the fate of regulators in general, and certainly ASIC in particular, to have to strive to be understood.

ASIC gets mixed feedback about whether it articulates its priorities clearly enough and often enough, questioning the strategic basis and consistency of its core regulatory decision making, and challenging the transparency and communication around what it does and why, particularly in the core area of enforcement strategy.

Regulation, and what it is for, remains a key concern of the regulated community and of government.

Yet, we have mixed feelings about regulation.

As a community we value, indeed welcome, regulation as a necessary part of our daily lives. Whether from the perspective of business, investors or consumers, we expect regulation to be there, and regulators like ASIC to be there, to advance the interests of citizens and deal with what economists call externalities and market failures, among other things.

But with high and increasing expectations of ASIC come other considerations.

We want our regulators to be accountable, particularly as more and more responsibility and powers are given to regulators such as ASIC.

In this respect, it is surely the case that ASIC is no orphan when it comes to accountability.

ASIC is held accountable by a range of oversight and accountability mechanisms.

These include three Parliamentary committees, one of which, the Parliamentary Joint Committee on Corporations and Financial Services, was specifically set up by Parliament to provide oversight of ASIC, with very wide-ranging terms of reference.

Without being exhaustive, other mechanisms include Ministerial oversight, the Public Governance, Performance and Accountability Act 2013, and audits by the Australian National Audit Office.

Most recently, the establishment of the Financial Regulator Assessment Authority (FRAA) and the announcement of a review of ASIC’s industry funding model represent two further developments that speak to our regulatory accountability.

We also want our regulators to be independent. Independence is fundamental to the effective operation of regulators and underpins the trust placed in them by the community.

Indeed, the importance of operational independence has been repeatedly confirmed by Parliament – including most recently in the explanatory memorandum accompanying the Bill that established the FRAA, and the Government’s latest Statement of Expectations for ASIC.

Ian and his collaborators have contributed to all these issues, noting on the question of independence that ‘establishing the right balance, particularly in the area of funding and accountability, can be challenging’.

We all have an interest in ASIC being effective and properly resourced. But what does that mean and how do we objectively assess an appropriate level of resourcing? After all, ultimately, regulation and enforcement are all about making choices and setting priorities. Resources are not unlimited and have to be carefully deployed.

The FRAA is grappling with all these issues. Its mandate is to assess, over time, ASIC and APRA’s effectiveness and capability – concepts not defined in the legislation.

Nor, as the work of Ian and others has shown, do we yet have widely accepted metrics and benchmarks that enable consistent, transparent, data-driven assessments to be made of regulatory and enforcement performance.

The issue of how regulatory performance and impact can be measured is a fundamental and long-standing challenge for regulators worldwide. ASIC is no exception.

The stakes are high. Trust and confidence in ASIC and its decisions may either be enhanced or diminished as a result of this work.

It is relatively simple to count and report on volumes of activity and output, but far more challenging to assess outcomes, impact and changes in behaviour. Regulators have over time employed various techniques – benchmarks, surveys and results against selected service level commitments.

The work of the FRAA will be a valuable addition to the challenging field of assessing regulator effectiveness.

In its first review, currently under way, the FRAA is focusing on:

  • ASIC’s effectiveness and capability in strategic prioritisation, planning and decision making
  • ASIC’s surveillance function, and
  • ASIC’s licensing function.

The first review is also examining ASIC’s use of data and technology in each of those areas.

Another critical element is market understanding. We are constantly engaging with the market to look for actionable opportunities for ASIC to administer the law more efficiently and effectively.

Ultimately, I want ASIC to be ambitious and self-confident, while remaining accountable and independent.

I will turn now to a critical element of ASIC’s future – digital capability.

ASIC’s digital future

The disruptive potential of digital technologies is widely acknowledged – and it applies to regulation and regulators. For that reason, I see addressing the digital challenge as posing an existential risk for ASIC.

Technological change is transforming the sectors we regulate, and ASIC must adapt and innovate – to keep pace.

New and emerging technologies and products, including the rapid expansion of cryptocurrencies and the increasing use of artificial intelligence in the financial services sector, are changing the landscape.

New models of corporate governance, such as decentralised autonomous organisations (DAOs), that involve rules encoded in computer programs, and internet communities rather than boards of directors, present new challenges.

Without continued investment in technology and data capability, ASIC runs the risk of its effectiveness being diminished and, at worst, of ASIC becoming irrelevant over time.

The community should be able to access our services quickly and seamlessly, and industry should be able to interact with ASIC efficiently. Our own work will also be optimised by using data and technology, including artificial intelligence, more effectively.

This will be a ‘step-change’ in the way we regulate.

We collect large volumes of data across a range of platforms; our challenge is to effectively interpret and use it. Enhancing this capability is one of my most important priorities as Chair.

We have already made progress, especially in relation to data and our cloud-based data lake – and while I am proud of what we have achieved to date, there is more to do.

Our data strategy sets out our plans to improve our capabilities – including in data analytics, artificial intelligence and machine learning. Ultimately, this will transform the way ASIC works.

A major recent initiative, working with the Australian Taxation Office (ATO), has been the director identification project, whereby directors apply for a unique identifier that they keep forever. This is a key step in helping prevent the use of fictitious director identities.

We have also collaborated with the ATO as part of our work in combating illegal phoenix activity, on a fusion of company and liquidator datasets, to help both agencies detect and combat potential illegal phoenix behaviour and hold to account those responsible for it.

In the context of our internal dispute resolution work, mentioned earlier, we have consulted on an IDR data framework and built a system to allow entities to submit their IDR data seamlessly through our regulatory portal.

And, in order to help licensees fulfil their new breach reporting obligations, we are building an interface that will enable bulk breach reporting directly from the software used by licensees. As well as making compliance easier for licensees, this will enable us to use machine learning to draw greater inferences from statistical analysis and assess breaches in terms of their risk.

More generally, we remain focused on supporting and promoting regtech solutions that help regulated entities comply with their obligations, and on promoting innovation through our Innovation Hub and the Government’s ‘regulatory sandbox’.

This increased reliance on technology of course brings with it a critical responsibility to ensure the safe, secure and ethical use of data, especially given the volume and complexity of the data we collect, store and analyse.

Good data governance is a key challenge and responsibility for us, and we are focused on ensuring we have both the staff capability and the technological safeguards to enable and support effective data governance standards.

So, ASIC is committed to a digital future. We will continue to engage with the market and the community to help us make the right strategic and design decisions in this rapidly evolving area.


In closing, I want to leave you with some reflections about the future.

In their essay on twin peaks in Australia, Ian and his co-authors sub-titled their analysis with a question: ‘the never-ending trek?’.

They concluded that only time would tell whether the increasingly close joint efforts of APRA and ASIC would lead to an integrated model, ultimately taking us on a journey towards Mt Everest, or, as the authors put it, ‘whether we will explore different terrains altogether’.

As Ian’s lifetime work has shown, the academy has an important role to play here. It is in the public interest for there to be well informed, evidence-based debate about what good regulation looks like, what issues regulation needs to grapple with and how. On all these matters academic research and insight has a significant contribution to make.

ASIC will continue to be open to engagement at all levels. The breadth and complexity of ASIC’s mandate continues to expand. We may not have to climb Mt Everest any time soon, but there are many peaks ahead of us, with a range of new law reforms coming our way requiring collaboration with everyone affected to achieve orderly implementation and sound outcomes.

In this context, the ALRC’s current review is of fundamental significance to the future of Australian corporate and financial services law.

We have to find ways to address the debilitating complexity of the current legislation and the impact this has on how ASIC administers the law.

This means being open to change that takes advantage of our best thinking on legislative design, the exercise of executive power and the extraordinary opportunities that technology and data present.

ASIC is working closely with the ALRC to help achieve its ambitious objectives.

Ultimately, it is ASIC’s responsibility to administer the law to best effect. However, confidence and trust come from a shared understanding of the problems we are trying to solve, the challenges involved in doing so, and the range of solutions open to us.

We all have an interest in getting that right.

Thank you.