Risk Management Association Australia - ASIC Update


A speech by ASIC Commissioner Sean Hughes at the Risk Management Association Australia event, Melbourne, 10 September 2019



Thank you and good afternoon. Thank you also to RMA for inviting me to speak today.

In early August I gave an ASIC Update at the Sydney version of this same event. I’m pleased to now be here with you in Melbourne.

When I spoke in Sydney I covered four things:

  1. Our strategic change program and a foreshadowing of our key strategic priorities,
  2. Our implementation of the Royal Commission recommendations,
  3. Our new enforcement and supervisory approaches, and
  4. Some observations on fairness.

In the month since that speech we have published our Corporate Plan for 2019-2023, and the latest of our regular six-monthly Enforcement Updates. Also in the last month, the Government released its Implementation Roadmap which sets the timetable for delivering on the Royal Commission recommendations. In the next couple of days we will publish an update on our work responding to the recommendations and areas of concern identified by the Royal Commission.

So today, a month further down the road from your Sydney sister event, I will cover:

  1. Firstly – ASIC’s strategic change program and key strategic priorities for the next 12 months, this time giving greater insights into how we plan to achieve our vision as outlined in our Corporate Plan,
  2. Secondly – how ASIC identifies strategic threats and harms, and how they guide the development of our priorities and actions,
  3. Thirdly – the features of our renewed and reinvigorated enforcement approach, and
  4. Finally – an update on the work we are doing that responds to the Royal Commission.

ASIC’s strategic change program and key strategic priorities

In late August we released our Corporation Plan for 2019 to 2023. The Plan outlines how we aim to achieve our vision for a fair, strong and efficient financial system for all Australians through our internal change program and our key strategic priorities.

Our change program began in 2018 and will continue over the next four years to bolster the impact and effectiveness of our activities. The changes include:

  • a new enforcement strategy,
  • more intensive supervision to improve the culture and behavior of financial firms and to enhance governance practices,
  • greater use of next-generation regulatory tools (e.g. artificial intelligence, data analytics and behavioural sciences), and
  • a new internal governance framework to support effective decision making.

As part of this change program we are also committed to the implementation of the recommendations of the Royal Commission – for example, working towards an expanded role for ASIC as the primary conduct regulator in superannuation.

We also recognise the importance of strengthening our own capabilities so that we have the right people and the right tools to do our job. To this end, we are:

  • building up ASIC’s capability in behavioural sciences, data and technology,
  • positioning ASIC as a strategic and agile regulator,
  • developing and using new regulatory tools and remedies, and
  • scaling up ASIC to deliver these outcomes.

Key strategic priorities

We have developed seven principal strategic priorities for 2019-20.

These priorities are by no means an exhaustive list of what we will do, but they represent the most significant ways in which we are addressing consumer harm, punishing wrongdoing, and encouraging better culture and behaviour (including a greater emphasis on fairness and professionalism) throughout the industry.

And, we will apply new regulatory tools, or new combinations of tools, to give effect to this. For example:

  • The product intervention power and design and distribution obligations, and
  • Our use of ‘transparency’ – including, where appropriate, identifying entities - to drive improved industry behavior and improved consumer outcomes.

The seven strategic priorities are:

  1. High deterrence enforcement action,
  2. Prioritising the recommendations and referrals from the Royal Commission,
  3. Delivering as the primary conduct regulator for superannuation,
  4. Addressing harms in insurance particularly for vulnerable consumers,
  5. Improving governance and accountability,
  6. Protecting vulnerable consumers across all products, services and channels within our mandate, and
  7. Addressing poor financial advice outcomes.

Later in my presentation I will cover the first two strategic priorities when I speak about ASIC’s enforcement approach and then ASIC’s strand of work directed at meeting the recommendations and referrals from the Royal Commission. So for now, let me say something about each of the others.

Our third priority is delivering as the primary conduct regulator for superannuation

Perhaps one of the most significant changes for ASIC recommended by the Royal Commission is for ASIC to become the primary conduct regulator of superannuation. While this change requires legislative reform, we are already starting to position ourselves to take on this enhanced role in super. 

In particular, we will improve outcomes in superannuation through four main focus areas.

  • Firstly, assisting Treasury in the development and implementation of legislative reforms which have flowed through from the Royal Commission as well as the Productivity Commission inquiry into superannuation. These include single default account, advice fee deductions from super accounts and anti-hawking prohibitions.
  • Secondly, we will be driving better behavior by trustees to ensure that they act in the best interests of members, by undertaking the necessary supervision and surveillance of superannuation trustees, with more frequent on-site visits. We will also pursue action against misconduct by trustees where appropriate, including where we see a culture that is promoting misconduct or turning a blind-eye to misbehaviour. We will also be monitoring implementation of the “Protecting Your Superannuation Package’ reforms, which focus on trustee communication and engagement practices. We will be enhancing our own communication with trustees and providing more accessible information about our work.
  • Thirdly, through our consumer strategy for superannuation, we will be building our understanding of consumer behaviour in this space to inform our education and regulatory work.
  • And lastly but just as importantly, we will be working very closely with APRA to achieve good outcomes effectively and efficiently.

Fourth – Addressing harms in insurance

ASIC is supporting Treasury with implementation of insurance law reforms resulting from the Royal Commission, particularly surrounding unfair contract terms and issues in claims handling.

We are continuing our reviews into specific insurance areas, such as Consumer Credit Insurance, Total and Permanent Disability insurance, Travel Insurance and Fraud Investigation Practices.

And we also have on our radar insurance mis-selling and product features and other practices that raise concerns as targets for enforcement and other regulatory action.

In late August, we closed consultation on our proposal to ban unsolicited telephone sales of direct life insurance and consumer credit insurance. We propose to use our modification power in the Corporations Act to achieve this. We believe a ban would prevent the sale of complex insurance products which consumers do not need, want or understand. With the consultation now closed we are currently in the deliberation phase. The recently released Government Roadmap indicates that the legislative reform to prohibit the hawking of insurance and superannuation products (as recommended by the Royal Commission) will be introduced by 30 June 2020. In the meantime, ASIC’s proposed ban will provide interim protections to consumers ahead of the broader law reform.

In terms of our consumer strategy for insurance, we will continue to work with APRA to collect and publish insurance claims data and maintain the MoneySmart life insurance claims comparison tool to promote informed decisions and improve consumer outcomes.

Fifth – Improving governance and accountability

We are conducting enhanced and intensive supervision of key firms, including via our Close and Continuous Monitoring (CCM) Program and our Corporate Governance Taskforce. These supervisory approaches are aimed at identifying cultural, organisational and management failings that may lead to conduct problems, breaches of the law and unfair outcomes. The goal is to help identify deficiencies before they become breaches of the law.

Since we launched the CCM program in October 2018, our staff have been onsite in one or more of the CCM institutions for a total of 161 days, held meetings with more than 546 banking staff at all levels, and reviewed thousands of documents. The program’s initial focus is on entities’ ability to detect and respond to reportable, or potentially reportable, breaches of financial services laws and to provide comprehensive and timely rectification and remediation of those breaches. We are also analysing entities’ internal dispute resolution arrangements to better understand how consumer complaints are managed.

We will continue to provide the directors and managers of the targeted regulated entities with feedback on the shortcomings we identify in their management and control systems. Over the next four years we plan to increase the number of large and complex financial services entities we monitor through the program and to add additional areas of focus for supervision.

Through our Corporate Governance Taskforce we are continuing our review of the corporate governance practices of entities in the CCM program as well as a selection of other ASX 100 entities from various industries. A key objective of our review is to understand and strengthen director and officer oversight. To achieve this, we are examining practices such as the oversight of non-financial risks and decisions about the granting and vesting of variable remuneration for key management personnel.

We plan to report publicly on our observations and findings, pointing to both good and poor practices, and share some expectations for improvement. You can expect the first of these reports very soon.

We are also looking at targeted governance issues in particular industry sectors. For example, we are enhancing our oversight of market infrastructure providers and intermediaries in wholesale over-the-counter markets to complement our approach to supervision of securities and futures markets. This includes onsite reviews where we cover themes such as culture and conduct risk programs and training, corporate governance, compliance arrangements, pre-trade and post-trade controls, and client disclosure arrangements.

As another way to drive improved governance and accountability, ASIC will prioritise enforcement cases that hold individuals to account for governance failures in financial institutions and superannuation trustees that result in harm.

We are also committed to supporting and implementing the proposed conduct accountability regime to hold senior office holders and managers accountable for poor conduct, and new laws on phoenix activity to deter misconduct among company directors and practitioners.

Sixth - Protecting vulnerable consumers

In everything that we do, we will consider harmful practices within the financial system, particularly where they impact those who are vulnerable (including our indigenous communities). Importantly, we recognise that there is not a single cohort of vulnerable consumers, rather any consumer can experience vulnerability at some time in their life from any number of factors.

And we of course remain committed to our Indigenous Outreach Program which helps Indigenous Australians better manage their finances and improve the quality of financial services provided to them.

One of the many things that can lead to vulnerability is a consumer unable to meet repayments on their credit obligations due to hardship. So we have just got underway work to examine how lenders engage with consumers experiencing financial hardship. Asking for example whether the assistance they offer to consumers is effective? Does it allow the consumer to get ‘back on track’ financially?

We will take regulatory action against unfair treatment of consumers facing hardship as well as irresponsible actions by financial services providers. The work we’re doing on sales of life and consumer credit insurance is just one example of ASIC taking action on a number of different fronts to tackle an issue disproportionately affecting vulnerable consumers.

Our new product intervention power and the design and distribution obligations will be vital to the protection of vulnerable consumers – allowing us to make a timely intervention where there is significant detriment and to ensure that the products which are designed for and sold to consumers meet their particular needs and achieve fair outcomes for them.

Other initiatives include our use of behavioural insights to better understand what drives certain behaviors and how to influence them for the better. And we will engage with industry on the application of fairness to the products, services and sectors we regulate and the consumer outcomes they should seek to achieve.

Seventh - Addressing poor financial advice outcomes

ASIC is focused on enhancing the professionalism of financial advisers. Examples of projects in this area include:

  • approving and monitoring code compliance schemes
  • reviewing minimum training and education requirements
  • enhancing the Financial Adviser Register.

We are also addressing misconduct and consumer harms that may arise from the industry’s shift towards ‘general advice models’, including consumer testing more appropriate labels and descriptors for general advice. This follows on from our Mind the Gap report published March 2019 which presented independent research revealing that many consumers confuse the labels and scope of ‘general’ and ‘personal’ advice.

We are closely monitoring potential harms that may result from the departure of larger institutions from the sector and will assess advice supply and demand dynamics and any potential impact on consumers. In 2020-21 we will commission further research to explore whether consumers have unmet financial advice needs.

Recently we commenced a review into industry moves to voluntarily end grandfathered conflicted remuneration by December 2020, and the extent to which the benefits of this are being passed to affected clients before that date. We are undertaking quantitative and qualitative reviews for this purpose. Our broader work in analysing the effects of different rewards and incentives on advisor conduct will continue.

We will also assist Treasury in implementing the Royal Commission recommendation around assessing the effectiveness of current measures put in place by Government, regulators and financial services entities to improve the quality of advice.

ASIC’s strategic assessment of threats and harms

Let me next give you some insight into how ASIC identifies and monitors for strategic threats and harms. And how this process guides the development of our priorities and actions.

At ASIC we recognise our responsibility to identify threats that have the potential to inflict harm, and to proactively work towards preventing or mitigating those threats and harms in the industries we regulate.

We have developed a Threats, Harms and Behaviours Framework to identify, describe and prioritise actual and potential harms to consumers, investors and markets.

The framework includes several stages:

  • Analysing our external operating environment, including key economic and sectoral trends,
  • Identifying and prioritising a broad range of threats and behaviours that are, or could potentially cause harm, and
  • Testing the rigour of our results with independent external advisory panels and experts.

Our review and prioritisation of threats and harms is systematic and involves extensive internal consultation, draws on external experts, and involves the Commission itself. To give you an idea of the scale of this process, it almost spans the full year, kicking off in August and culminating in completion of final business plans in June the following year.

Through this process, we identified five key drivers of harm to consumer and markets that we will focus on in 2019-20. They are:

  1. Poor design and inappropriate sale of investment and protection products,
  2. Inappropriate sale of credit products to consumers and limited access for small business,
  3. Poor conduct in financial markets driven by lack of competition, structural challenges or conflicts of interest,
  4. Poor governance (by boards, executives and investors), lack of professionalism, poor culture and lack of accountability, and
  5. Regulated entities not deterred from misconduct by ASIC’s regulatory action.

Our seven key strategic priorities to which I spoke earlier are designed to address these thematic drivers of harm.

In addition to our annual planning process, our Emerging Threats and Harms Committee (which I Chair) enables us to monitor, analyse and respond to changes in our operating environment. In particular, it steers ‘deep dive’ analysis of specific threats and harms throughout the year and seeks to look ‘over the horizon’ to identify threats as they begin to manifest. In recent times, topics considered by this Committee include:

  • Benchmarks such as LIBOR,
  • Crypto-assets and Libra/Calibra, and
  • Divestment of wealth management businesses by banks.

ASIC’s enforcement approach

Turning to my next topic – ASIC’s approach to enforcement – various comments from industry and in the media have made it apparent that there has been some misreading of our enforcement approach. So, I will take this opportunity to clarify.

Starting firstly with our Why Not Litigate? approach.

The degree of consternation generated by our adoption of that 3-word question suggests to me that people are looking for it to be something more all-encompassing than it actually is. 

Why Not Litigate? simply means that once:

  • ASIC is satisfied breaches of the law are more likely to have occurred than not and
  • the facts of the case show pursuing the matter would be in the public interest,
  • then we will actively ask ourselves: why not litigate this matter? 

There is nothing controversial in this approach. The Why Not Litigate? question is simply a procedural discipline that we have adopted for ourselves to ensure that we ask and answer this question. Importantly, we ask it of ourselves. Other commentators and even legal experts may decide the question differently. But they are not Commissioners. For it is our duty and our responsibility to challenge ourselves on this test.

The aim of our Why Not Litigate? approach is to ensure that we are doing our job to deter future misconduct and fulfil community expectations that wrongdoing be punished and publicly denounced through the courts.

But it is not a ‘litigate first’ or ‘litigate everything’ strategy. Let me be clear about this. This would not be appropriate for the exercise of our discretion in each case on its own merits, nor would it be practical from a resource allocation or cost perspective.

We will, in asking ourselves Why Not Litigate?, consider a number of key factors including our model litigant obligations and the likelihood of achieving regulatory outcomes. 

And, as always, when we are considering enforcement action we need to also ask and answer some subsidiary questions including:

  • Whether to pursue criminal or civil action (or alternatively licensing or banning action), and
  • Whether any action is against the corporation or individuals or both.

Other features of our renewed and re-invigorated enforcement approach are:

  1. We have established an Office of Enforcement within ASIC,
  2. We are accelerating enforcement outcomes, and
  3. We now have strengthened penalties available to us.

Let me say a little more on each of these features.

The decision to establish an Office of Enforcement followed the Royal Commission Final Report and responds to a recommendation of ASIC’s Internal Enforcement Review conducted between mid-October and December 2018 led by ASIC Deputy Chair Daniel Crennan QC.

The Office of Enforcement is comprised of ASIC’s two specialist enforcement teams: Markets Enforcement and Financial Services Enforcement, as well as the Enforcement Oversight Committee.

The objective of the Office of Enforcement is to strengthen ASIC’s enforcement culture and effectiveness and implement a single enforcement strategy for ASIC. It is responsible to the Commission for all of ASIC’s enforcement activities and policies.

It will:

  • centralise decision-making processes and ensure the consistent adoption of the Why Not Litigate? approach,
  • increase the focus on priority matters and ensure adequate and flexible resourcing of matters,
  • adopt uniform procedures and achieve greater consistency in our enforcement approach, and
  • ensure the functional separation of ASIC’s enforcement teams as much as possible from non-enforcement related contact with regulated entities.

We are also focused on increasing and accelerating enforcement outcomes. Additional Government funding, as announced in March 2019, will enable ASIC to bring more cases to court and outsource additional case-specific work. The full impact will only be fully visible over time, but statistics highlighted in our most recent ASIC Enforcement Update already point to our commitment to increase and accelerate our enforcement cases. Between July 2018 and June 2019:

  • there has been a 20% increase in the number of ASIC enforcement investigations,
  • a 51% increase in enforcement investigations involving the big six financial services firms (or their officers or subsidiary companies), and
  • a 216% increase in wealth management investigations.

The third feature I mentioned is the strengthened penalties now available to us.

In the past, our enforcement caseload was impacted by the absence of effective penalties or remedies (even for such fundamental licensee obligations as s912A). And so we welcomed the passage of the Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Act 2019 in March this year. For contraventions occurring from 13 March 2019:

  • Civil penalties now apply to certain misconduct that before had no penalty
  • Penalties have been strengthened, including by:
    • Increasing maximum prison penalties for the most serious offences to 15 years; and
    • Increasing the maximum civil penalties to $1.05M for individuals and $525M for companies.
    • And there is an extended infringement notice regime and the availability of disgorgement remedies.

Any perception that regulatory sanction is just a ‘cost of doing business’ is an attitude that we will not allow to persist. The new penalties will, we hope, be an effective deterrent, but we will revisit that with the benefit of experience and in particular upon a review of how the Courts are applying them to different types and scales of offending and misconduct.

In our strategic priority setting for 2019-20 we have resolved to prioritise high deterrence enforcement action. We will be focused on efficient and effective enforcement action, particularly cases with a high deterrence value and those responding to egregious misconduct (for example, misconduct impacting vulnerable consumers). And we’ll be pursuing cases where we can utilise ASIC’s new powers and penalties to achieve better outcomes.

Our enforcement focus will be on both corporate and individual accountability. We will scrutinise whether individuals at executive and board levels are carrying out their legal responsibilities.

However, let me emphasise that enforcement, including court action, is a key regulatory tool butit is not our sole one.

In pursuit of our vision for a fair, strong and efficient financial system, we will continue to use all our regulatory tools (often in combination). The myth advanced by some commentators that we have become an agency focused solely on enforcement is simply untrue and quite illogical to anyone experienced in regulatory practice. We recognise the need to utilise the full suite of our regulatory tools to achieve our goals. Indeed, in our Corporate Plan this year we have highlighted the range of regulatory actions we propose to deploy in relation to each of our strategic priorities.

And I remind you that all actors in the financial system bear frontline responsibility for obeying the law. Laws are not optional. They are to be obeyed and enforced. This is clearly the view shared also by Commissioner Hayne. ‘Obey the law’ was the first of six basic norms of behaviour he articulated in the Final Report. He went on to emphasise that everyone must obey the law – not just those who are willing to do so. And, that they must comply with all applicable laws – not just with those bits of the law they find to be commercially acceptable. Compliance risk should be managed with this fundamental truth kept squarely in mind.

Update on the implementation of Royal Commission recommendations

Finally, I want to talk about ASIC’s work to implement recommendations of the Royal Commission.

Last month the Government released its Implementation Roadmap which sets the timetable for delivering on the Royal Commission recommendations. As the Treasurer’s announcement noted, this represents the largest and most comprehensive corporate and financial services law reform package since the 1990s. The Roadmap – with its 56 measures, 48 of them relevant to ASIC – is ambitious, with all legislation to be introduced by the end of 2020, 90 per cent of it earlier, by mid-2020.

ASIC recognises the importance of these reforms and will continue to provide input to Treasury on policy and legislative design. We also believe that a project of this scale needs industry buy-in and support, and we should keep in mind the harms that the Royal Commission identified and that the recommendations seek to address.

In the next days we will publish an update on our work on the recommendations and areas of concern identified by the Royal Commission. This follows our previous update in February. The update outlines both what we have done to date, and our planned actions, not only in response to specific recommendations made by Commissioner Hayne but also more broadly in the areas and sectors examined by the Royal Commission. Some of our actions will address consumer harms ahead of legislative reform to follow.   

Where the Royal Commission recommendations were directed at ASIC or where ASIC can take action on its own initiative, we are acting and making changes as a matter of priority. For example:

  • ASIC has worked with industry to approve amendments to the Banking Code that commenced on 1 July 2019, and are considering further amendments to the Banking Code before the end of 2019.
  • ASIC is working with APRA to revise our memorandum of understanding and established enhanced coordination arrangements in 2019.
  • ASIC has commenced a project to investigate the extent to which grandfathered conflicted remuneration arrangements are being voluntarily ended in the period 1 July 2019 to 31 December 2020.
  • And as mentioned earlier, we recently consulted on the proposed exercise of our modification power in the Corporations Act to cease telephone sales of direct life insurance and consumer credit insurance (in a no advice or general advice environment). This interim ban will precede the proposed anti-hawking law reforms.

We will also give an update on our enforcement activity related to the Royal Commission. We have dedicated significant resources to investigating, and where appropriate litigating, the 13 matters referred to ASIC by the Royal Commission and a significant number of the matters that were examined as case studies in the Royal Commission hearings. Proceedings have already commenced on one referral and two case studies, and we have referred two case studies to the Commonwealth Director of Public Prosecutions.

Most recently, as you know, a few weeks ago we commenced proceedings in the Federal Court against National Australia Bank for breaches of the National Consumer Credit Protection Act 2009. We allege that, as part of its ‘Introducer Program, NAB accepted loan information and documentation in support of consumer loan applications from third party introducers who were not licensed to engage in credit activity. A range of misconduct in relation to the NAB Introducer Program was detailed in the Royal Commission case studies.  

We will maintain our focus on this significant strand of work in the coming six months, including via surveillance activities, reviews and upcoming publications. Our Update sets out further details including a list of upcoming major publications.


In closing, there are high community expectations on ASIC and the financial sector right now.

Importantly, we have very high expectations on ourselves and the firms and people we regulate.

As ASIC Chair James Shipton said a couple of weeks ago with the release of our Corporate Plan:

The public expects financial firms to treat Australians fairly and live up to the expectations of the community and the law.

The public expects ASIC to see that they do. If the firms or individuals we regulate do not, we have the will, the resources and the regulatory tools to hold them to account.

Ultimately – all of us, the regulators and the regulated, must strive for a fair, strong and efficient financial system for all Australians.

As risk professionals, you have a unique position of advantage to identify risks which may undermine your employer’s strategic objectives and create significant exposures from stakeholders. I recognise that your position is not an easy one, nor is your messaging often popular. However, it is essential that you do your jobs well and call out failures in risk management and effectiveness of controls, especially where they give rise to real harms.

Thank you, and I invite your questions.

Media enquiries: Contact ASIC Media Unit