Check against delivery

I would like to begin by acknowledging the Gadigal people of the Eora nation as the traditional owners and custodians of the land on which we are meeting, and to pay my respects to Elders, past and present.

In his masterpiece The Leopard, set in 1860s Sicily, Giuseppe Tomasi di Lampedusa writes of the events leading to the reunification of Italy. The young and idealistic Tancredi advises his uncle Prince Fabrizio – the leopard in the novel – about the need to embrace change: ‘Unless we ourselves take a hand now, they’ll foist a republic on us. If we want things to stay as they are, things will have to change. Do you understand?’^[1]

Prince Fabrizio’s initial reaction is that Tancredi is ‘talking rubbish’.^[2]

However, he shortly comes to see in these ambiguous words some reassurance, a way of understanding the extraordinary times in which he is living.

Whatever we may think of this paradox, it highlights a truth none of us can ever escape: change is constant. So, if you want to keep certain things the same, you can only do so by changing other things.

But what has any of this to do with directors? Well, I don’t think anyone here would disagree if I said we’re living in tumultuous times. As we look around the international scene, we see what The Economist has described as a ‘revolt against regulation’.^[3]

Uncertainty about what the future holds across a range of issues continues to accelerate. For example, what is to be done, if anything, about regulating artificial intelligence technologies?

And how must we manage the opportunities and risks of a data-driven, digital economy at a time of increasing geo-political risk?

Understanding and taking into account international developments has become essential.

For many, all of this feels overwhelming. But how directors manage uncertainty matters – and can have very real consequences on Australians.

So, today, I would like to consider this question: What has to change, in this time of uncertainty, for things to stay the same – and what is it that stays the same?

What can change – regulatory simplification

As I’ve said before, one thing that a lot of people are grappling with – in Australia and around the world – is regulatory complexity. The more complex the regulation, the harder it is to understand and comply with it. And the harder it is to enforce.

It’s a burden borne by everyone – legislators, policymakers, businesses big and small, regulators, consumers and investors. It’s played out across the economy in lost time and productivity.

The sad thing is, complexity is ‘in the water’, so to speak. We simply don’t do simplicity well in Australia. This has been a problem for decades.^[4] And it makes it ‘difficult, expensive, and time-consuming for people to understand their legal rights and obligations. This creates burdens for business and restricts access to justice.’^[5]

For example: We have high expectations of directors – and so we should. But it’s harder for them to meet those expectations effectively in an environment of complex, overlapping, changing, and increasing legal obligations. The mosaic of complexity also impacts what matters to consumers, including how we combat scams, predatory lending and unfair contracts.

Now, in speaking of simplification, I’m not suggesting wholesale deregulation. I think most of us aren’t against regulation that’s sensible, clear and proportionate.

What we find frustrating is regulation that’s complex, disjointed and difficult to comply with. And from a regulator’s point of view, steps ASIC can take to simplify the way it administers the law, will help reduce regulatory burden on businesses and directors. According to the AICD’s recent Directors’ Sentiment Index, legal and regulatory compliance was a top three issue keeping directors up at night – after the domestic economy and cyber issues.^[6]

So, we’re looking for ways to simplify. And it was with all these issues in mind that I announced last year that ASIC would convene a Simplification Consultative Group to improve how we approach regulation.

The Group is charged with bringing fresh thinking and practical ideas to:

• simplify and consolidate ASIC’s work, including our regulatory guidance and legislative instruments
• identify the highest priority, most useful potential law reforms to address complexity in the regulatory framework.

I am pleased today, to report that we have convened the Group – 10 highly respected consumer, business and industry leaders.^[7] These are drawn from a broad range of organisations, including the AICD, the Consumer Action Law Centre, Super Consumers Australia, the Governance Institute, Business Council of Australia, Australian Chamber of Commerce and Industry, and the Council of Small Business Organisations. The first meeting has been held, and the work has begun.

I’m also very happy to announce that Nicola Wakefield Evans is co-chairing the Group with me. Nicola is an accomplished business leader and non-executive director with a wealth of experience gained over a long international career. I’m very excited to have her on board, and she is already making an important contribution.

Based on the ideas of this group and technical experts that will support it, the ASIC team is developing a discussion paper that will be released toward the third quarter of this year.

Change, as they say, starts at home. And the first thing we want to consider is what we at ASIC can change about our approach. This is important, because it puts the question squarely in terms of what’s in our power.

And we know already there are many practical things we can do. For example, we know that ASIC’s information needs to be easier to find and navigate – from our regulatory guides to our website – and that we need to ease the burden of breach reporting and better explain our data requests.

But we want to hear new ideas. I’m now talking about ASIC being open to challenge about its regulatory approach in particular areas, and whether there are better ways of engaging with our regulated population.

Of course, this is just the start of our conversations, and our focus will look to broader areas.

I will continue to keep you updated as we progress, and I encourage you to keep providing feedback.

We are listening. And I can assure you that the challenges facing directors remain a major priority for ASIC.

What can change – more ‘science’ on boards

So, one thing that needs changing is regulatory complexity – and ASIC has begun a collaborative effort to address that.

But of course, that’s only one part of the picture. Another is how boards fulfil their roles and responsibilities. And part of that must involve stepping back and asking, what needs to change in their approach.

Part of the answer will depend on the particular business, of course, but one thing that should change is thinking around board composition.

To use a convenient shorthand – I’m talking about more ‘science’ in the boardroom.

There isn't a single material issue currently facing business – and our institutions more generally – that doesn’t require data, systems, technology, and processes to effectively address. For evidence of this, you need only look at major AICD publications in the past year on cyber security, AI governance, and mandatory climate reporting.

There’s a lot of talk these days about diversity – and one element of this needs to be a healthy diversity of expertise and training.

Last year, the average number of board members with an accounting, banking, or finance background rose to 40%, and the combined total of those with a legal background, finance background, and general management was 70%.^[8] By contrast, those with a background in technology was just 7%. A recent KPMG report found that 69% of board members only had moderate access to ‘the required skills to effectively navigate technological and regulatory disruption and future trends'.^[9]

Of course, I know we can't all be scientists – and if we were, we’d have the same problem of not enough diversity of experience. Nor is science in the boardroom a panacea that assumes responsibility from the rest of the board.

But there is a real opportunity to broaden the skill sets and the perspectives of company boards, both by strategic hiring and by upskilling current board members in areas such as science and technology. This is especially where it pertains to the core business or how it’s run.

Greater diversity in board member skills and thinking ensures that directors can understand and engage with the risks facing their businesses and bring their skills and experience to address these risks.

This is, of course, equally true for regulators.

Broadening this competence will mean that both boards and regulators will be in a better position to ask the right questions.

What can change – management-board relationship

Now, while board composition is one key element, it should be obvious that it still relies on individual directors doing their jobs – and fulfilling their critical responsibility of governance.

Effective governance requires rigorous, diligent back-and-forth between management and the board. The board should support management – but it must also question it. Likewise, management needs to support the board and provide it with the information needed to make good judgements.

This last point is crucial. As everyone in this room knows all too well, a successful director in a complex business must rely on others.

I acknowledge that boards devote a lot of time going through material – with board packs ranging from 200 to 900 pages of ‘dense and voluminous’ material.^[10] So much so, in fact, that it’s not always clear whether the purpose is to inform directors of key issues in the most effective way, or absolve those creating the reports from exercising judgment about what to include, what to omit, what to distil and what to highlight.

Having professional, competent and curious management that the board can rely on is fundamental.

Case law tells us that where a director – non-executive or otherwise – is aware of information that has awakened suspicion in them, they must make appropriate inquiries – and cannot rely on the judgment of management alone.^[11]

Nevertheless, it remains the role of senior management to provide clear, comprehensive information that enable boards to make strategic decisions.

The health of the relationship between a board and senior management is, I would say, also at the heart of several well-publicised issues in recent times.

Some of these issues, and many that ASIC deals with, start with poor personal behaviour before turning into more serious corporate misconduct.

Now, not all poor personal behaviour leads to governance issues, but governance issues allow poor personal behaviour to thrive.

What stays the same – know your business

The elements I’ve outlined – addressing regulatory complexity, increasing technical expertise on boards, more effective reporting from senior management – are changes that can help address some of the challenges facing directors.

But of course, what hasn’t changed – and won’t change – are the foundational duties and expectations of directors.

You must still act in good faith, in the best interests of the company, and for a proper purpose. You must still act with due care and diligence. As I’ve said before, this comes down to knowing your business – asking the hard questions, understanding all aspects of the business and its risks – and challenging management to ensure your understanding is well-founded.

The failure in the superannuation sector to know the business

That might seem obvious. But that doesn’t mean we always see it practised. The duty for a director to know their business hasn’t changed, and it’s not going to change – but not all directors are fulfilling that duty, and that needs to change.

Let me take superannuation as an example – one of our key areas of focus in recent years and currently the subject of significant regulatory and enforcement action from both ASIC and APRA.

Recently, reports of member service failures have become more common. During the past two years, superannuation complaints to the financial complaints authority AFCA have been high.^[12]

We’ve also received reports from consumer advocates and financial counsellors about super funds failing to serve their First Nations members.

But when we showed some superannuation trustees their own claims handling numbers, they were surprised. The same thing happened when we read to them from their own complaint files.

This morning, some of you would have seen ASIC has sued AustralianSuper, the trustee for Australia’s largest superannuation fund, for death benefits claims failures.  We are alleging nearly 7,000 claimants suffered financial loss due to delayed processing of death benefit claims between 2019 and 2024.

This matter is about protecting vulnerable Australians and their families. It is also a demonstration of what can happen when there is not adequate oversight of systems in an organisation.

On the subject of AustralianSuper, some have accused ASIC of having a double-standard between industry and retail super funds. Let me take this opportunity to be very clear: ASIC’s approach to penalties for misconduct is the same regardless of whether the fund is an industry or retail fund.

The legal principles are well-established. The primary purpose of civil pecuniary penalties is to deter future misconduct. If a super fund profits by breaking the law, ASIC will seek penalties that are sufficiently high to deter it and others from engaging in similar conduct, regardless of the structure of the super fund. That’s why Aware Super was fined $20 million for charging fees for no service, Westpac/BT was fined $20 million for incorrectly charging insurance commissions to members, Colonial First State was fined $20 million for misleading members, and AustralianSuper was fined $27 million – the second-highest penalty to a super fund in the last five years – for failing to merge multiple superannuation accounts.

All of these are examples of not knowing your business. Not taking the time to be ‘plugged in’ and connected. At the heart of this issue is leadership that doesn’t have a grip on the fund’s data, systems and processes – and the customers who suffer for it.

This kind of disconnect is unacceptable in any area of corporate Australia. But in the superannuation sector it is particularly serious, because super literally affects everyone. And as custodians of nearly $3 trillion^[13] in hard-earned savings, APRA-regulated superannuation funds and their trustees have a clear responsibility to put members – better thought of as their customers – front and centre.

Let me put it plainly: The governance challenges facing this sector relate to the foundational duties and expectations of directors. 

We’re not talking about anything new here – we are talking about well-established principles of governance and responsibility. Which is why, when I say that some super trustees are failing Australians in a critical service, it should be a warning to all directors not to let their fundamental duties slip.

We will have more to say in a new report on superannuation member services in coming weeks, but the industry is the current poster child for what can and does go wrong when governance fails.

Conclusion

To conclude: It’s clear to us all that some of the challenges facing directors have changed – witness the continuing evolution of technology, AI, and requirements in relation to cyber security and sustainable reporting, to name just a few. The speed of change has also accelerated. And perhaps some certainties may not appear quite as certain anymore – what has served us well in the past may not always serve us well in the future.

As David Spiegelhalter puts it in his recent book, The Art of Uncertainty, in the face of AI, climate change, international instability, and a range of new threats and opportunities, ‘we have to confront the fact that we don’t know what we don’t know, that our understanding is always inadequate, and that we should genuinely acknowledge our uncertainty. But this basic humility need not stop us from considering plausible futures, making decisions and getting on with our lives.’^[14]

For directors, that means that tumultuous times and the many changes they bring should not stop you from being curious, ensuring you’re across your core business and all associated risks, and asking the right questions today, tomorrow, and every day.

Yes, there are elements of our environment we can work on changing – we can consider more streamlined administration of regulation, more opportunities for technical expertise among directors, more rigorous interaction with and questions for management. But the fundamental duties and expectations of directors have not changed. The focus should always remain on pursuing a culture of compliance, creativity and profitability. That means constantly working to know your business better, inside and out.

That’s your role. Don’t get distracted.

^[1] Giuseppe Tomasi Di Lampedusa, The Leopard, translated by Archibald Colquhoun, (Everyman’s Library, 1998. First published under the title Il Gattopardo, 1958), p. 22

^[2] Ibid.

^[3] “The revolt against regulation,” The Economist, 1 Feb 2025, p. 9

^[4] As long ago as 1992, Professor Ian Ramsay wrote about the ‘love affair’ Australia has with legislation and complexity. As he put it, “it is now very clear that the way in which significant social problems are resolved is through legislation rather than the courts”, and that “nowhere is this more evident than in corporate law”. Ian Ramsay, "Corporate Law in the Age of Statutes," Sydney Law Review Vol. 14, No. 4 (December 1992), pp. 474-494; p. 474

^[5] Attorney General’s Department, Causes of complex legislation and strategies to address these: https://www.ag.gov.au/sites/default/files/2020-03/causes-of-complex-legislation-and-strategies-to-address-these.pdf

^[6] AICD Director Sentiment Index Survey, second half 2024, p. 50 https://www.aicd.com.au/content/dam/aicd/pdf/news-media/research/2024/dsi-2h-2024-insights-report-web.pdf

^[7] 10, excluding ASIC and invited observers

^[8] Governance Institute of Australia, 2024 Board Diversity Index, p. 22 https://www.governanceinstitute.com.au/app/uploads/2024/04/2024-Board-Diversity-Index.pdf

^[9] KPMG, In the hot seat: Exploring the evolving role of the board, December 2024, p. 3

^[10] Corporate Governance Taskforce - Director and officer oversight of non-financial risk report

^[11] ASIC v Flugge (2016) 342 ALR 1; [2016] VSC 779 at [1876]; Michael Hodge KC and Sonia Tame Opinion to the AICD: Directors’ section 180 duty of care and diligence & regulatory compliance obligations

^[12] Cf. https://www.afca.org.au/annual-review-superannuation-complaints

^[13] Australian Prudential Regulation Authority (APRA), Quarterly Superannuation Performance, 31 December 2024.

^[14] David Spiegelhalter, The Art of Uncertainty: How to Navigate Chance, Ignorance, Risk and Luck, (Penguin Random House, 2024), p. 12