Published by the Stockbrockers Association of Australia in the Stockbrokers Monthly, August 2016.

ASIC's Market Supervision team has identified key regulatory priorities for the year ahead. We encourage you to consider these when reviewing your risk management framework and focus your compliance, supervisory and risk management efforts to ensure compliance with ASIC's regulatory requirements.

Our key regulatory priorities for 2016-17 are:

• cyber resilience and technology disruption
• firm culture and conduct, and
• handling of confidential information and managing conflicts of interest in research and corporate advisory.

ASIC has prioritised these three existing and emerging risks because, if not properly addressed, they could adversely affect market integrity and investor confidence.

Regulatory Priority 1: Cyber resilience and technology disruption

Cyber threats have become a key global risk to business and financial market stability. ASIC is actively encouraging entities to improve cyber resilience practices. The overall stability of the financial market ecosystem may only be as strong as the weakest link.

Reading Report 429 Cyber resilience Health check, released in 2015, can help entities improve cyber resilience by:

• increasing awareness of the risks
• encouraging collaboration between industry and government
• providing health check prompts to help businesses consider their cyber resilience, and
• identifying how cyber risks should be addressed in the regulatory context – including considering board oversight of cyber risks.

Read Report 468 Cyber resilience assessment report: ASX Group and Chi-X Australia Pty Ltd to:

• learn some good practices for cyber resilience in investment banks, and
• identify key questions that directors and board members should ask executives.

ASIC will continue to provide cyber self-assessment questionnaires to selected groups of market participants each quarter and conduct cyber resilience health checks with participants. We will provide information back on common areas for improvement. 

Regulatory Priority 2: Firm culture and conduct

ASIC defines culture as a set of shared values and assumptions within an organisation. It represents the 'unwritten rules' for how things really work.  We want culture and conduct risk to be ‘front of mind’, so stakeholders make changes that lift standards, and disrupt and address problems early.

To address cultural and conduct related issues it is imperative that firms focus first and foremost on setting the right tone from the top.  It is also important to:

• cascade cultural values to the rest of the organisation
• translate values into actual business practices, and
• ensure take-up through:
  • staff accountability
  • effective communication and challenge
  • recruitment, training and rewards, and
  • governance and controls.

This year we will be introducing more cultural indicators into our risk-based surveillances. We will be stepping up our approach and where we think there may be a problem, look more closely, to uncover problems and address them.

We are undertaking a suite of work in respect of culture and conduct in the markets area. In particular, we are reviewing attitudes to conduct risk, sound remuneration policies, management of confidential information and conflicts of interest, and supervisory frameworks and risk management.

Regulatory Priority 3: Handling of confidential information and managing conflicts of interest in research and corporate advisory

The leakage of confidential, material price-sensitive information about a listed entity harms investor confidence and increases the risk of insider trading. This has been an ongoing area of focus for ASIC, with the publication of Report 393 Handling of confidential information: Briefings and unannounced corporate transactions back in 2014.

Through firm reviews we have identified a number of risk areas relating to how firms treat confidential information and conflicts of interest in sell-side research and corporate advisory. Further detail on our findings will be published shortly.

Regular review of controls (including policies, procedures, training and monitoring) will assist in ensuring you are appropriately managing risks.

Additional areas of focus

• Ensuring client money is appropriately handled
• Ensuring financial stability and capital review
• Ensuring supervisory frameworks, risk management and controls are in place
• Ensuring appropriate product distribution for retail over-the-counter (OTC) derivatives and complex products
• Participant suspicious activity reporting.

ASIC published a letter setting out its market supervision regulatory priorities for 2016–17 on 27 July 2016. Read the full letter.