A speech by John Price, Commissioner, Australian Securities and Investments Commission at the Risk Management Association Annual Chief Risk Officer Conference 2018, (Melbourne, Australia) 4 September 2018
Thank you for inviting me to speak at your conference today about ASIC’s key strategies and focus areas over the coming year, particularly in relation to improving conduct and restoring trust.
The Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Financial Services Royal Commission) has highlighted the harms that unlawful and unethical conduct can inflict on consumers and investors.
I should say at the outset that while it is all well and good to have regulators speak about how they will improve conduct and build trust it perhaps misses a key point. That point is, of course, that it is the people we license to provide financial services or credit services and their employees that have the frontline role to comply with relevant laws and keep customers top of mind.
To be frank, as a starting point to establishing trust, individuals, firms and industry need to improve their conduct. To support better conduct, cultural change and better governance are also vital. Industry needs to address systemic issues, such as conflicts of interest. Firms need to ensure they adopt a culture of professionalism and make sure it is cascaded through the entire firm and sector. To quote briefly from the recent Financial System Inquiry:
To build confidence and trust in the financial system, firms need to take steps to create a culture that focuses on consumer interests. (Financial System Inquiry Final Report, p. 195)
How you do that is largely a matter for you and the firms you work for, but make no mistake failure to do so, in my view, will lead to additional regulation, loss of customers and further loss of trust and reputation.
Of course, ASIC is a core part of the financial system. We also have an important role in driving the behaviours that will build and restore trust. We will do this by being a strategic as well as forceful regulator, and by:
- proactively identifying harms to consumers, investors and markets
- prioritising and addressing the most significant harms
- accelerating enforcement outcomes
- implementing new supervisory approaches, and
- promoting the adoption of regulatory technology (regtech) by industry.
In ASIC’s latest Corporate Plan, released last week, we set out our new vision and mission statements, and how we will meet our strategic goals over the next year and beyond.
Our vision – A fair, strong and efficient financial system for all Australians – reflects our purpose as Australia’s conduct regulator for corporate, markets, financial services and consumer credit, and highlights the important role we play on behalf of all Australians.
Our regulatory mission statement articulates the way we will realise our vision, and states that we will use our regulatory tools to:
- change behaviours to drive good consumer and investor outcomes;
- act against misconduct to maintain trust and integrity in the financial system;
- promote strong and innovative development in the financial system; and
- help Australians be in control of their financial lives.
We will continue to work with Government on the significant upgrade to ASIC’s enforcement powers and penalties that is in train, and the proposed financial product governance obligations and intervention powers. We will also continue to support whistleblower reforms and continue to implement the ASIC competition mandate.
In addition, we look forward to the recommendations from the important work of the Financial Services Royal Commission.
As an organisation, we will adapt and evolve in responding to the rapid changes in the financial sector. For this purpose, we have enhanced our internal governance frameworks to better support strategic decision making.
ASIC’s strategic planning framework
In this year’s Corporate Plan, we also explain our enhanced strategic planning framework. In previous years, we talked about meeting our long term challenges. This year, we are introducing a new threat, harm and behaviour framework to better identify, describe and prioritise actual and potential harms that need to be addressed.
This framework guides how we identify and prioritise threats of harm, the behaviours that underpin them, and actual and potential harms to consumers, investors and fair and efficient markets.
The framework includes our approach to:
- monitoring our operating environment to understand key trends;
- identifying and prioritising areas of focus by understanding the behaviours that drive misconduct and the harms that result from them; and
- testing the threats and harms that we have identified by consulting independent external advisory panels and experts.
Implementing new supervisory approaches
A key part of our work over the next year will be implementing new supervisory approaches. This work follows additional funding which was recently announced by Government to progress our strategic priorities. The new funding will strengthen our work to realise our vision for a fair, strong and efficient financial system for all Australians.
It will improve ASICs enforcement capabilities and enable it to undertake new regulatory activities, so as to better deliver on its mandate of combating misconduct in corporations and in the financial services industry.
The funding covers a number of initiatives in relation to our new supervisory approach, but I will focus in particular on three items.
Close and continuous monitoring
The first is implementing a new and more intensive supervisory approach by regularly placing ASIC staff onsite in major financial institutions to closely monitor their governance and compliance with laws – we call this new programme of work close and continuous monitoring.
A key goal of this new approach is to modify the behaviour of the large institutions to further encourage them to place consumers first in their decision-making and quickly identify and respond to conduct that produces unfair outcomes.
The initial focus of the teams will be to:
- First, drive significant improvements to breach reporting. This work will build on work already completed and described in ASIC’s imminent public report on breach reporting. This project provides robust baseline data. For example, it currently takes the entities who participated in the review around four years to identify a breach. We will use this baseline data as a benchmark to assess how the institutions are improving their breach detection, reporting, rectification and customer remediation processes.
- Secondly, we will focus on assessing the specific internal governance issues raised by the CBA prudential inquiry across the other institutions and collaborate with APRA in assessing the banks’ responses.
- Thirdly, we will seek to understand differences between institutions in appetite for change to culture and practices, governance, structure and organisation, reporting practices and gaps, products sold or distribution arrangements that affect the outcomes we are seeking and the ability to get effective changes (to inform longer term planning).
- Finally, we will identify key decision-makers and influencers within each institution to engage with directly.
As I’ve said, we expect that the first focus area for on-site supervisory visits will be breach reporting by large institutions. Future areas of focus will be selected based on the potential for consumer harm, as well as other factors such as the suitability for intervention through on-site supervision, the prioritisation of issues by the relevant stakeholder team(s) and issues identified/resolved in other jurisdictions.
Strengthening our supervision and enforcement focus of the superannuation sector
Another new project we will be implementing is to deliver an enhanced supervisory approach for superannuation. We have already strengthened our team focused on this area.
Our planned enhanced supervisory approach will:
- use an expended range of supervisory techniques, including more frequent on-site visits
- build on our already significant public actions in the superannuation sector, including more enforcement outcomes, and
- better leverage the data currently available to ASIC and APRA. We will also make use of new data sources, including internal dispute resolution data that must be reported to ASIC, as well as data on life insurance claims coming from joint ASIC and APRA work.
We will also increase our focus on the consumer perspective through the incorporation of more consumer testing and shadow shopping.
Our strengthened superannuation team will also move towards a more intensive engagement model, where superannuation stakeholders will deal with specific ASIC staff on a more consistent and regular basis.
By building on our existing work in this way, we plan to heighten the intensity of our regulatory scrutiny in superannuation.
I also want to recognise that we are not the only ones regulating the superannuation sector. ASIC, APRA and the ATO all have a common interest in this area. Accordingly, you can expect our approach to continue to build on our already close working relationship with these agencies.
This common interest also necessarily means there are boundaries to ASIC’s jurisdiction in super, and some issues will be in the remit of other regulators.
Nevertheless, we plan to do everything within our powers to improve member outcomes in superannuation.
Finally, all of this is happening alongside various other important developments in superannuation. For example:
- the Productivity Commission’s report on the competitiveness and efficiency of the super system
- the implementation of the Insurance in Superannuation Voluntary Code of Practice, and
- the Government’s announced Protecting Your Super reform package.
Corporate Governance Taskforce
The third and final new supervisory initiative I will discuss today is our Corporate Governance Taskforce. ASIC has sought and received funding to undertake targeted reviews of corporate governance practices in large listed entities. This will allow us to shine a light on ‘good’ and ‘bad’ practices observed across these entities.
As part of this work, we will look at a range of issues, three of which I will discuss today.
Director and officer oversight
The first is the role of the board and officers in the oversight (and in the case of officers, the management) of risk.
The independence of the board from management and proper information flows to the board is necessary for the board to effectively hold management to account. Our review will look at how directors are actively exercising their stewardship functions, particularly in relation to non-financial risk.
Questions we will consider include:
- How are directors and officers ensuring that they know enough about the entity to ask the right questions? How do they know what they are not being told?
- How are they holding their executive teams to account?
- In large, complex entities, how do they ensure that they have meaningful oversight over all material non-financial risks of the entity?
- How are they satisfied that the compliance and risk functions of the entity are being adequately funded?
The second issue we will be investigating is executive remuneration practices. We will do this with the benefit of recent work that APRA has also done in this space. Remuneration is a clear driver of conduct. We will be looking at whether executive remuneration structures, grants and vesting of variable remuneration are driving the right behaviours and accountabilities of executives in Australia’s listed companies. An initial issue we will be considering is focusing on the decisions by the board remuneration committee to award and grant variable remuneration.
Finally, we will be considering the adequacy of periodic corporate governance disclosures.
We will be looking to see whether investors are being provided with meaningful disclosures about the effectiveness of a company’s corporate governance practices. At the moment most disclosure focuses on what policies and procedures companies have in place regarding corporate governance. We want to understand whether those stated policies and procedures are actually reflected in practice.
We are currently working on the process of selecting the entities that we will approach for review. Targets will come from a range of industries, not limited to financial services. We will consider a number of factors when selecting targets, so the project covers a good cross section of entities. We expect companies to work with ASIC as we undertake this important review to help rebuild trust and transparency in our capital markets.
We are likely to publish a report at the end of the project, where we will highlight practices that require improvement as well as those which represent good practice.
As I said in the introduction, ASIC is a core part of the financial system. We have an important role in influencing behaviours that build and restore trust, and our work over the coming year, some of which I discussed today, is focused on this.
But as risk professionals, you play a central role in ensuring that the firms with whom you work are able to understand how decisions that are made may impact conduct risk and be proactively on the look out for such risks. You and your firms need to be at the front-line of helping to build and maintain a culture that focuses on consumer interests. Your roles will no doubt be even more critical over the next few years, as the sector takes action to restore trust which has been lost.
Thank-you, and I look forward to the panel discussion.