The Banking Royal Commission’s final report revealed widespread misconduct and blatant illegality in the financial services industry. This raised legitimate questions of whether ASIC was asleep on the job or was, as some have claimed, the watchdog that no-one fears.
ASIC’s enforcement track-record has been criticised, particularly its use of administrative and negotiated sanctions as primary enforcement tools, rather than taking court action to obtain tougher penalties on companies that break the law.
One common criticism of ASIC is that it simply has too much to do. Since ASIC was created, its responsibilities have expanded from general corporate regulation to include regulation of stock market participants, managed investments, trustee companies and the massive areas of consumer protection in financial services (which includes banking, insurance and superannuation) and consumer credit regulation. There are few aspects of our daily lives that ASIC does not have some responsibility for.
Unfortunately, ASIC’s resources have not kept up with these increased roles, with its staffing resources only increasing 18 percent since 1995 (source: ASIC annual reports). Although its funding increased from $121 million in 1995 to over $400 million in 2017, the increase in its regulated population has grown far more than this funding can address. For example, the numbers of companies registered in Australia (just one aspect of ASIC’s role) has increased from less than 1 million at the start of ASIC’s life to over 2.6 million currently.
While the Final Report acknowledged concerns with ASIC’s remit, it rejected breaking up ASIC, and supported the ‘Twin Peaks’ model of regulation that places the primary responsibility for regulating corporate conduct on ASIC. APRA retails responsibility for the financial viability of banks, insurance companies and most super funds.
Not only does the report support the Twin Peaks model (Rec 6.1), it proposes to give even more responsibility to ASIC. The report recommends that ASIC be given new powers:
The report recommends a new regulatory oversight body be introduced to review and report regularly on the performance of ASIC and APRA (Rec 6.14), and that regular capability reviews be undertaken (Rec 6.13).
Significantly, the Report recommends a major shift in ASIC’s enforcement strategy, by reducing reliance on negotiated and administrative sanctions, and that ASIC start by asking why court action should not be brought. This recognises the public interest in having serious misconduct dealt with by a court, but a big increase in litigation will require far greater financial and staffing resources than ASIC currently maintains. Furthermore, a litigate-first approach will likely harden the relationship between ASIC and its regulated populations.
The Report recommends that companies develop open and transparent relationships with ASIC and APRA, but is highly critical of the use of negotiated outcomes. With respect, the Commissioner can’t have it both ways. Telling regulators to sue more often and to pursue tougher penalties will encourage regulated populations to be more cautious when dealing with ASIC.
It is accepted that the evidence of misconduct revealed during the Commission has highlighted a failure by ASIC to take tough enforcement action even where it had evidence of repeated and serious contraventions of the law, so change was needed, but placing litigation as the first choice will clog up the courts with cases and fill up lawyers’ pockets with advisory fees.
The Report also criticises the use of enforceable undertakings (EUs) and infringement notices. ASIC should consider whether an EU is likely to produce a deterrent effect and whether admissions of liability should be obtained.
Public companies are reluctant to admit liability through an administrative process because it may paint a target on them for shareholder class actions and litigation funders. The Report recommends that infringement notices be used only for administrative failings (Rec 6.2).
This goes against the current regulatory trend to give regulators more powers to impose regulatory fines by issuing infringement notices, which also helps boost government revenues. Infringement notices have been a controversial tool because they are essentially regulatory parking fines where a defendant can simply pay the fine rather than going to court, usually with no acceptance of liability and no further regulatory action taken.
Concerns have been raised about the effectiveness of infringement notices, given they are virtually always paid with no court determination of liability and are seen as simply a cost of doing business and so don’t necessarily change corporate behaviour.
Lastly, the Report recommends a structural separation of enforcement staff within ASIC so as to minimise the risk of regulatory capture with ASIC’s regulated entities (Rec 6.2). This is essentially ‘back-to-the-future’, as prior to Chairman D’Aloisio in 2008 enforcement staff were separate.
Chairman D’Aloisio’s restructure of ASIC tried to provide a more dynamic and cooperative ASIC workforce to discourage information silos. The Report suggests that if such a separation does not produce desired change then a new federal civil enforcement body should be created to pursue regulatory enforcement.
Such a move could prove useful if also given jurisdiction over criminal enforcement of corporate laws as this could address concerns that criminal prosecutors don’t prioritise white collar crime such as corporate law breaches in the same way that they do violent crimes.
While many have argued that ASIC is too big to be effective, Commissioner Hayne disagrees and recommends putting even more on ASIC’s plate.
Unless this is accompanied by a massive increase in funding and resources, it is unlikely to be effective.
Shifting more work to ASIC suits politicians as they look like they are doing something, but the business community knows that ASIC is given an impossible task and the Royal Commission recommendations will only add more pressure on ASIC to do more with less.
As former ASIC Chairman Greg Medcraft has said, you get the regulator you pay for.