The Financial Regulator Assessment Authority's (FRAA) first report into the Australian Securities and Investments Commission (ASIC) was released publicly on 25 August 2022.  Our key takeaways are below

Key takeouts

  • The report concludes that ASIC is 'generally effective' across the three areas – strategic prioritisation, planning and decision making and surveillance and licensing – assessed.  
  • However, the report identifies scope to improve in several areas and a general need for a 'cultural shift' within ASIC which FRAA considers will help enhance its capability and effectiveness.  The four recommendations in the report target these issues.  
  • The government has encouraged ASIC to consider the report recommendations. 
  • In a statement, ASIC outlined a number of measures (some of which are flagged in its latest corporate plan) that address the FRAA's recommendations.  ASIC Chair Joseph Longo also indicated the FRAA's recommendations 'align closely' with his own plans for ASIC and that the regulator is acting/will act to implement all four FRAA recommendations.

FRAA concludes that ASIC is 'generally effective'

The Financial Regulator Assessment Authority (FRAA), an independent statutory body tasked with assessing and reporting on the effectiveness and capability of the Australian Securities and Investments Commission (ASIC) and the Australian Prudential Regulation Authority (APRA), has handed down its first report on ASIC.

The report was publicly released on 25 August 2022.

The report assessed ASIC's work in three areas: 1) the regulator's approach to strategic prioritisation, planning and decision making; 2) surveillance; and 3) licensing.

Overall, the report concludes that:

'ASIC is generally effective and capable in the areas reviewed, although there are important opportunities to enhance its performance…. Notwithstanding areas of improvement, it is well recognised that Australia has a world leading financial system to which ASIC’s contribution is crucial'.

Room to improve in several areas: Four recommendations for change

The report also identifies scope for ASIC to improve its: internal data and technology capabilities; approach to stakeholder engagement; approach to measuring and assessing its own effectiveness; and a need for the regulator to ensure staff have the right skills to discharge their roles effectively/the right mix of skills are represented within ASIC.

The report includes four recommendations aimed at addressing these issues. A running theme throughout the recommendations, and the report, is the importance of culture in securing the success of change initiatives.

The four recommendations are outlined briefly below.

Recommendation 1: 'ASIC requires a substantial uplift in its data and technology capability, which will involve cultural change'

The report identifies scope for ASIC to improve its data, analytics and technology capabilities to enable the regulator to:

'better identify and act on emerging harms, set strategic priorities, create efficiencies, lower the regulatory burden, and deliver a digital stakeholder experience'.

The report highlights in particular, scope to enhance the effectiveness of ASIC's Financial Services and Wealth Group.

In making these observations, the report underlines the need for the proposed uplift in technological/digital capability to be accompanied by a cultural shift within the regulator. The report states:

'It is the FRAA’s view that ASIC requires a substantial uplift in its data and technology capability and will need to undergo material cultural change to embed the benefit from the required investment. The Commission and ASIC’s senior leaders will need to lead this cultural shift to realise the benefits of its planned digital uplift'.

The report acknowledges the steps ASIC has taken in this direction already including the development of a new digital strategy.

Recommendation 2: 'ASIC should have a stronger focus across the organisation on enhancing the quality of its engagement with stakeholders'

The report underlines the value of ASIC building a strong relationship with stakeholders (including the entities and individuals it regulates) from a regulatory perspective. The report comments:

'ASIC must maintain clear independence from the community it regulates and resist regulatory capture. Improving stakeholder engagement in a thoughtful and considered way need not compromise this imperative. To deliver its objectives ASIC should have a strong, trusted and, where appropriate, open and collaborative relationship with its stakeholders. This is necessary to support ASIC’s effectiveness and provide it with intelligence that would enable it to act earlier to minimise harm'.

The report acknowledges the steps ASIC has already started to take in this direction including more clearly communicating its priorities and using 'innovative channels' to communicate emerging harms. The report also acknowledges ASIC's commitment to review its approach to external engagement.

As with the first recommendation, the FRAA again underlines the importance of culture in this context. The report states:

'The FRAA considers that ASIC will need to complement these initiatives with a mindset that sees it become more transparent, open and responsive to feedback from stakeholders. This will require ASIC to engage proactively with its stakeholders and consider their ongoing experience in interacting with ASIC'.

Recommendation 3: 'ASIC should enhance its ability to measure its own effectiveness and capability and communicate the outcomes of such assessment transparently, both internally and externally'.

The FRAA considers there is scope for ASIC to enhance its approach to measuring and communicating how it evaluates its own regulatory activity – that is, the measures used to assess the effectiveness of its activities – and the outcomes of these assessments. This would, the report suggests, provide transparency around whether ASIC is achieving its statutory objectives and enable/support a data driven approach to continuous improvement within the regulator.

The report acknowledges the steps ASIC has taken in this direction and again underlines the importance of culture in this context.

'The FRAA considers it important that alongside the development of measures, ASIC leadership drive a cultural shift to be open to and look for opportunities for continual improvement'.

Recommendation 4: 'ASIC should continue to broaden its mix of skill sets to ensure it can meet the current and future needs of the organisation'

The report underlines the importance of an ongoing focus within ASIC on broadening its mix of skills sets to enable successful implementation of each of the other recommendations (and more generally).

The report states:

'To implement the recommendations in this report, the FRAA considers that ASIC will need to continue to build its people and organisational skills, and cultural setting to: - support data and technology uplift plans - improve engagement with stakeholders - enable continual self-assessment'.

The report flags in particular a need to equip staff with the skills needed to support ASIC to 'become a digitally enabled regulator' (eg skills in data analysis/interpreting data) as well as ensuring staff have knowledge of risk areas such as cyber, crypto and climate change as areas of focus.

The report notes that ASIC has already taken steps toward implementing this recommendation. For example, ASIC reported to FRAA that there has been an increase in qualifications and experience in digital and data analytics within ASIC since the creation of the Chief Data and Analytics Officer role and the 'hub and spokes data governance model'. ASIC also reported that it has 'adjusted the allocation of graduate placements to reflect priorities and future capability needs, and in 2023 will target areas such as mathematics, statistics, IT and data analytics'.

The report also observes that during the FRAA review, ASIC completed a new People Strategy designed to 'support ASIC to become more digitally enabled and regulate emerging areas, equip staff members with the right mindset, tools and capabilities and uplift organisational leadership to embed a "whole-of-ASIC" culture'. This entails the planned recruitment of a new Head of Workforce Management who will have responsibility for 'defining and building the organisational workforce strategy'.

The report expresses support for this approach.

ASIC is already acting to implement the recommendations

In a statement, welcoming the FRAA's findings, the government 'encouraged' ASIC to consider implementing all four recommendations.

In a separate statement ASIC Chair Joseph Longo noted FRAA's acknowledgement of the initiatives already underway that 'align with' the report recommendations including those outlined in the regulator's 2022-26 corporate plan (summarised). Mr Longo said that ASIC will:

'continue to implement the FRAA’s findings in our future work. We will always be committed to ongoing improvement of our effectiveness and capability to become an even stronger regulator, trusted by the community and always looking ahead'.

Planned next steps for FRAA

  • The FRAA intends to work with both ASIC and APRA over the next 12 months to develop metrics to measure their effectiveness and capability.
  • The government has indicated that the FRAA’s next review will assess the effectiveness and capability of the Australian Prudential Regulation Authority (APRA).
  • The FRAA has flagged that its next review of ASIC in 2023–24 will assess different areas of its functions. The next review of ASIC is planned to also consider:
    • how projects to improve the effectiveness and capability of ASIC's strategic prioritisation, planning and decision-making and surveillance and licensing functions are operating in practice
    • review the regulator's progress towards implementation of the four recommendations in the 2022 report, including progress on implementation of several projects commenced during FRAA's review.

[Source: FRAA report: 2022 ASIC Report; Assistant Treasurer Stephen Jones media release 25/08/2022;ASIC media release 25/08/2022]