The Australian Securities and Investments Commission (ASIC) released its 2022-2026 Corporate Plan. Our key takeaways are below.
- ASIC's latest corporate plan is structured around four core priorities on which the regulator intends to focus its efforts over the next four years: 1) enforcement of product design and distribution obligations; 2) 'sustainable finance'; 3) retirement decision making; and 4) technology risks with a focus on digitally enabled misconduct.
- The plan identifies eight 'core strategic projects' (in addition to other shorter term projects), each of which is centred around progressing one or more of these core priorities. These eight projects are: 1) disrupting/combatting scams; 2) improving sustainable finance practices and in particular, disclosure of climate risk; 3) addressing crypto-asset related market integrity issues and investor harms; 4) enforcing design and distribution obligations (DDO); 5); implementation of breach reporting obligations; 6) strengthening cyber and operational resilience; 7) (subject to the passage of the legislation) supporting implementation of the proposed Financial Accountability Regime (FAR); and 8) lifting ASIC's own digital/technical capabilities.
- A central theme running through the plan is consumer protection.;Consistent with the previous plan, ASIC identifies reducing the risk of harm to consumers caused by poor product design/governance and enhancing cyber and operational resilience as 'top priorities'. The new plan expands the scope of these priorities to include identifying and disrupting 'digitally enabled misconduct' with a particular focus on scams and crypto-assets.
- The plan also touches on ASIC's approach to enforcement. A key message is that ASIC intends to continue to prioritise taking action, including court action, to address misconduct causing the greatest harm, especially harm to the most vulnerable.
On 22 August 2022, the Australian Securities and Investments Commission (ASIC) released its latest corporate plan outlining the regulator's key priorities for the four-year period from 2022-23 to 2025-26 and key areas of focus for the year ahead. Our key takeaways are below.
Four key strategic priorities underpin the plan
The plan identifies the following as ASIC's key strategic priories over the next four years.
- Product design and distribution: ASIC has flagged reducing the risk of consumer harm caused by poor product design, distribution and marketing, with a focus on 'driving compliance with the new requirements' as a key strategic focus.
- Sustainable finance: 'Proactive supervision and enforcement of governance, transparency and disclosure standards in relation to sustainable finance' is highlighted as key priority.
- Retirement decision making: ASIC will focus on protecting consumers planning for retirement with a focus on superannuation products, management investments and financial advice.
- Technology risks: Addressing 'digitally enabled misconduct' (eg scam activity), driving good cyber risk and operational resilience practices and focusing on the 'impacts of technology in financial markets and services' is the final strategic priority highlighted in the plan.
Eight 'Core strategic projects'
The following eight 'core strategic projects' highlighted in the plan are intended to progress the priorities outlined above.
1. Disrupting investment scam activity
Planned actions listed under this project include:
- reviewing authorised deposit taking institutions' (ADI) scam identification and response strategies
- taking enforcement action to deter 'serious investment scams'
- developing 'enhanced data-informed approaches' to identifying and disrupting scams
- working with domestic and overseas regulators/law enforcement agencies to disrupt scams/coordinate enforcement strategies
- focusing on improving consumer education and ASIC communications (including through social media) to help raise public awareness of scams
In his 23 August address to the Committee for Economic Development of Australia (CEDA) ASIC Chair Joseph Longo touched on ASIC's approach to this project. Mr Longo emphasised the importance of technology in ASIC's approach stating that ASIC is focused on using 'innovative data driven approaches to drive early intervention and, where possible, prevent loss to consumers in the first place'.
Mr Longo also underlined the important role that 'corporate allies' eg banks play 'scam-proofing Australia' and pointed to the role that digital platforms including Google can play in this context. For example, Mr Longo noted that Google has recently announce that, following engagement with ASIC, advertisers wanting to promote financial products/services in Australia are now required to demonstrate they are licensed by ASIC or exempt from this requirement.
2. Sustainable finance practices
Actions highlighted under this project include:
- monitoring sustainability-related disclosures/governance practices of listed companies, managed funds, superannuation funds and green bonds
- taking enforcement action against misconduct, including misleading marketing and greenwashing
- licensing and supervision of carbon and related markets
- implementing a new Memorandum of Understanding (MOU) with the Australian Energy Regulator to address misconduct in gas and electricity markets
- continuing to work with peer domestic and international regulators on sustainable finance developments.
Expanding on this in his 23 August CEDA address, Mr Longo observed that ensuring firms comply with disclosure requirements and do not mislead investors is key to ASIC's role and that the regulator's focus on lifting standards of climate-related governance and disclosure is an extension of this work. Mr Longo said:
'climate-related disclosure must comply with the law. Crucially, the information must be useful and accurate for investors. If you make net zero claims, you must have substance behind those claims. Aspiration on its own is not enough – the bar is set much higher.
We want to ensure that firms moving towards net zero do so with integrity – fostering trust and practising transparency… Firms are expected to explain how they will ‘take sustainability into account’, using specific and clear language. We are actively monitoring the market, looking for dubious claims (also known as ‘greenwashing’).
Serious breaches will fall foul of the misleading and deceptive disclosure provisions in the Corporations Act, and we will take enforcement action'.
Mr Longo also emphasised the importance of working towards globally consistent reporting in this context, and reiterated ASIC's support for the development of global baseline standards by the International Sustainability Standards Board (ISSB). Mr Longo said that ASIC will 'continue to engage with peer regulators here and oversees to ensure we are aligned' on the issue.
ASIC has flagged it will take action to protect investors from harms posed by crypto-assets that fall within ASIC's remit including through:
- monitoring product disclosure statements and target market determinations of 'major crypto offerings' within ASIC's jurisdiction
- 'taking enforcement action to protect consumers from harms associated with crypto-assets, including those that mimic traditional products but seek to circumvent regulation'
- 'supporting the development of a consumer protection focussed regulatory framework' (following Treasury consultation)
- implementing and monitoring the regulatory model for exchange traded products with underlying crypto investments
- 'raising public awareness of the 'risks inherent in crypto-assets and DeFi'
- 'working with domestic and international peers to monitor risks, develop coordinated responses to issues and develop international policy regarding crypto-assets and DeFi'
- focusing on improving consumer education and ASIC communications (including through social media) to help raise public awareness of scams
Touching on ASIC's work in this area in this in his 23 August CEDA address, Mr Longo said that ASIC's crypto regulatory strategy has three cornerstones: 1) ASIC supports the development of a regulatory framework and 'greater regulatory clarity' for crypto-assets; 2) ASIC intends to continue to take enforcement action to disrupt and deter harmful products within ASIC's jurisdiction including 'those that mimic traditional products or seek to circumvent regulation); and 3) ASIC is collaborating and cooperating with domestic and international peer organisations as 'the crypto ecosystem does not observe borders or the jurisdiction of any single Australian regulator'.
4. Design and Distribution Obligations (DDO) compliance
Planned actions flagged in the plan include:
- Enforcement: ASIC has flagged it will take 'enforcement action to address poor design and distribution of products, including in relation to insurance, superannuation, credit and other financial products'
- BNPL/SACC review: ASIC plans to conduct a review of the 'product governance arrangements of selected small amount credit and buy now pay later providers, which will include a review of how target market determinations were developed and the data and metrics that inform review triggers'
- Credit sector focus: ASIC will push for 'further improvements to consumer outcomes in the credit sector by collecting data from credit card issuers, reviewing target market determinations and assessing consumer outcomes'
- Superannuation focus: ASIC plans to undertake 'surveillance of a sample of target market determinations in the superannuation and managed funds sectors'. ASIC also plans to conduct 'surveillance of superannuation trustees’ distribution practices in relation to choice superannuation products, and examining the role of financial advisers and their licensees in the distribution of underperforming choice products'
Expanding on this project in his 23 August 2022 CEDA address, Mr Longo pointed to ASIC's recent intervention to prevent Responsible Entity Services Ltd (RES) from selling 'a high-risk, illiquid, unlisted, single-asset investment' which ASIC considered did not meet the needs of all investors identified in the target market determination (TMD), as evidence of the regulator's willingness to take action to enforce compliance with DDO obligations to protect investor interests where necessary. Mr Longo said: 'RES shows that where issuers get target markets wrong, we will step in to prevent these products being sold. In the months ahead, you can expect ASIC to focus on sectors where consumers are at the greatest risk of harm'.
As flagged in the plan,, Mr Longo added that ASIC currently has 'targeted surveillance' underway to identify/disrupt poor conduct in relation to high risk and complex products eg OTC derivatives and crypto. Mr Longo also confirmed that ASIC is reviewing product governance arrangements in the small amount credit and BNPL sectors as well as conducting a surveillance of a sample of TMDs in the superannuation and managed funds sectors. Mr Longo cautioned that where this surveillance identifies poor consumer outcomes, ASIC will use stop orders or take court based enforcement action to 'disrupt' the sale of the products in question.
Looking ahead, Mr Longo said that industry should expect that ASIC will be looking closely at the way in which firms 'collect, assess and respond to data about consumer outcomes from their products'. ASIC's expectation is that firms proactively respond to poor outcomes by making changes to either their products or their product governance arrangements.
5. Engaging with stakeholders to address challenges in implementing new breach reporting obligations
ASIC has flagged plans to:
- continued monitoring of the new regime to support industry with the practical implementation of the new obligations
- prepare the first report on reportable situations and develop a framework for ongoing publication of information about the reports received
- work with stakeholders to 'implement solutions that will improve the consistency and quality of reporting practices, which may involve providing further guidance'
- develop enhanced data analytics capabilities to harness the value of the information we receive under the regime to achieve better regulatory outcomes
6. Supporting enhanced cyber and operational resilience
Planned actions include:
- updating the legal and compliance obligations for regulated entities that first published in Report 429 Cyber resilience: Health check, and 'consolidating and updating; existing ASIC guidance on cyber resilience
- implementing of a cross-industry self-assessment to benchmark cyber resilience across regulated entities, 'refine' ASIC's risk framework and develop sectoral insights
- conducting surveillance to monitor cyber and operational resilience across regulated entities
- partnering with financial regulators on key cyber-resilience initiatives, including the Trans-Tasman Council of Banking Supervision’s cyberattack protocol and the Council of Financial Regulator’s Cyber and Operational Resilience Intelligence-led Exercises (CORIE)
- monitoring implementation of the expectations set out in Report 708 ASIC’s expectations for industry in responding to a market outage on market resilience, the new technology and operational resilience market integrity rules for market participants and market operators, and the new Cboe trading system
- taking enforcement action 'where there are egregious failures to mitigate the risks of cyber-attacks and related governance failures relating to cyber resilience'.
7. Implementation of the Financial Accountability Regime (FAR) (subject to the passage of the necessary legislation)
Consistent with the approach in APRA's latest Corporate Plan (summarised), ASIC continues to prepare to support implementation of the as yet unlegislated FAR (which is proposed to replace the existing BEAR). The following three actions (subject to the passage of the necessary legislation) are listed in the plan:
- 'developing guidance and external engagement forums for industry
- implementing a coordinated risk-based approach to registration activities under the regime
- increasing our focus on individual accountability in our regulatory and enforcement approach'
8. Harnessing digital technology and data
The final 'core strategic project' identified in the plan is an internal priority focused on lifting ASIC's own digital/technology capabilities to enable it to be a 'leading digitally enabled, data-informed regulator'. Increasing the use of automation and expanding the use of advanced analytics, including AI and machine learning will be a particular area of focus for ASIC over the next 12 months.
Closely aligned with this is a strong focus on efficiency. The plan flags that ASIC is implementing three efficiency initiatives. The first project is aimed at enhancing the development/maintenance of regulatory guidance; the second is focused on enhancing ASIC's engagement in the context of exercising its compulsory information gathering powers; and the third aims to improve ASIC's approach to stakeholder engagement, using ASIC’s engagement with licensing applicants as a case study.
Shorter term strategic projects
In addition to the eight core strategic projects identified above, the plan also identifies a number of shorter term, cross-sector and industry specific projects.
Cross sector strategic projects
- During the next six months (the six month period from 1 July 2022) ASIC is undertaking a review of whistleblower programs from a sample of regulated entities. The review is focused on how entities handle disclosures, use the information from disclosures to address issues/misconduct; and the level of board and executive oversight of whistleblower programs.
- During the next 12 month period (1 July 2022 – 1 July 2023) ASIC plans to address 'misinformation about investment products' through taking enforcement action against misleading or deceptive conduct that misrepresents the performance, risks or nature of products. ASIC will also take enforcement action to address 'inappropriate gamification, social trading and "finfluencer" conduct'.
- During the next 12 months, ASIC plans to finalise and implement its Indigenous Financial Services Framework which aims to drive positive financial outcomes for Aboriginal and Torres Strait Islander peoples. ASIC also plans to strengthen stakeholder engagement within its Indigenous Outreach Program, and develop a data strategy to measure/evaluate outcomes.
- Over the next two years (from 1 July 2022) ASIC expects to focus on addressing 'mismanagement' of high risk property schemes including taking enforcement action to address responsible entity failures and/or inappropriate advice
- ASIC also flags supporting the establishment of an as yet unlegislated compensation scheme of last resort (CSLR) including publishing regulatory guidance and implementing a levy system to fund the scheme in the list of shorter-term cross-industry priorities. For clarity, as yet no Bill or Bills to establish such a scheme have been introduced.
Shorter-term sector specific priorities
Some of the shorter-term sector specific priorities flagged by ASIC include the following.
Over the next 18 months, ASIC will focus on projects aimed at better identifying poor market disclosure by listed companies. In particular, the plan flags that ASIC will work with the Department of Industry, Science, Energy and Resources to implement the Business Research Innovation Initiative. ASIC will also work with two regtechs to scale up business to develop and innovative technology solution to identify and assess poor market disclosures by listed companies
Credit and Banking
ASIC flags the following as key priorities over the next 12 months:
- Taking enforcement action to protect financially vulnerable consumers affected by predatory lending practices, high cost credit, debt management misconduct or debt collection misconduct
- Engaging with ADIs on improving the provision of 'suitable banking products' for Indigenous consumers will be key areas of focus.
- Pricing misconduct: Over the next 12 months (or longer) ASIC intends to engage with general insurers on their pricing practices and in particular, to review the use of 'unfair pricing practices' eg 'price optimisation practices'. ASIC flags it will take enforcement action where pricing misconduct is identified
- Claims handling misconduct: Over the next two (or more) years, ASIC expects to focus on analysing consumers' experience of making home insurance claims (following disasters) to identify poor claims handling conduct. Again, ASIC flags it intends to take enforcement against to address claims handling misconduct where this is identified.
- Financial Services and Credit Panel (FSCP): Over the next 12 months, operationalising the FSCP will be a focus.
- Adviser registration: Over the next 12 months, ASIC expects to focus on facilitating the registration of relevant providers and ensuring they comply with their new registration obligations.
- Financial Advisers Register: Over the next two (or more) years, ASIC expects to focus on reviewing the Financial Advisers Register to ensure it accurately records the authorisation status of existing advisers who have not passed the financial adviser exam by the relevant deadline and engage with licensees who have not removed advisers from the register as required.
- Corporate Collective Investment Vehicles (CCIVs): Implementation of the CCIV regime will be a focus over the next 12 months.
- Marketing of performance and risks: Within the next 12 month period, ASIC will conduct surveillance of the marketing of managed funds that are 'likely to appeal to retail and unsophisticated wholesale investors, such as some retirees, focusing on statements about fund performance and risks'.
- Review of trustee transparency: Within the next two year period, ASIC plans to review industry practice and communicate expectations around trustee's disclosure obligations with a view to enhancing transparency
- Trustee oversight of advice fee deductions: Within the next two year period, ASIC will conduct surveillance of trustee's oversight of advice fee deductions
- Performance test failure communications: Over the next 12 months (or more) ASIC plans to 'take enforcement action against misleading conduct relating to fund performance'
- Complaints handling and Internal Dispute Resolution (IDR) processes: Monitoring IDR practices (including complaints handling) and compliance with new enforceable standards will be a focus for ASIC over the next 12 months.
- Retirement income covenant: Together with the Australian Prudential Regulation Authority (APRA), within the next 12 months (or more), ASIC expects to review trustees' implementation of the retirement income covenant.
- Insurance in superannuation: Over the next 12 months, ASIC plans to continue its surveillance of superannuation trustees on issues raised in Report 633 Holes in the safety net; a Review of TPD insurance claims and Report 675 Default insurance in superannuation: member value for money.
ASIC's ongoing work over the next four years
In addition, ASIC the plan provides a brief update on ASIC's continuing work in a range of areas including enforcement and supervision.
In terms of ASIC's enforcement priorities, the focus of ASIC's enforcement work will continue to be on the areas of 'greatest harm' including:
- targeting misconduct that 'damages market integrity' eg insider trading, continuous disclosure breaches, market manipulation, governance failures
- misconduct that impacts Indigenous Australians
- misconduct involving a high risk of consumer harm, with a focus on conduct that targets financially vulnerable consumers
- systematic compliance failures by large financial institutions that results in consumer harm
In terms of surveillance ASIC will continue to conduct 'targeted surveillances' to ensure ASIC regulated entities and individuals are 'acting in the best interests of consumers and investors'.
On the supervision front, ASIC will continue to resource what was previously referred to as 'close and continuous monitoring' of 'a select group of regulated entities that present the greatest potential harm to consumers and investors'.
Commenting on ASIC's overall approach to enforcement ASIC Chair Joseph Longo made clear in his 'message from the Chair' that ASIC will 'continue to be an active litigator against misconduct' where warranted, but will do so in a targeted way that leverages the full suite of regulatory tools available to prevent and respond to wrongdoing.
In his 23 August CEDA address, Mr Longo emphasised the need for ASIC to prioritise, stating:
'Ultimately it is ASIC’s capacity, when the circumstances warrant it, to take forceful enforcement action that lies at the heart of its effectiveness as a regulator. Our appetite to take on matters has not diminished. Where we see egregious misconduct, we will act. Our action will be targeted, timely and proportionate. Rather than attempting to be "everywhere", we must prioritise the areas of greatest harm and take action to protect vulnerable people. Being a regulator is all about choices, so we must be targeted in the way we deploy resources.'
[Sources: ASIC media release 22/08/2022; ASIC Corporate Plan 2022-26; Speech by ASIC Chair Joseph Longo to the Committee for Economic Development of Australia (CEDA), Looking ahead: ASIC’s priorities 23/08/2022]