ASIC’s Corporate Plan 2021 to 2025: Priorities and focus

ASIC handed down its current Corporate Plan last Thursday 26 Aug - its first strategic plan that has the imprint of ASIC’s new leadership.

A major pillar of ASIC’s governance and a requirement under public sector legislation, the Plan sets out the regulator’s priorities and actions over the next four years. This will be of keen interest to in-house regulatory response and legal teams as they work out the longer-term approach of the regulator overseeing their sectors.

The Plan gives ASIC the ability to lay out actions and to signal the areas that need fixing in the Australian markets it looks after.

ASIC will continue to be a strong and targeted law enforcement agency. We will use our full suite of tools and powers to address wrongdoing. Our enforcement actions will prioritise areas of greatest harm and the protection of vulnerable consumers and investors. ASIC Chair, Joseph Longo

Enforcement

Recent posts from us have looked at the development of ASIC’s approach to litigation. Although ‘Why not Litigate?’, the operational discipline born out of the organisation’s response to the Hayne Royal Commission, is not explicitly mentioned, Mr Longo makes a clear strategic statement about enforcement’s importance for ASIC as a credible regulator.

Interestingly, this is supported by effort allocation data set out in the Plan that suggests that Enforcement will see a greater slice of effort/focus (compared to 2020, for instance).

Strategic priorities

ASIC’s key external strategic priorities include:

• Promoting economic recovery, including through targeting regulatory and enforcement action
• Supporting cyber resilience and security among regulated entities
• Driving industry readiness and compliance with new reforms in Spring 2021.

Supporting enhanced cyber resilience and cyber security among ASIC’s regulated population, in line with the whole-of-government commitment to mitigating cyber security risks. ASIC external priority, Corporate Plan 2021-25

The confidence brought to local markets by a strong engaged regulator and the role a strong financial system plays in supporting the economy is reflected in the Plan. The Government’s new Statement of Expectations of ASIC that accompanied the Plan’s release also underlines ASIC’s contribution to national economic goals.

Of note is that cyber risk, and allied issues of resilience and security, are very specific priorities, so digital operations capabilities within banks and corporates will be areas that ASIC will examine in terms of their cyber safety, risk management features and related resilience.

Indeed, a day prior to the release of the Plan, Deputy Chair Karen Chester identified under-investment in decaying data systems as the “root cause of boards missing risk landmines”. Ms Chester commented on the increased exposure that poor data systems and system deficiency in general create. This concern is reflected in the Plan priorities.

Upcoming reforms in breach reporting, design and distribution, remediation and dispute resolution, and compliance with them by the regulated community, are also clearly in ASIC sights. This ‘reform storm’ (see our recent post) will see ASIC oversight on how an organisation’s internal governance and culture helps address compliance with the new changes. This coverage will also extend to the implementation of FAR in the Insurance and Super sectors.

Action plans

The Plan sets out a comprehensive series of actions in a number of key areas such as changing behaviours for the better, acting against misconduct to maintain trust and integrity, and promoting the innovative development of the financial system.

Key proposed surveillance actions worth noting include:

• DDO: conduct new and continuing risk-based surveillance on a range of products such as Buy Now Pay Later and choice superannuation, and on targeted distribution networks of channels.
• Insurance in Super: conduct new and continuing surveillance of superannuation trustees on the value that members accrue from default insurance.
• Conduct surveillance on illegal phoenix activity.
• Credit and banking – leasing and retail finance: conduct continuing surveillance to ensure costs incurred by consumers are legal and correctly calculated.
• Greenwashing: continue to conduct targeted surveillance of financial products to identify misleading statements relating to environmental, social and governance claims, particularly across social media.
• Climate risk governance: continue to conduct surveillance to influence companies to adopt sophisticated governance structures that produce better climate risk disclosures.

Clarity

A clear picture of ASIC priorities emerges from the Plan and is a good guide to the market on what ASIC sees as the ‘fix’ areas.

The clarity of action proposed in the Plan, along with the emphasis on ASIC as an enforcement agency, ought to positively initiate the relationship between ASIC and FRAA.