Opening remarks by John Price, Commissioner, Australian Securities and Investments Commission at the Governance Institute of Australia National Conference 2019, (Sydney, Australia) 2 September 2019

Thanks for that introduction and for the opportunity to make some brief opening comments on engaging with regulators.

Because time is short I thought perhaps the most useful thing I could do is to provide some recent context to help inform our discussion.

While there is no perfect place to start I thought I would kick off with an announcement made in October 2016 when the then Minister Kelly O’Dwyer announced a taskforce to review the enforcement regime relevant to ASIC. This, of course, followed an ASIC report noting penalties under Australian legislation were often low and sometimes there were no penalties compared to international counterparts. The review also looked at various regulatory and enforcement remedies and recommended an expansion of those. The legislation raising penalties and expanding our enforcement toolkit was passed by Parliament in February this year.

Then in the 2017 budget the Government made an announcement about legislation seeking to enhance accountability in the banking sector – the so called ‘Banking Executive Accountability Regime’ or BEAR. An advisory by Deloitte probably best summed up for me the objective of the legislation. It was noted ‘At its heart, BEAR is about effecting cultural change, and uplifting the governance and risk management of organisations. While compliance is one element, since these regimes impact the most senior stakeholders in the organisation, a human-led approach to BEAR is critical.’ Interestingly, the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Royal Commission) suggested that these obligations should be extended to the financial sector more broadly.

In August 2017, AUSTRAC sought civil penalty orders against the Commonwealth Bank of Australia (CBA). Later that month APRA announced a prudential inquiry into CBA and a final report on that inquiry was made public in May 2018. That report amongst other things noted:

‘Since the global financial crisis, banks globally have been required to fundamentally enhance their frameworks and practices for managing both financial and non-financial risks.

At many institutions, this has required large transformation or remediation programs aimed at enhancing the governance, culture and accountability around risk management as well as developing the practical tools, processes and capabilities required to manage risks. Initially, given the nature of the crisis, these programs were focused on financial risk but they quickly evolved to include non-financial risk…. Banks in Australia are also spending significantly on risk management and compliance efforts after a series of high-profile failings.’

Of course, this was of great interest to ASIC as many non-financial risks fall within our remit. Incidentally I should note I do find some irony in the term ‘non-financial risk’. By our tally, the costs of remediation for misconduct in the financial system in recent times amounts to $9 billion. That sounds to me like a figure that indicates a real financial impact.

In December 2017 the Royal Commission was called. It reported in February 2019 and so perhaps I will come back to it a little later.

In August 2018, ASIC published its corporate plan for that year. The plan noted that additional Government funding enabled both enhanced supervisory approaches and an accelerated enforcement program.

In terms of supervision our work involved implementing a new and more intensive supervisory approach by regularly placing ASIC staff onsite in major financial institutions to closely monitor their governance and compliance with laws – we call this work 'close and continuous monitoring'. It has also included our Corporate Governance Taskforce looking at governance in a broader range of listed companies. This taskforce has undertaken targeted reviews of corporate governance practices focusing on interactions between the Board and senior management. This will allow us to shine a light on 'good' and 'bad' practices observed across these entities. We also intend to look at remuneration structures and the conduct they might be driving in due course.

On enforcement matters in October 2018, ASIC adopted a 'why not litigate?' stance. To manage the expected increase in court-based enforcement, ASIC has also established an Office of Enforcement. Just on litigation, there was also an explicit recognition that further funding was also required for the broader enforcement ‘eco-system’ and additional funding was announced for the CDPP for corporate criminal matters and for the Federal Court in November 2018.

Also, in November 2018 AFCA was established as a ‘one stop shop’ for dispute resolution in the financial sector with an emphasis on ‘fairness’ for customers – a clarion call that has also been made by ASIC and the ACCC amongst others. Initial volumes of complaints from consumers have far exceeded numbers to predecessor bodies perhaps reflecting consumers more willing to take action protecting their own interests.

Which now brings me to the final Royal Commission report issued in February 2019. A lot has been said about it previously, so I won’t dwell on it other than to say 3 things.

First, the report recognised that the regulators are agent provocateurs for change. However, the ultimate responsibility for change, of course, rests with corporate Australia. Commissioner Hayne did emphasize however the key role the regulators have in ensuring an appropriate public deterrent for misconduct - so it does not become just a cost of doing business.

Second, to the extent the report identified changes to public policy that were needed they are well underway. Last month, the Government released its Implementation Roadmap which set the timetable for delivering on the Royal Commission recommendations. The Roadmap – with its 56 measures, 48 of them relevant to ASIC – is ambitious, with all legislation to be introduced by the end of 2020, and 90 per cent of it earlier, by mid-2020.

Third, consumers are well and truly starting to avail themselves of their rights. As I said before, the increase in the number of complaints made to AFCA (and indeed to ASIC) post the Royal Commission start date has been staggering.

Finally, in the 2019 budget the Government provided more than $550 million to APRA and ASIC to ensure there were ‘necessary resources to discharge their expanded remit and address misconduct.’ Of that sum, $146 million was given to support ASIC’s litigation strategy.

So, in light of these changes in terms of public policy and regulatory frameworks, consumer behaviour and regulatory approaches it is useful to reflect on a recent survey about regulatory engagement by the Governance Institute and Lexis Nexis. When asked how they characterise their regulatory approach, almost 50% of respondents collectively said defensive or reactive, instead of proactive. Other results of note include: Do you have a strategy for dealing with regulators: 40% said no. Will the Royal Commission impact on your organisation’s approach to remuneration: over 70% said no.

In closing now for the panel session, I can’t help but wonder two things. First, has the wise counsel from the APRA CBA report to ask ourselves ‘should we not can we’ got through to all levels of corporate Australia. Second, given that reactive or defensive conduct toward regulators and the absence of a regulatory strategy was a feature that led to the events I have mentioned today - is doing the same thing again and expecting a different result a prudent course?

Thank you and I look forward to your questions.