Earlier this month, ASIC Chair Joe Longo delivered a speech at the AICD Australian Governance Summit in which he highlighted ASIC's corporate governance priorities and offered remarks on what may lie ahead.
Key areas of ASIC focus
The areas of focus for ASIC stem from ASIC's Corporate Plan, released every August to outline ASIC's strategic priorities for the coming financial year. Of course, as the year progresses, ASIC factors in issues and developments in the market and adjusts its activity accordingly to ensure its actions and priorities are aligned.
For example, Mr Longo emphasised that ASIC is currently looking closely at the impact of factors such as the uncertainty in global markets, record low interest rates, and the rapidity of digital transformation. In particular, ASIC has seen an uptick in first-time investors entering the market and consumers continuing to conduct more and more business online.
Scams and misconduct
Scams and misconduct is the first key area of focus Mr Longo highlighted, noting that scams rose from 15% to 30% of all reports of misconduct made to ASIC over the past three years. This largely coincides with the onset of the COVID-19 pandemic and an increase in use of unregulated crypto-assets. ASIC intends to clamp down on such scams and misconduct by:
- working with other regulators, industry and social media platforms to combat and disrupt financial scams;
- addressing the deceptive promotion of riskier asset classes such as crypto;
- disrupting investment "gamification" on digital platforms;
- protecting financially vulnerable consumers impacted by predatory lending practices or high-cost credit;
- addressing misleading and deceptive conduct relating to investment products, including advertising through digital means that obscures the risk; and
- ensuring that consumers receive the benefits of the new design and distribution obligations.
Corporate governance
Mr Longo also highlighted corporate governance as an area of continued focus for ASIC, particularly in relation to non-financial risk and enforcement. The key corporate governance focus areas for ASIC include:
- governance failures relating to non-financial risk that result in significant harm to consumers and investors;
- cyber governance and resilience failures; and
- egregious governance failures or misconduct resulting in corporate collapse.
Mr Longo also discussed cyber risk, climate change disclosure and greenwashing, and lack of / deficient whistleblowing policies as increasing areas of concern. This echoed the emphasis on these areas as outlined in the most recent ASIC Corporate Plan, and continues to be highly relevant for all Australian businesses and companies.
The recent warning from the Australian Cyber Security Centre regarding the increased potential of cyber attacks from Russian-linked criminal gangs and other Russian agencies in light of the conflict in Ukraine is one pertinent example of the increasing relevance of cyber risk and importance of ensuring adequate protections are in place to avoid being an easy target for a cyber breach.
In the remaining parts of his speech, Mr Longo also discussed ASIC's work on digital transformation and ASIC's focus on regulatory efficiency.
What does this say about ASIC's approach?
While ASIC will focus its enforcement action on areas of greatest harm, and take an active and targeted approach to enforcement, specifics around enforcement action were not detailed in Mr Longo's speech.
Aside from one passing mention to the Australian Law Reform Commission's review of the Corporations Act 2001 (Cth), Mr Longo's speech did not go into detail on the Corporations Act reform. However, it is clear that this remains an area of focus for ASIC, particularly given recent comments Mr Longo made to The Australian. It also accords with similar comments from retiring NSW Chief Justice Tom Bathurst, who recently stated that "you can't regulate purely on the basis that the regulator is a policeman and all the corporations are criminals," and although there needs to be some regulatory oversight, regulators should not be rushing to invoke criminal law processes when there is a first sign of a breach.
Implications for Australian companies
Mr Longo's speech reminds all directors of Australian companies to be actively focused on identifying, assessing and mitigating risk in the companies they oversee, noting that while the output and practical application may look different depending on the size of the company, nature of its operations and industry practice, each company needs to give corporate governance a constant and ongoing investment of time and effort.
Some sample questions directors should consider when assessing risk include:
- What are the reasonably foreseeable risks and compliance issues that are raised by your business?
- What does the organisation do when things do go wrong?
- Did you give those issues the attention they deserved, and at the level they deserved?
Mr Longo's discussion on cyber, climate change and whistleblowing should also encourage directors to consider internal policies and processes for managing areas of growing risk, whether that be taking steps to ensuring stronger cyber protections, being mindful when outlining the company's ESG and/or climate change credentials and having a market standard whistleblowing policy in place.