Chapter 1: Context and approach



1.1. Review objectives and approach

In June 2015, the Government announced a review to consider the capabilities of ASIC to ensure it has the skills and culture to carry out its role effectively. The Review is in response to a recommendation made by the Financial System Inquiry (FSI) that there should be periodic, independent reviews of the performance and capability of regulators, starting with ASIC.

The Review was undertaken in parallel to Government industry consultation on a potential industry funding model for ASIC, as recommended by the FSI. In addition, a separate process is being undertaken to 'market test the capacity of a private sector operator to upgrade and operate the ASIC registry'.¹⁰

The Review is a forward-looking, whole-of-agency exercise that assesses ASIC's ability to meet future objectives and challenges. It is not a performance review. This Review adopts a robust capability assessment methodology (outlined below) which focuses on ASIC's governance and leadership, strategy and delivery capabilities. It assesses ASIC's governance and internal management strengths and weaknesses.

This Review follows a number of other significant reviews into the Australian financial system (for example, the Wallis Inquiry and FSI), and recent Inquiries by the Senate Economics References Committee (for example, 2010 and 2013) into the performance of ASIC.

• The 1996 Wallis Inquiry established the overarching framework for Australian financial services regulatory architecture. The current 'twin peaks' model was established comprising the Australian Prudential Regulation Authority (APRA) for prudential supervision and ASIC for corporate conduct regulation and financial system licensing.
• The 2014 FSI made a number of recommendations about the regulatory environment with specific recommendations relating to ASIC's legislative mandate. The Government has accepted wholly or in principle the recommendations of the FSI, with the exception of the recommendation to establish a new Financial Reporting Advisory Board (FRAB). The Panel notes that some of the recommendations would change ASIC's legislative framework and powers and has had regard to those in formulating its recommendations.
• The 2010 and 2014 Senate Committee reviews of ASIC performance in two areas of ASIC's activities. The first in 2010 focused on 'the conduct of the insolvency profession in Australia and the adequacy of efforts to monitor, regulate and discipline misconduct'. The second was held in 2014 to review ASIC's efficacy in regulating consumer credit and financial advice.

More broadly, this Review aligns with a Government drive for greater transparency and accountability of public agencies — especially regulators. Various initiatives including stronger transparency and accountability requirements under the Public Governance, Performance and Accountability Act 2013 (PGPA) have been recently introduced and are in the process of being implemented.

The Panel undertook an extensive and targeted consultation program involving internal, external and international evidence gathering, assessment and consultation. These inputs were used to develop a comprehensive fact and evidence base, albeit some subjective in nature, to inform the Panel's findings and recommendations. However, many of the observations made in this Report have also drawn upon the Panel's judgement in areas where the evidence base is limited, incomplete or ambiguous.

Whereas the FSI assessed what ASIC can do under its regulatory framework and powers, this Review examines ASIC's interpretation and application of these powers, its use of administrative discretion, and whether and how it should change its practices. This has entailed a comprehensive assessment of what ASIC should do, and what ASIC does do. Figure 5 provides an overview of the scope of the Review and how it relates to other inquiries.

Figure 5: Scope Comparison of the FSI and Capability Review

The Review was led by an independent Expert Panel and supported by a secretariat, consisting of private sector consultants and public sector personnel from the Treasury. PricewaterhouseCoopers (PwC) was engaged to perform research and analysis, provide support to the Expert Panel, and prepare an evidence report on the capabilities of ASIC (which should be read as an adjunct to the Panel's Report).

Capability reviews are regularly undertaken by the Australian Public Service Commission (APSC). These reviews are conducted on key public service agencies to identify opportunities to raise institutional capabilities of the agency and the public service as a whole. This more comprehensive Capability Review of ASIC differs in three key respects:

1. Use of an independent panel of external experts reporting to the Government rather than the agency itself.
2. Publicly announced and transparent Terms of Reference and process to maximise the opportunity for all interested parties to have an opportunity to provide input.
3. Extensive stakeholder engagement both with ASIC itself with a wide range of external stakeholders.

In assessing ASIC's capabilities, the Panel and supporting team engaged extensively and received input from a variety of sources, including:

• the general public in response to advertisements placed in national newspapers;
• a sample of ASIC's internal staff and stakeholder population by conducting three surveys commissioned by the Panel. An additional staff survey commissioned by ASIC earlier in 2015 prior to the commencement of the Review (Orima survey) was also analysed by the Panel.

Figure 6 provides an overview of the surveys conducted with a description of the purpose and target population.

Figure 6: Overview of surveys conducted

• Meetings with industry and consumer stakeholder groups, international and domestic regulators, academics and other persons identified in the course of consultation as having potentially unique and valuable insights (including former ASIC Commissioners and staff).
• A series of roundtable meetings of stakeholders allowing 'deeper dives' on certain thematic issues of specific interest to the Panel.
• Observations by the Panel of the operation of most of ASIC's external panels and committees and a full Commission meeting.
• A large volume of ASIC's public and external strategy and business management documents including a key document 'Improving ASIC's capabilities without additional funding — people, powers, process and technology.' This document addresses eight themes. Three of the eight themes relate to matters which are dealt with in the Government's response to the Financial Services Inquiry (FSI), released in October 2015 (specifically, funding requirements, ASIC's response to the FSI recommendations, and the registry separation). A fourth theme is currently under consideration by the Treasury (instituting a tiered delegation framework for market licensing). The remaining four themes relate and are considered in this Review:
  1. people management processes;
  2. technology enhancements (including improvements to capture, share and use data);
  3. cooperation with other government agencies; and
  4. industry cooperation and engagement.

Figure 7 provides an overview of the consultation framework and resultant evidence base.

Figure 7: Overview of the consultation framework and evidence base

1.2. Overview of ASIC

ASIC is the Australian corporate, markets, financial services and consumer credit regulator. It has existed as an independent Australian government statutory authority since 1991, when the Australian Securities Commission (ASC), as it was then known, commenced operation.

The ASC replaced the National Companies and Securities Commission (NCSC) in 1991 which amalgamated the previous functions of the respective Corporate Affairs Commissions of the States. In various forms, there has been a corporate regulator in Australia for some 50-60 years.

ASIC's purpose is to contribute to Australia's economic reputation and wellbeing by ensuring that Australia's financial markets are fair and transparent, supported by confident and informed investors and consumers.

The agency is constituted under the Australian Securities and Investments Commission Act 2001 (ASIC Act), and has offices in all states and territories. Figure 8 provides an overview of ASIC's history from 2001 to today.

Figure 8: Overview of ASIC's history

Governance and organisation structure

The Commission that leads ASIC is comprised of a Chairperson, a Deputy Chairperson and between one and six other full-time members. Currently there are five Commissioners. The Commission meets on a weekly basis, although more frequently if required, to make decisions and provide input about matters related to ASIC's regulatory functions and powers, and to ensure that ASIC's statutory objectives are being met.

ASIC's overall organisation structure separates its operations into three broad 'clusters': Markets; Investors and Financial Consumers; and Registry. Within these broad areas of operation, there are multiple stakeholder and enforcement teams. Specific Commissioners are allocated executive responsibility for groups of ASIC's stakeholder and enforcement teams. Given Commissioners are also responsible for overseeing organisation-wide operations, day-to-day management functions are delegated to Senior Executive Leaders (SELs). SELs manage teams and exercise various powers and functions delegated to them by the Commission.

A number of internal and external committees and bodies assist the Commission to carry out its functions. Internal governance forums are tasked with ensuring effective risk management practices as well as supporting development and delivery of ASIC's strategic objectives. There are eight internal governance forums. These are: the ASIC Commission; Audit Committee; Risk Committee; Regulatory Policy Group; Enforcement Policy Group; Enforcement Committee; Emerging Risk Committee; and Technology Governance Board.

External committees and panels assist ASIC in gaining a deeper understanding of developments and systemic risks within the regulated and unregulated industries operating within the financial system. The key external bodies include: the External Advisory Panel; Consumer Advisory Panel; Director Advisory Panel; Market Supervision Advisory Panel; Registry and Licensing Business Advisory Panel; and the Australian Government Financial Literacy Board. ASIC has also recently established a Digital Finance Advisory Committee in August 2015 with members from a cross-section of the FinTech community to help inform how it focuses its efforts in this area. As part of this ASIC has developed an online hub with tailored content for FinTech businesses that are developing innovative financial products or services.

In addition, there is a Market Disciplinary Panel responsible for disciplinary action against participant and market operators for alleged breaches of the market integrity rules. Finally, the Takeovers Panel is the primary forum for resolving disputes about a takeover bid until the bid period has ended. The Panel was established in 1991 and was originally known as the Corporations and Securities Panel. It was established originally under section 171¹¹ of the ASIC Act, but operates separately to ASIC and its members are nominated by the Treasurer.

Figure 9 provides an overview of ASIC's organisation structure.

Figure 9: ASIC organisation structure as at 30 June 2015

Scope and breadth of mandate

ASIC's mandate is extensive, and is not fully replicated by any other conduct regulator globally. It broadly covers three areas:

1. financial markets, financial services and corporate regulation;
2. business and company registration;
3. credit and insolvency practitioners.

ASIC's powers and responsibilities in the first area are broadly consistent with those financial conduct regulators in other jurisdictions, although most peers do not have the extent of ASIC's coverage. Some regulators are moving closer to the ASIC model; for example, the United Kingdom Financial Conduct Authority (FCA) is now taking over responsibility for consumer credit.

ASIC's responsibilities in the second area (registry) are unique compared to conduct regulators overseas and are out of the direct scope for this Review. However, the Panel notes that this Review assesses capabilities and internal processes across the entire organisation, including some that sit within the registry function.

ASIC's mandate is broad, having grown considerably over the last two decades, generally in response to major reform processes and reviews. The Wallis Inquiry recommended having investor and consumer protection within the one agency, especially given the growing inter-linkages between different financial products and services. In addition, other policy reforms have led to the expansion of ASIC's mandate for example, the move of consumer credit from a fragmented, state-based regulatory system to ASIC as a single national regulator.

Figure 10 provides an overview of the breadth of ASIC's mandate.

Figure 10: Breadth of ASIC mandate¹²

Funding profile

In 2014-15, ASIC received $312 million in appropriation revenue from the Government and $5 million of 'own-source income' (that is, from rendering of services, royalties and other income). Its total operating expenses were approximately $313 million (that is, staff and supplier expenses). ASIC employed 1,609 staff on a full-time equivalent (FTE) basis.

ASIC's funding regime is similar to most other government agencies. Each year, the Government publishes funding for the next four financial years in the Budget. ASIC's core operational funding is based on the previous year's budget adjusted for an 'efficiency dividend' or other Government determined changes, most recently savings measures. The Commission is responsible for allocating the budget across the organisation based on ASIC's view of the market's long term challenges and consequential strategic priorities.

In addition to core operational funding, ASIC may apply for New Policy Proposal (NPP) funding for new projects or to finance mandate changes. The preparation and negotiation process for funding changes begins in mid-September of each year and can take up to six months for approval.

Figure 11 below shows ASIC's funding profile over the past 11 years, adjusted for the impact of inflation.

Figure 11: ASIC's funding profile (in real terms)
and FTE headcount

1.3. Changing external environment

There are a number of external environmental factors impacting ASIC's future capability requirements and strategic focus areas. In particular, the Panel identified a number of key themes for the Australian capital markets that will likely require a response by the regulator over the medium term. The Panel acknowledges that a number of these have already been well documented in other reports (for example, FSI) and the academic literature.

Table 2 provides an overview of external factors likely to impact ASIC's future capability requirements. This is not intended to be an exhaustive list, nor a comprehensive analysis of these factors. Rather, it is intended to be indicative of the scope and complexity of emerging issues which ASIC will need to address.

Table 2: Schema of key external factors

Factors	Example	Implications
Continued rise of and reliance on data and technology	The increase in data and predictive analytics enables providers to 'know' a lot more about the market behaviour of individuals than previously. Increased digitisation of data on decentralised networks will change the way market participants transact, communicate, bank, manage assets, etc.	Flexibility of regulations (or framework) required to keep up with new developments and increased costs of supervision/surveillance. New forms of risks to regulate and supervise (for example, financial market disruptions caused by algorithmic errors). Increase in regulatory data/sophisticated data analytics which should increase ASICs surveillance capabilities.
Market structural change	Increasing complexity of financial products being sold, with a sophisticated range of options. Disintermediation has become increasingly important in financial markets, largely as a result of the increasing use of new channels to raise capital from non-traditional sources, rather than from traditional sources.	Flexibility around the levels of conduct and consumer protection required and ability to adapt regulation to new business models. Improvement of systemic risk capabilities required.
Continued globalisation of financial markets	Greater integration of and competition between capital markets.	On-going cross-border regulatory co-ordination and action required. Need to strengthen trust through better enforcement and supervision on a supra-national basis.
Demographics and growing need for retirement solutions	Demographic ageing and societal change driving need for longer term investment based saving. Policy and customer needs around superannuation and asset decumulation during retirement likely to evolve.	Increased focus on targeted investor education and protection. New policy framework development requirements.
Greater expectations on regulators	Greater expectations on regulators post-GFC in areas such as conduct, investor protection, systemic risk and managing non-traditional market participants. A number of issues post-GFC have been high-profile, requiring regulators to manage expectations more carefully.	Improvement of systemic risk capabilities required; also expect a shift to greater conduct focus which requires additional skills from traditional securities and markets regulation. Increased importance of effective communications, especially regarding expectations.

All of these changes (and many others not canvassed by the Panel or not yet apparent) suggest a more complex, dynamic and challenging regulatory environment for our financial services and corporate regulator. ASIC will have a greater need for agility in responding to global adjustments and enhanced cooperation with other conduct and corporate regulators globally. The changes suggest that regulatory decision making will need to be better informed, more evidence and analytically based, more strategic and ultimately more transparent to provide confidence ASIC is applying its limited resources to issues of highest priority in an efficient and effective way.

The Panel's recommendations are designed to ensure that ASIC has the appropriate capabilities to meet its objectives and future regulatory challenges for a forward time frame of the next 3-5 years and beyond.

1.4. Capability Review: A tailored assessment framework

To examine and assess ASIC's capabilities, the Panel adopted a Capability Review framework focusing on the key dimensions of Governance and Leadership, Strategy and Delivery. These dimensions are well established in management literature as the fundamental drivers of organisation performance and capability.

Figure 12 provides an overview of the elements of the capability framework considered as part of this review.

Figure 12: Capability Review framework

The framework used reflects the high level architecture of the contemporary Australian Public Service Commission (PSC) capability framework. However, the framework has been refined to reflect the capability requirements for conduct and security regulators.

In particular, the capability assessment framework was informed by:

• the established literature on what are the characteristics of a model regulator;
• the Australian Government's regulator performance framework;
• the Productivity Commission's organisational performance framework;
• PwC Capability Review methods;
• the Panel's views on key regulatory capability requirements.

For each dimension across the assessment framework, the Panel has provided a description and indication of what constitutes 'best practice'. The assessment criteria for each dimension have informed the Panel's assessment of ASIC.

Table 3 provides a description of each dimension and assessment criteria.

Table 3: A tailored assessment framework

Characteristic	Dimensions	Description	Assessment criteria
Governance and Leadership	External governance	The statutory framework under which the regulator operates, as well as the Government oversight regime imposed upon the regulator to hold it accountable for fulfilment of its mandate, including requirements for external performance reporting.	External oversight focuses on long term strategic direction, and is not overly issue driven. The Government's expectations of performance are clearly understood (including priorities and limitations) and regularly updated. Performance reporting enables external assessment of whether strategic objectives are being met efficiently and effectively.
	Internal governance	The organisation structure of the governance and executive management roles to ensure strategic leadership, effective decision making and accountability.	The internal governance struc ture provides the leadership with the right structures for the right decisions. The structure needs to afford sufficient time to focus on strategic matters, external engagement and communication as well as provide sufficient internal oversight and accountability.
	Leadership talent	The composition and capabilities process of the Commission and its recruitment process.	Leaders have the right skills and capabilities to perform their roles today and into the future. Leaders have a formal performance management process. There is an ongoing assessment of future leadership talent requirements.
	Culture	The expression of values and behaviours throughout the organisation.	The leadership behaviours drive the desired culture and promote successful implementation of the strategy day-to-day. The internal culture is one of professional confidence — proactive, outward oriented, and willing to manage risks effectively to achieve strategic objectives.
Strategy Management	Strategy development	The process by which the regulator prioritises and sets its strategy.	The strategy is developed through a collaborative, analytic and evidence-based, forward-looking approach. The strategy and mechanism of delivery is aligned vertically through the organisation and horizontally across business units. The regulator thinks strategically, identifies key strategic priorities that are linked to its enduring strategic objectives as well as key thematic issues. The regulator is balanced in the way it uses various tools at its disposal to meet its objectives.
	Strategic communication	The methods used to communicate the strategy to internal and external stakeholders, as well as the regulators broader communications strategy.	The regulator has a communication framework that clearly articulates the strategy comprising enduring objectives, strategic priorities, targets and performance of the regulator in a timely, structured and informed manner. The strategy is communicated and understood within the regulator and externally.
	Resource allocation	The process by which the regulator decides how resources are allocated across the organisation.	The regulator has access to, and manages effectively over time, the right skills, knowledge and experience to efficiently and effectively apply the full suite of its competencies to achieve its strategic objectives.
Delivery	Workforce capabilities and management	The workforce capabilities and ongoing workforce planning. Workforce performance management.	The workforce has the required skills, competencies and capabilities for today and the future. There is a regular and comprehensive forward looking workforce planning process in place to identify gaps. The regulator has a transparent performance management system to ensure accountability and linked to the performance of the regulator as a whole and its strategic priorities.
	Organisation structure	The impact of the organisation structure on the regulators effectiveness and efficiency.	The regulatory structure promotes delivery of effective outcomes. The regulator has an organisation structure that promotes efficient use of resources, distribution of information, delivers reliable decision making, has clear accountabilities and effective delegations, promotes the efficient discharge of its strategy and business plans, and provides sufficient flexibility to respond to changes in its external environment.
	Regulatory tool kit	The tools that support the market-facing teams in day-to-day operations, including opportunities for cooperation with industry. Coordination with other regulators.	The regulator applies and adapts its regulatory tools and business processes to maximise the impact and reduce the regulatory burden of its activities in achieving its stated objectives and outcome targets. The regulator leverages collaborative relationships to improve regulatory outcomes.
	Stakeholder engagement and management	The way in which the regulator engages with stakeholders, including the regulated population and the broader community, in the use of its regulatory tools.	The regulator engages with regulated entities through a variety of touch points (both formal and informal). The regulator engages stakeholders during the consultation process in a productive two-way exchange of information and views. External expertise is fully leveraged through advisory panels. The regulator ensures market participants are informed of regulatory initiatives/developments (where required) and understand its strategy.
	Data infrastructure	The way in which the regulator captures, shares and uses data.	The regulator's IT infrastructure ensures that data is captured and stored efficiently. Data is easily accessible and usable, both internally and externally, to inform action and decision making as well as inform accountability and improve efficiency. The regulator takes a forward looking approach to developing data analytics capabilities to better understand and regulate markets and services.

---

¹⁰ Australian Government Department of Finance 2015, ASIC Registry — FAQs, viewed 3 December 2015, <http://www.finance.gov.au/procurement/scoping-studies/asic-faqs/>.

¹¹ Section 171 has since been repealed but the Panel continues to exist by virtue of section 261 of the ASIC Act.

¹² Commonwealth of Australia 2014, Financial System Inquiry; Interim Report, Canberra, page 3-123. This is an updated version of the figure found in the FSI Interim Report.