Appendix E: ASIC's Response to the Panel's Report to Government

Date

29 March 2016

ï»¿

4 December 2015

Karen Chester
Mark Gray
David Galbally AM QC

By email

Dear Karen, Mark and David

We are pleased to attach ASIC's response to the capability review report to Government.

ASIC welcomes the final report of the capability review Expert Panel. ASIC is always looking to improve as a regulator and to develop our capabilities. The need for this is heightened by the pace of change in technology, the availability and use of data, and the growing complexity and globalisation of financial markets.

The capabilities we need to continue to develop to meet future challenges include:

our ability to identify and assess significant developments and emerging risks in financial markets;
our ability to respond strategically to market risks and problems, in a timely and effective manner; and
our ability to facilitate legitimate business, especially in an environment of rapidly changing technology.

These capabilities require a sound strategic approach, a high quality workforce and a flexible and effective regulatory toolkit. These go to the heart of how ASIC can position itself as an effective regulator for the future.

We have considered the Panel's report and recommendations in the light of our objectives to further develop these capabilities. We share the Panel's views on many of the key issues confronting regulatory agencies. We support most of the recommendations, many of which are consistent with ASIC's own thinking about improving our capability. Our response sets out the areas where our thinking is aligned with the report and areas where our views diverge.

We look forward to working with Government as it considers the report and the way forward in strengthening ASIC's capabilities to face our future challenges.

Yours sincerely

SIGNED

GREG MEDCRAFT

1. Introduction

ASIC welcomes the final report of the capability review Expert Panel. This review has provided us with the opportunity to consider the capabilities we need for the future.

This review arose out of the recommendation of the Financial System Inquiry (FSI) that all financial regulators undergo periodic reviews to ensure they remain fit for purpose and have the capabilities to address future regulatory challenges. We welcomed this recommendation.

The review has been broad ranging, and makes many significant recommendations across the full range of ASIC's structure and activities. This response has necessarily been prepared in a constrained timeframe. Given the strategic significance of some of the proposals ASIC will need to consider a number of them in greater depth, including their resourcing implications.

ASIC actively engaged with the review Panel and its secretariat throughout the review period. We acknowledge the considerable work that has gone into producing the report. We would particularly like to thank the Chair of the review, Ms Karen Chester and panel members, Mr David Galbally AM QC and Mr Mark Gray, as well as the Treasury and PwC staff who supported them.

2. ASIC's capabilities and future regulatory challenges

ASIC is always looking to improve as a regulator and to develop our capabilities. The need for this is heightened by the pace of change in technology, the availability and use of data, and the growing complexity and globalisation of financial markets.

The PwC evidence report to the review finds that a consistent theme is 'the extent of change within ASIC in recent years, reflecting changes in market environment and emerging risks, funding reductions, and strategic initiatives driven by the Commission'.

The capabilities we need to continue to develop to meet our future challenges include our abilities:

to identify and assess significant developments and emerging risks in financial markets;
to respond strategically to market risks and problems, in a timely and effective manner; and
to facilitate legitimate business, especially in an environment of rapidly changing technology.

These capabilities require a sound strategic approach, a high quality workforce and a flexible and effective regulatory toolkit. They go to the heart of how ASIC can be a more effective regulator.

We have considered the Panel's report and recommendations in the light of our objective to further develop these capabilities. That is, we have considered whether the recommendations and observations contribute in a significant way to helping ASIC become a more effective financial regulator.

We achieve many important outcomes for consumers and investors, including well over $550 million in compensation since 2011, significant criminal outcomes in areas from insider trading to loan fraud, and over 500,000 unique visits per month to our MoneySmart website. The critical question is, how can we improve our capabilities to deliver more of these results into the future?

We have also considered how the report impacts on fundamental principles such as regulator independence, the importance of which was highlighted in the final report of the FSI.

3. The Panel's findings and recommendations that we support

We share the Panel's views on many of the key issues confronting regulatory agencies and we support most of its recommendations. Many recommendations are consistent with ASIC's own thinking about improving capability. The recommendations represent important areas of focus to improve ASIC's capacity over time.

This includes:

refining our approach on the very difficult issue of performance measurement and reporting;
continuing our work to improve and strengthen our internal culture, and our existing focus on workforce planning and staff capability development; and
implementing the OneASIC project that is central to improving our regulatory processes and efficiency, our use of data and our ability to measure and report on our activities.

The review process highlighted a number of areas of strength for ASIC. For example, the report finds our work in market supervision and consumer education is in line with, or at the forefront of, global best practice. We welcome the finding that most elements of ASIC's regulatory practice toolkit—including our surveillance, education, and policy guidance—are similar in approach to practices of our peer regulators and broadly appropriate for current and future needs. The findings about ASIC's strengths are testament to the hard work and dedication of ASIC's committed and professional staff. The review highlighted the strength in our workforce and leadership.

The report makes important recommendations for drawing on a wider group of stakeholders in ASIC's corporate planning process, to identify strategic and emerging risks and develop plans to address them—both through our various external advisory panels, and through direct consultation. We recognise the importance of communication in helping stakeholders understand our priorities and what we can and cannot do. This is an important part of our overall transparency and accountability.

We welcome the Panel's finding that ASIC has done much to improve its capabilities over the last four to five years, has recognised many of the gaps and issues identified by the Panel, and has launched a number of relevant initiatives, especially in the IT and data infrastructure areas. These are also outlined in more detail in PwC's evidence report.

Our comments on each of the recommendations are summarised in the attachment to this response.

3.1 ASIC's proposals to the Capability Review

The review has provided an occasion to outline our significant capability-building initiatives, as well as the issues we feel need to be addressed
to best position ASIC to achieve our strategic objectives going forward. A number of the recommendations go to actions ASIC already has underway. A number are also consistent with ASIC's own eight-point plan to improve our capabilities within our current funding, based around enhancing our people, powers, processes and technologies. We were pleased to have the opportunity to raise the proposals in the plan with the Panel.

The eight areas in ASIC's plan are:

Budget: Improving ASIC's flexibility and agility in shifting our allocation of resources, and engaging in long term planning. The Panel has supported ASIC having greater long-term certainty over funding.
People: Overcoming current limitations imposed by the requirement to employ staff under the Public Service Act. The Panel has recommended ASIC be removed from coverage by the Public Service Act (Recommendation 24).
Process and technology: Undertaking regulatory transformation projects across ASIC which aim to transform and streamline the way that we capture, share and use information.
FSI: Implementing key recommendations including an industry funding model, product design and distribution obligations and product intervention powers, and a review of ASIC's enforcement toolkit.
Market licensing: Implementing a more flexible, tiered market licensing arrangement.
Cooperation with other government agencies: Leveraging from each other's resources and capabilities, including through intelligence gathering and sharing. This aligns with the Panel's findings that financial regulators could find more such opportunities to improve their cooperation, particularly around information sharing.
Co-operation with industry: Including considering the establishment of a Financial Services Disciplinary Panel, as an industry peer review body to provide a more effective mechanism for addressing misconduct in the financial services industry. This accords with the Panel's recommendation that ASIC proactively develop opportunities to enhance the use of co-regulation for selected groups of the regulated population where this will develop superior regulatory outcomes, including in the financial services area (Recommendation 28).
Registry separation: Allowing ASIC to focus on its core regulatory business.

3.2 Leadership

ASIC strongly agrees with the Panel that leadership is fundamental to organisational effectiveness. It is an area of significant focus for ASIC, and we agree that this needs continual focus going forward.

In relation to ASIC's leadership, both internal and external feedback is strong. The PwC report noted that 'external stakeholders view the current capability of leadership positively'.

ASIC's Orima staff survey also shows that, over the last five years there has been a large and sustained improvement in the results for Commission leadership: see Table 16.

Table 16: ASIC's Orima staff survey results: Commission leadership
Orima staff survey—time series results—ASIC Commission	Improvement in result from 2010–15	2015 result (% strongly agree or agree)
Commission focus on results and outcomes	+17	78
Commission leadership of the highest quality	+30	75
Commission have clear priorities, vision and direction for the future	+28	72
ASIC is well managed	+30	69
Overall, how satisfied are you with Commission?	+25	67
Communication between the Commission and employees is effective	+22	58
The Commission listen and consider the views and opinions of employees	+26	55

A key finding in the PwC report about ASIC's Commission was:

The current Commission is a mix of internal and external appointments creating a balance between continuity and fresh ideas. The staff interviews presented a positive view of the current Commission describing it as the most stable Commission in recent tenures. The improved level of diversity of thought in recent years was also a theme from staff interviews and roundtable discussions.

In the 2015 State of the Service Census, ASIC rated higher when compared to other Australian Public Service (APS) and APS regulatory agencies on every question related to senior leadership: see Table 17.

Table 17: 2015 State of the Service Census: Comparison of ASIC results with APS results — senior leadership
	Percentage point outperformance compared to APS overall results	Percentage point outperformance compared to regulatory agencies	ASIC (% strongly agree or agree)
Q E21a: In my agency, the senior leadership is of a high quality	+18	+9	70¹⁹²
Q E21b: In my agency, the most senior leaders are sufficiently visible (for example, can be seen in action)	+17	+4	66¹⁹³

3.3 Workforce planning

We agree with Recommendation 24 to continue our Workforce planning practices. We will have implemented all the outcomes from the 2014–15 project in the first half of 2016. We believe we are well placed amongst our domestic and international peers in this work. The project is being led by regulatory Senior Executives with our People and Development team. The 2015 State of the Service census also showed us to be one of the top two large agencies in the area of building capability and developing people.

4. Findings that ASIC does not support

ASIC very much accepts that there are areas where we can and should address deficiencies in our operations and activities. Reviews such as the present one, play a valuable role in helping to identify areas for improvement, as many of report's recommendations demonstrate.

However, if we are to most effectively work on our capabilities for the future, including prioritising key tasks, it is essential that existing problems be accurately characterised, and that there is an accurate identification of their scale. The risk is that findings that are inaccurate or based on misperception could result in recommendations that do not improve our capabilities or result in misallocation of resources to address issues or meet benchmarks for ASIC's performance that are unrealistic or inappropriate.

The report outlines the capability assessment framework used by the review, and the sources of data and evidence reviewed. While we agree that the framework is broadly appropriate for a review of this kind, we have some concerns over the methodology through which some of the findings in the report were derived. For example, in a forward-looking review, some examples that have been selected to illustrate particular gaps in ASIC's capabilities are many years old, and do not reflect ASIC's current practices and Commission, such as criticisms around the decision by the
previous Commission to impose a temporary ban on short selling in 2008. Additionally, the selection and presentation of data in some cases, including presenting some survey responses as a single data point (for example, simply citing a percentage of respondents that agreed or disagreed with a proposition, without setting out the, in some instances very high, numbers who were neutral or provided a 'don't know' response).

Five findings where we have particular concerns are:

findings around expectations gaps;
findings around Commissioners' split between strategic and operational focus;
findings about ASIC's culture;
findings about ASIC's efforts on deregulation; and
futureproofing.

4.1 Expectations gaps

The report places much reliance on the idea that the 'expectations gap' for ASIC is much bigger than would be expected. This is an important issue, and ASIC recognises the need to understand the key dimensions of this gap. However, the report finds the gap is larger than expected in the absence of an objective benchmark for how great the expectations gap for a regulator should properly be. We are unaware of any such benchmark for regulators.

It is important to understand the context for discussions of an 'expectations gap'. There will inevitably be such a gap and a level of discontent in the regulated population for any market regulator. This is particularly relevant given the prominence of 'regulatory capture' as one of the key explanations for regulatory failure in the GFC. Ultimately it is not a regulator's role to be popular. Not surprisingly, comparing a survey of stakeholder views—including those against whom the regulator has taken enforcement and other action—with those of an internal survey of staff or leaders is likely to reveal gaps in views.

The report's manner of presenting the gap also tends to exaggerate its scale. Including the proportion of neutral or 'don't' know' responses, which from stakeholders are generally high and in some cases exceed 50 per cent of total responses, would reveal that the position is far less clear cut than presented.

As acknowledged in the report, some part of the gap is constituted by the gap in stakeholders understanding of ASIC's role and powers rather than different perceptions of how well ASIC is fulfilling that role and exercising those powers.

This is particularly evident on some measures. For example, on the measure, 'ASIC's performance in helping the public become more financially literate is good/excellent' the gap as presented in the report¹⁹⁴ is high at 58 per cent and the stakeholder score is low at 29 per cent. However, this is an area in which the report elsewhere concludes ASIC is at the forefront of global best practice. Further, 72 per cent of external financial literacy specialists rate ASIC as good or excellent.

Thus, the expectations gap will not in all cases be a reliable means of targeting resources at where capabilities most need improvement.

4.2 Commissioners' strategic versus operational activities

Leadership in any complex organisation such as ASIC will inevitably involve both strategic and operational considerations—in many cases matters will involve both these considerations.

Adequate focus on strategic issues is rightly highlighted by the Panel. However, we do not accept the report's presentation of the Commissioners' allocation of time across these activities.

Firstly, we disagree that a binary distinction can be made—in absolute terms—between strategic and operational matters. Most matters at Commission level involve both strategic and operational elements. Secondly, the report places a great deal of emphasis on PwC's analysis of Commissioner responses to a survey question on the use of their time, particularly on how much time is spent on strategic matters. Although PwC's analysis of the results of that question evolved over time, resulting in the addition of a margin for error of 19 per cent, we consider the methodology used remains flawed. The methodological problems are exacerbated by the use of the result to compare ASIC with other regulators in terms of time spent on strategy, when no equivalent analysis has been done.

In fact, a detailed and methodical review of Commissioners' diaries indicates that just over 70 per cent of Commissioners' time is spent on strategic matters.

4.3 ASIC's culture

We agree with the report that culture is critical to the performance of any organisation, including regulatory agencies, and we support the view that building a robust culture is a key task for all parts of the organisation. Our values—Accountability, Professionalism and Teamwork—are well understood across the organisation.

Culture is an important aspect of capability but it is complex. Care and accuracy is needed in identifying and understanding cultural issues so that work on improving culture can be effective and sustainable. The report acknowledges and describes the culture program we have undertaken.

We accept that we should look to improve our culture. However we do not agree with the report's characterisation of ASIC's culture and do not consider it provides a useful basis for improving capability. The report makes negative findings about our culture—that it is defensive, inward looking, risk averse, and reactive—without presenting meaningful evidence to justify this.

A difficulty in responding to a finding that we are defensive or reactive is that this may reflect poorly on ASIC whether we respond to it or not. If we challenge such a finding, this can invite criticism that such a response only confirms the finding. If we stay silent, we effectively agree with it. However, we are willing to acknowledge and learn from criticism.

As the report itself states, the ASIC Capability Review is not the first process to examine how ASIC operates as a regulator, and we have learned constructively from all of them. We have instituted significant changes to practices and policies in many areas of ASIC's work as a result of such reviews—to provide just a few examples: implementing a substantially upgraded policy around the management of whistleblowers, making major changes to how we approach and report on enforceable undertakings, and revamping ASIC's approach to complaints about our decisions or actions.

In 2011 we undertook a culture diagnostic, which identifies the underlying values and beliefs in the organisation.¹⁹⁵ The diagnostic showed a culture with a strong achievement and teamwork orientation, but also one that, at times, is cautious and bureaucratic in approach. Based on the results of this exercise, we implemented a number of initiatives and changes to build on our strengths and manage the areas needing improvement. A second diagnostic was conducted in 2014, which showed improvement in the areas we targeted.

The PwC Evidentiary Report made findings about the strength of ASIC values (Accountability, Professionalism and Teamwork) and 'how they are modelled by leadership as having a unifying effect on our culture'.¹⁹⁶

In relation to 'professional confidence' and 'team safety' referred to in the Panel's report, our emphasis on psychological wellbeing is demonstrated by the psychological wellbeing program delivered to 300 ASIC people leaders in 2013–14. At the most fundamental level, this, together with our early intervention strategy has resulted in ASIC having the lowest workers compensation claim incident rate of all agencies insured by Comcare.¹⁹⁷ This is particularly important given the difficult and challenging work undertaken by regulators. A range of other 'organisational health' indicators such as turnover, absenteeism, performance and e
xit interview trends are monitored. These indicators are all stable and benchmark well against other agencies.

In terms of feeling confident to 'speak up' we pay particular attention to questions in the State of Service Census relating to, 'feeling encouraged to speak up', 'admitting mistakes' and 'identifying problems' and 'access to effective learning and development'. Table 18 shows how our results compare to the APS overall and to other regulatory agencies.

Table 18: 2015 State of the Service Census: ASIC results versus APS—culture-related questions
	APS Overall	Regulatory Agencies	ASIC (% strongly agree or agree)
	Percentage point outperformance
P68c: Do senior leaders (that is, the SES) in your agency act in accordance with the APS Values?	+10	+2	79
P67d: When senior leaders in my agency identify a problem they take responsibility for it	+14	+7	62
P67e: People in my agency are encouraged to speak up when they identify a serious policy or delivery risk	+8	+6	71
P67f: In my agency, people are expected to admit mistakes and learn from them	+2	+3	60
F22k: My workplace provides access to effective learning and development (for example, formal training, learning on the job, e-learning, secondments)	+14	+12	75

4.4 Deregulation

We agree with the Panel that an ability to identify and deliver on deregulation is an important capability of any regulator that seeks to facilitate the activities of compliant businesses.

However, the report's finding that ASIC has failed to articulate its approach to delivering on its deregulation objective is not supported by the facts. In fact, ASIC has articulated this in detail in Report 391 ASIC's deregulatory initiatives (REP 391), and through a number of other communications, including speeches made by our Commissioners. Since 2013, our deregulatory work has resulted in $470 million in annual compliance cost savings, or more than 10 per cent of all savings across the Government. This remains a major area of focus for ASIC.

4.5 Future proofing

We accept that looking to the future is a key consideration when implementing IT changes. However, we do not agree with the report's findings that we are not 'future-proofing' our technology.

We have chosen a well-recognised IT platform supported by external consultants, technology research and industry consultants like Gartner. While no one technology can ever be guaranteed, we looked closely at the best platform for our regulatory business requirements and conducted proofs-of-concepts before deciding on a Microsoft platform.

We are continuing to move our regulatory business onto a (predominantly) Microsoft platform (which other agencies of similar size are using), so that it is easier and cheaper to make products work together, to support them and to move to cloud offerings (when appropriate protected cloud offerings are available).

5. Recommendations ASIC does not support

ASIC supports the vast majority of the Panel's recommendations. However there are a small number where we do not think they will assist us to be more effective as a regulator.

5.1 ASIC's approach to enforcement

The report recommends that we rebalance our public and internal communications about our role as an enforcement agency and states that enforcement is often a reactive tool. The Panel relies on evidence gathered through its external stakeholder engagement process, that stakeholders interviewed from the regulated population, the peak industry and professional bodies, and academics believe ASIC focuses too heavily on enforcement (see the PwC evidence report for further details).

In our view, we have the right balance between enforcement and non-enforcement tools, and, moreover, many of our regulatory strategies involve a mix of those tools. In the case of enforcement it is important for community trust and confidence that we communicate our important enforcement role and our enforcement outcomes ('justice must be seen to be done'). We often use multiple, non-enforcement tools where it is likely to achieve an effective result to address a market problem we have detected. However, it is also the expectation of the Government and the community alike that ASIC will, when it is appropriate to do so, enforce the law.

Credible deterrence is underpinned by strong public messaging about enforcement. According to IOSCO's recent report,¹⁹⁸ 'public messaging can deter misconduct when would-be wrongdoers know that regulators will publicise enforcement outcomes and sanctions imposed against individuals and entities'. Our law enforcement capability is strongly influenced by our ability to effectively communicate a robust approach in this area.

We agree with IOSCO's findings. We think that these findings accord with the expectations of the public, the Government and the Parliament. Notably, the report's survey evidence, in contrast to the stakeholder engagement process, found that 28 per cent of the regulated population thinks ASIC places too little emphasis on enforcement with 39 per cent thinking the current balance is right, while 37 per cent of related stakeholders think ASIC places too little emphasis on enforcement with 45 per cent thinking the current balance is right.¹⁹⁹

For these reasons, we will not be rebalancing our emphasis on enforcement in our public communications.

5.2 Internal Governance

The Panel's report suggests that ASIC has an internal governance architecture that is sound and well designed, but for a variety of reasons has been used in a way that does not produce the best possible results.

ASIC's current internal governance model with Commissioners having both governance and operational responsibilities is not highly dissimilar to many other comparable regulators. For example, other comparable Australian regulators have Commissioners or other leaders who have clearly-specified specialist roles relating to particular aspects of the regulator's mandate and are involved in day-to-day operational matters, in addition to their overall governance responsibilities.

There are strengths and weaknesses in any structure. While the Panel's recommendations around ASIC's internal governance structures are aimed at ensuring good internal checks and balances:

we are concerned that some of the problems the report identifies as requiring this change in internal structure are misconstrued; and
to the extent that there are issues in ASIC's current structure that could be addressed through change, the new model recommended by the report will not ultimately serve to improve our capability.

We have commented above on the report's findings about Commissioners' use of time, and the split in their focus between strategic and operational matters. We also have some concerns about the model proposed to address the problems that have been identified, and that this could undermine ASIC's capability, rather than enhance it:

On the creation of the Head of Office role, it is unclear how such a role would work effectively and improve capabi
lities and accountability in an organisation of ASIC's size and complex mandate. It risks establishing a single point of failure, including through a very broad responsibility and heavy workload, as well as adding an additional layer of management. Despite being presented as a relatively simple internal change in the report, we note that it may also involve a second additional layer of management, in a series of 'group leader' positions. The changes involved have not been costed.
While the report still contemplates that Commission would be involved in 'making strategic and material regulatory decisions from a whole of entity perspective', this neither recognises that the number of such decisions for a regulator like ASIC is very large, nor the fact that such decisions cannot be made by engaging with issues at a superficial level or on an irregular basis—they require a depth of operational understanding to complement a strategic perspective.
Commissioners who are engaged in this way can see the strategic perspective within operational issues—like our response to financial advice and planning scandals, which the report dismisses as a 'topical issue', when, as recognised by the FSI, it is a major structural issue of central importance to consumers and their retirement savings.
Overall, the report does not clearly identify how the new model is likely to improve ASIC's internal accountability.

We think that there is value—both for industry engagement and for staff accountability—in having Commissioners who take a strategic view, but also understand the operations of the organisation. A key aspect in our current structure is that the Commission needs to work as a team, relying on each member, as equal partners sharing responsibility for collective outcomes.

Our structure came out of a detailed examination of the issues by McKinsey during the 2008 ASIC Strategic Review. It is designed to achieve benefits of having stakeholder teams that are outwardly focused, that stay close to the markets they regulate, and have clear objectives. It is designed so that the Commissioners who oversee those areas have a deep understanding of the issues involved. Consistent with ASIC's broad, diverse mandate, this means a less centralised approach than is implicit in some of the report's recommendations; however, we generally consider it has worked well. Underlying some of the report's recommendations is a fundamental philosophical difference of opinion about the degree of centralised control that is appropriate in a regulator with a broad mandate like ASIC.

To be effective, the Commission role will always need to involve some element of involvement in operations; however, it is important to get the right balance between strategic and operational focus in leadership.

6. Other recommendations: Accountability and independence

ASIC is an independent government entity. International principles of securities regulation emphasise the need for regulators like ASIC to be both accountable and operationally independent in the exercise of their functions and powers.²⁰⁰

The Panel has made a number of recommendations aimed at ensuring ASIC is held to high standards of accountability and we support this aim. While some recommendations are primarily for the Government to consider, ASIC supports measures designed to ensure effective government oversight of our operations. For example, ASIC already has a productive relationship with Government and would always be willing to increase that level of engagement.

The challenges in balancing independence and accountability were recognised in the FSI Final Report:

Strong, independent and accountable financial regulators are crucial to the efficient, stable and fair operation of the financial system. Independence is important to ensure supervisory effectiveness, maintain Australia's reputation as a safe and attractive investment environment, and meet relevant international standards.

To this end, independence should be maximised to the greatest extent possible, together with clear and robust accountability mechanisms that provide appropriate checks and balances.²⁰¹

There are implications for independence implicit in some Panel recommendations around our organisational structure and ministerial assessment of the Commission's performance. There is a need to keep independence in mind in any implementation of those recommendations.

The report has made some findings about the nature of the Parliamentary oversight process. Parliamentary oversight is a fundamental aspect of a Westminster system, and the Parliamentary process ASIC participates in reflects community expectations about how regulators should be held to account. The report characterises some matters that Parliamentary Committees have focused on, such as financial planning scandals, as 'topical'. ASIC considers the problems in financial planning as a clear example of how intertwined operational and strategic matters can be, and as entirely appropriate for close Commission involvement and for close Parliamentary scrutiny.

7. Additional areas for capability improvement not addressed in the review

As well as the recommendations in the report, ASIC has identified areas where we believe our capabilities can be improved that have not been covered in detail in the review. Some of these are in our Eight Point Plan set out in Section 3.1.

Two areas in particular are key to ASIC's capacity to effectively regulate in a complex and changing environment.

Firstly, ASIC's regulatory and enforcement toolkit needs to be broader and more flexible so that ASIC can meet the challenge of increasing complexity and change in financial markets. This issue was acknowledged in the FSI's final report. The report's focus does not cover the recognised limitations in ASIC's toolkit that reduce our flexibility to address emerging issues and improve market outcomes. For example, there are substantial deficiencies in breach reporting obligations that substantially undermine the objective of requiring market participants to report misconduct within their own firms. There are also significant inconsistencies in ASIC's penalty regime. There is little discussion of how product intervention powers, supported by new product design and distribution obligations for product issuers and distributors, could enhance outcomes.
A second area is the issue of the information that ASIC formally requires from market and industry participants. While this is more comprehensive in some parts of ASIC's jurisdiction, in the financial services area in particular it is limited in compared to many peer regulators. This inhibits ASIC's ability to track market developments and utilise data to help understand emerging risks and set priorities.

We highlight these issues as we believe they have the potential to improve ASIC's ability to ensure better market outcomes for consumers and investors as well as market participants.

8. Implementation

The report includes an implementation plan with actions and timing against each recommendation. This represents a more detailed approach than capability reviews of other Australian agencies. We welcome the effort that the Panel has put into considering the issues around implementation.

We have not had sufficient time to properly consider the implementation implications of all the recommendations at this point. Given other important priorities on ASIC's agenda, including major government policy initiatives, we will need to carefully consider how we can best prioritise the various proposals.

As we have set out in this response, we are already implementing or working on several of the actions proposed in the review. In other cases, we will need to consider the issue further, in order to fully understa
nd the problem identified, consult with stakeholders and develop the best solution based on that understanding. In others, while we support the recommendation (as set out in the attachment to this response), we do not necessarily consider that the stated implementation approach is the best way to achieve the recommended outcome. For example, the use of external consultants may not be necessary in each case where it has been suggested.

9. Conclusion

We reiterate our welcome of the review as an opportunity to improve as a regulator and consider the capabilities that we will need into the future.

We have accepted and endorsed the great majority of the Panel's recommendations, and appreciate the findings and observations that accompany them.

There remain a small number issues for further consideration or where ASIC has not supported the Panel's ultimate recommendation. These relate primarily to the Panel's recommendations on ASIC's internal governance arrangements and our approach to communicating our enforcement work. We have also noted the need to maintain the right balance between independence and accountability in any new external governance arrangements.

We thank the Panel and its secretariat again for all of the work that has gone into the ASIC capability review and its final report.

Attachment: Panel recommendations—ASIC response

Subject	Panel recommendation	ASIC response
External governance	Recommendation 1: The Minister and ASIC to implement a more effective strategic long term oversight function, underpinned by a mutual commitment to a more proactive regular ongoing dialogue. As steps to achieving this: The Minister to provide an Annual Ministerial Statement in Parliament, in conjunction with tabling of ASIC's Annual Report on the degree to which ASIC meets the expectations of the SoE and is performing in the achievement of its mandate. The Government and ASIC to enhance the SoE and SoI to clearly and regularly communicate expectations (to be reviewed annually), and to ensure mutual understanding and support ASIC in managing stakeholder expectations.	While in part a matter for government, ASIC supports this recommendation. ASIC notes that this may have implications for the oversight of similar government agencies and would best be integrated with existing performance measurement and reporting frameworks.
External governance	Recommendation 2: ASIC to continue to refine the performance reporting framework, including consolidating performance reporting (to ensure consistency between reporting frameworks), aligning internal performance metrics, improving the use of performance narrative, and identifying the opportunities for more sophisticated analytics.	ASIC supports this recommendation, as it reflects work that we are currently undertaking. We welcome consolidation of the requirements for regulator performance reporting. However, any changes may have implications for similar government agencies.
Internal Governance	Recommendation 3: ASIC to realign internal governance arrangements by elevating the current Commission role to that of a full time non-executive function (not an external board), with a commensurate strategic and accountability focus, free from executive management responsibilities.	ASIC does not support these recommendations The recommendations would not, in our view, enhance ASIC's capabilities or strengthen accountability, as: they would add an additional layer of management; they would lengthen the accountability chain; and Commission would ultimately need to remain responsible for operational and strategic risks. These recommendations represent a significant change to our organisational structure and consequently, our operation. Our current structure reflects the requirements under the ASIC Act and the detailed analysis done in 2008 McKinsey Review of ASIC.
	Recommendation 4: ASIC to establish a new Head of Office (HoO), with ultimate responsibility and accountability to the Commission for all executive management functions.
	Recommendation 5: SELs to be delegated executive functions, reporting to the HoO.
	Recommendation 6: ASIC to review this structure in ~3 years to review the size of the Commission and whether the roles of the Commissioners need to continue to be full time.
Leadership talent	Recommendation 7: The Government to apply a contemporary best practice merit based recruitment process to ensure transparent and fair appointments of the Chair, Deputy Chair and other Commissioners.	This is a matter for Government. ASIC supports this recommendation and notes that all current Commissioners have been appointed on merit.
	Recommendation 8: ASIC to implement a periodic forward looking skills gap assessment of the Commission to identify and inform future recruitment needs.	ASIC supports this recommendation, as it reflects ASIC's current practice.
	Recommendation 9: ASIC to implement a Commission effectiveness review to assess performance on an ongoing basis.	ASIC supports this recommendation.
	Recommendation 10: ASIC to develop a formal individual performance review process for the Commissioners, led by the Chair.	ASIC supports this recommendation. We welcome processes that facilitate the professional development of Commissioners and the Chair. We also regard it as important that any review process enable the Commissioners to provide performance feedback to the Chair.
	Recommendation 11: The Minister to assess the effectiveness and performance of the Commission, to be discussed with the Chair on an annual basis.	This is a matter for Government. We support processes which facilitate the professional development of the Commission, while preserving our independence.
Culture	Recommendation 12: ASIC to initiate a review of ASIC's organisational culture and as part of that review assess the merit of implementing Google's Project Oxygen team based assessment program to inform development of Commission strategy for high performance team culture.	ASIC supports this recommendation, as it reflects work that we have already undertaken. We will continue to monitor our culture using the most appropriate tools.
Strategy development	Recommendation 13: ASIC to substantially improve the intended approach for the delivery of the Corporate Plan in both the public document itself and the underlying Business Unit Plans. This should include greater specification of intended actions as well as timing, resourcing and organisational implications.	ASIC supports this recommendation in principle and will give further consideration to how greater specificity around intended actions can be most effectively conveyed. Information on the timing, resourcing and organisational implications of ASIC actions is currently contained in team business plans and individual project plans, which are not publicly available While inclusion of all the relevant inf ormation in the Corporate Plan would compromise its readability, we will consider a multi-layered approach, through links from the Corporate Plan to relevant parts of those underlying plans.
	Recommendation 14: ASIC to improve the selection of performance indicators to ensure that the measures associated with the Key Activities for each Focus Area are: reflective of the activities and their desired outcomes; and aligned to the internal performance indicators captured in the relevant Business Unit Plans, and to ASIC's enterprise-wide performance indicators.	ASIC supports this recommendation, as it reflects work that we are currently undertaking.
	Recommendation 15: ASIC to review and introduce a more outcomes focused and dynamic use of advisory panels to ensure these forums input more directly into strategic management, and introduce a broader public consultation elements into the strategy setting process.	ASIC supports the recommendation for broader consultation on elements of the strategy-setting process. It reflects work that ASIC is already undertaking. We think that our advisory panels are working well and will carefully consider measures to further improve their effectiveness.
Strategic communication	Recommendation 16: ASIC to further clarify and emphasise its expectations and risk tolerances (what the regulator will and will not be doing) and actively advertise and promote the strategy broadly (see Chapter 2 for further recommendations related to the SoI).	ASIC supports this recommendation. ASIC will continue to help stakeholders understand ASIC's role and current focus. However, experience worldwide suggests that some expectation gap will remain.
	Recommendation 17: ASIC to ensure the strategic framework used in developing the Corporate Plan is used consistently throughout the communications.	ASIC supports this recommendation.
	Recommendation 18: ASIC to develop a comprehensive communications strategy that places greater emphasis on communication of the organisation's strategic priorities.	ASIC supports this recommendation.
	Recommendation 19: ASIC to rebalance its public and internal communications about its role as an enforcement agency.	ASIC does not support this recommendation. There is a clear government and public expectation that ASIC will enforce the law, and clearly and transparently communicate how it is doing this.
Resource allocation	Recommendation 20: ASIC to ensure the top-down allocation of resources are deployed across the organisation based on strategic priorities.	ASIC supports this recommendation, as it reflects ASIC's current practice.
Workforce capabilities and management	Recommendation 21: ASIC to increase the scale and diversity of the secondment and exchange program.	ASIC supports this recommendation. In implementing this recommendation, there will be a need to carefully manage actual and perceived conflicts of interest.
	Recommendation 22: ASIC to improve workforce planning to include a more forward looking, strategy informed, top-down view (progressing and internalizing work to date)	ASIC supports this recommendation, as it reflects work that ASIC is undertaking through our workplace capability project.
	Recommendation 23: ASIC to refresh its career value proposition to help attract and retain staff and support future secondment, by clearly articulating and tailoring messaging, and identifying strategies to deliver on this message (that is, to 'make it real')	ASIC supports this recommendation. A refresh of our current Employment Value Proposition is part of the Workforce Capability Project plan.
	Recommendation 24: Government to remove ASIC from the PSA as a matter of priority, to support more effective recruitment and retention strategies.	This is a matter for government. ASIC supports this recommendation.
Organisation structure	Recommendation 25: ASIC to launch a pilot project to assess the suitability of dedicated project based teams to improve flexibility across units and reduce the impact of silos.	ASIC supports this recommendation, as it reflects ASIC's current practice. ASIC regularly uses project based teams to meet particular risks or achieve particular initiatives.
Organisation structure	Recommendation 26: ASIC to implement a regular review of internal business processes and systems, supported by improvements in MIS to drive operational efficiency and reduce the cost burden on regulated entities.	ASIC supports this recommendation. This recommendation has resourcing implications. ASIC notes that current projects (eg One ASIC) will also improve efficiency and business processes.
Regulatory toolkit	Recommendation 27: ASIC to enhance enforcement effectiveness through developing a more targeted risk based approach to litigation for cases that are strategically important, and prosecutes through more focussed pleadings and strategic appointment of senior counsel.	ASIC supports this recommendation, as it reflects ASIC's current practice. ASIC's Enforcement teams have a strong commitment to continual improvement through its 'lessons learned' reviews. We have a strong record in bringing successful enforcement actions.
Regulatory toolkit	Recommendation 28: ASIC to proactively develop opportunities to enhance the use of co-regulation for selected groups of the regulated population where this will deliver superior regulatory outcomes, including through strengthened licensing and registration regimes.	ASIC supports this recommendation. ASIC already pursues, and has developed co-regulatory approaches, where this is justified by the nature of the industry involved and the risks posed. ASIC is currently considering the establishment of a Financial Services Disciplinary Panel, as an industry peer review body to provide a more effective mechanism for addressing misconduct in the financial services industry. The Panel could potentially be empowered to issue infringement notices and impose administrative sanctions.
Stakeholder management	Recommendation 29: ASIC to develop and implement a formal tiered stakeholder relationship model based on entity nature, scope, risk and complexity	ASIC will consider the Panel's recommendation and will consult with stakeholders to understand the issues and best model to address any deficiencies identified.
Stakeholder management	Recommendation 30: ASIC to recalibrate advisory panel setup to ensure more systematic value add eg through a larger pool of experts that can be called upon to advise on various issues as needed based on issue-specific needs and expertise gaps, coupled with regular performance assessment and enhanced internal responsibility to act on recommendations.	ASIC supports measures to even further improve the effectiveness of our advisory panels and will consider the Panel's recommendation. ASIC has committed to formalising the process for distributing panel input throughout ASIC.
Data management	Recommendation 31: ASIC to execute its OneASIC (FAST 2) infrastructure overhaul program, 'future-proofing' design and expanding scope as required.	ASIC supports this recommendation. ASIC will deliver the first phase of the OneASIC program at the end of 2016. Further work on the OneASIC program is dependent on funding.
	Recommendation 32: ASIC to launch new programs of work to close additional identified gaps, for example, to enhance the ability to measure and report for MIS.	ASIC supports this recommendation. ASIC will further consider the availability of management information required for internal management and the capacity to measure internal efficiency. The timing for the commencement and delivery of this work would be subject to available funding and resources.
	Recommendation 33: ASIC to invest in the development and application of big data 'reg-tech' analytics, through identifying specific applications for regulatory data analytics and building required staff skills/capabilities.	ASIC supports this recommendation. ASIC will develop a funding proposal to invest in the further development and application of big data 'reg-tech' analytics and building on our current skills/capabilities. We will do so after assessing the use of 'reg-tech' data analytics by peer regulators during 2016 and considering any gaps in the context of ASIC's current data analytics applications.
	Recommendation 34: ASIC, in conjunction with the CFR, to develop a forward work program to design and implement open data policies and data analytic collaboration.	ASIC will raise this recommendation for consideration by members of the CFR.

¹⁹² 20% neutral, 10% disagree.

¹⁹³ 17% neutral, 16% disagree.

¹⁹⁴ Figure 8.

¹⁹⁵ The Barretts Cultural Values Assessment (CVA) tool was used. The tool looks at individual and organisational beliefs and practices and is internationally recognised as an effective cultural diagnostic tool. It has been used by large Australian financial services organisations.

¹⁹⁶ PwC Evidentiary Report, Key findings.

¹⁹⁷ Comcare comparative claims data, 2015.

¹⁹⁸ Credible Deterrence in the Enforcement of Securities Regulation.

¹⁹⁹ PwC Evidence Report, Volume 3.

²⁰⁰ IOSCO Principles and Objectives of Securities Regulation, Principle 2.

²⁰¹ See: http://fsi.gov.au/publications/interim-report/07-regulatory-architecture/independence-accountability/.