Executive summary
The Australian Securities and Investments Commission (ASIC) is the centrepiece of Australia’s system of corporate and financial regulation. ASIC’s responsibility for enforcing corporations law supports the health of the economy, promotes market integrity and protects consumers and investors.
When corporate misconduct occurs, Australians expect that ASIC will investigate promptly, take appropriate enforcement action and deter future breaches of the law.
However, ASIC’s approach to investigation and enforcement has been continually criticised over many years. In 2014, this committee inquired into ASIC and made over 60 recommendations to help improve ASIC’s performance. The 2017–19 Royal Commission into Misconduct in the Banking, Superannuation and Financial Services (the Royal Commission) was scathing of ASIC’s enforcement approach, finding that financial service providers were not being held to account for unlawful conduct. Concerns regarding ASIC’s effectiveness in protecting consumers and investors have been raised in many other parliamentary inquiries, government reports, academic works and in public discourse. At various times, ASIC been labelled a ‘toothless tiger’ for failing to hold those who break Australia’s corporate laws to account.
While ASIC tries to deflect criticism that it is a weak corporate regulator by promoting its recent enforcement actions, the reality remains that corporate law is underenforced in Australia. ASIC’s response to most reports of alleged misconduct is to take no further action and only a fraction of reports are investigated. For the matters where ASIC proceeds to take enforcement action, the civil penalties imposed are often at odds with the scale of the offending, and few criminal sanctions are achieved. Further, ASIC’s investigation and enforcement decisions are opaque and difficult to scrutinise.
Evidence to this inquiry has made clear the deep flaws in ASIC’s approach to investigation and enforcement. Too often, ASIC fails to respond to early warnings of corporate misconduct and does not routinely use the full extent of its powers to achieve strong enforcement outcomes. This approach fails to deliver justice to the victims of corporate crimes, undermines economic productivity and does not deter future poor behaviour.
ASIC’s success rests on it having the right remit and powers, the right people and resources and the right governance and oversight arrangements. These factors have fallen out of balance. As a result, ASIC’s capacity to respond to corporate misconduct is now compromised by significant structural, resourcing and cultural issues.
Stumbling at the first hurdle—ASIC’s insurmountable remit
Since ASIC’s establishment in 1991, successive governments have expanded ASIC’s remit in response to emerging needs in corporate and financial regulation. At the same time, the size of the Australian economy has grown along with the increased sophistication of Australia’s financial markets and product offerings.
Today, ASIC’s remit spans companies, markets, financial services, consumer credit and professionals who deal with financial products. In 2021–22, ASIC regulated over 95000 entities of varying size and complexity, including 1841 public companies, 6288financial services licensees and 1183 securities dealers. ASIC’s remit also incorporates globally significant capital markets. For example, Australia has the world’s fifth-largest pool of managed funds, totalling $4.75 trillion, and the fifth largest pool of retirement savings, totalling $3.9 trillion.
ASIC regulates Australia’s corporate and financial markets with a staff of less 2000.
Further, ASIC’s remit is one of the widest of any corporate regulator in the world. Indeed, ASIC’s remit has become so large that it now uses significant resources just to strategically prioritise its regulatory efforts. When ASIC’s performance is inevitably criticised, ASIC commits even more resources to managing its reputation.
The concerns regarding ASIC’s resourcing are not new. In 2018, the Royal Commission heard from the then Chair of ASIC that the regulator was ‘constrained in probably every aspect of [its] regulatory work’, including in investigations, enforcement, surveillance and supervision activities, and its work on financial capability. ASIC’s evidence to this committee shows that resource constraints continue to limit the matters ASIC determines to pursue, leading ASIC to focus only on what it considers the highest risk cases.
Following the Royal Commission, the Australian Government increased ASIC’s budget and further expanded ASIC’s enforcement powers. ASIC’s total resources increased from $607 million in 2016–17 to $861 million in 2021–22. Over the same period, the number of ASIC staff increased 19 per cent from 1640 to 1947. Additionally, ASIC has undergone a number of organisational restructures.
However, evidence to the inquiry suggests that the increases to ASIC’s resourcing have not resulted in a marked uplift in ASIC’s performance. As such, it is difficult to accept ASIC’s contention that some of its functions would not be better administered by other entities. Rather, it appears that the scope and complexity of ASIC’s remit has outgrown its abilities and it is time to consider other models, or even new entities, to administer these parts of Australia’s law. The committee has made strong recommendations in this regard.
No further action—ASIC’s approach to investigation
Australia’s system of corporate and financial regulation places ASIC in a leading position to investigate alleged breaches of corporate law. Each year, ASIC receives thousands of reports of alleged misconduct, including voluntary reports from the public and mandatory reports from industry.
In the decade to 2021–22, ASIC received some 236000 reports of alleged misconduct. Despite misconduct reports often containing serious allegations of unlawful conduct, ASIC took no further action in 66 per cent of the reports received from the public in 2021–22. Further, most statutory reports that insolvency practitioners submit to ASIC also go without investigation. ASIC generally responds to these statutory reports with an automated, ‘no further action’ email within 40 seconds of the report being made. This is particularly concerning given that the number of companies entering administration in Australia are at record high levels. Australians lose billions of dollars each year when insolvent companies fail to pay their creditors.
On the basis of evidence received in this inquiry, ASIC appears reluctant or unwilling to commence investigations. By not taking a proactive approach to investigation, ASIC lets many reports of misconduct go without substantive review. In some cases, ASIC’s lack of early regulatory intervention prolonged the harm of misconduct to consumers and investors. This harm is compounded by the information asymmetry that is created when ASIC receives information on potential misconduct but consumers and investors remain unaware of the potential risks. Unfortunately, this was seen in submissions received from victims of the Ponzi scheme operated by Courtenay House, who collectively lost $180 million.
Only a fraction of the matters reported to ASIC proceed to formal investigation. For example, in the last three financial years, ASIC commenced an average of 117investigations per year. Evidence to the inquiry suggests that ASIC investigates around one per cent of misconduct reports. However, ASIC describes the focus on its low rate of misconduct reports it investigates as ‘oversimplified and superficial’ and, further, states it is ‘not a complaint handling body’.
When ASIC does investigate, evidence provided to the inquiry suggests that the process can be marred by delay and inefficiency. The committee heard instances where investigations took inordinately long to finalise, sometimes even years. In other cases, ASIC failed to follow up information from key individuals, lacked mechanisms to share information between internal teams and even appears to have lost information.
ASIC’s approach to enforcement
ASIC has substantial powers to enforce corporate law. Nonetheless, only a small proportion of alleged misconduct reported to ASIC results in enforcement action.
Many submitters and witnesses during the inquiry raised concerns regarding ASIC’s lack of action to enforce the law. Such underenforcement of Australian corporations law can be seen in ASIC’s low rates of enforcement action, a reliance on relatively few civil and criminal prosecution mechanisms, penalties that appear weak compared to the severity of the offending and delayed prosecution of offences.
ASIC litigates relatively few matters through the courts, having initiated just 75 new civil actions and 52 new criminal actions in 2021–22. ASIC refers most serious cases for prosecution to the Commonwealth Department of Prosecutions (CDPP), however ASIC’s referrals to the CDPP are in decline too. In 2022–23, ASIC made 41referrals to the CDPP, down from 86 referrals made in 2018–19.
ASIC’s enforcement actions in response to the now-defunct Dixon Advisory and Superannuation Services Limited (Dixon) are illustrative of ASIC’s enforcement woes. In September 2020, ASIC commenced civil proceedings against Dixon for, among other things, significant failures to act in its clients’ best interests. It took ASIC two years to settle its case against Dixon, and the company was penalised $7.2 million. However, ASIC has said this fine is unlikely to ever be paid. Moreover, no criminal charges have been brought in relation to Dixon, despite total claims in the case exceeding $386 million. In September 2023, three years after its initial enforcement action, ASIC brought civil proceedings against a former director of Dixon for alleged breaches of directors’ duties. This trial had its first hearing on 17 June 2024 and isongoing.
As a comparison, the enforcement action taken in the United States against Samuel Bankman-Fried—for securities fraud that led to the collapse of his USD $32 billion crypto trading firm, FTX—took a year-and-a-half and resulted in a 25-year prison sentence.
Following the Royal Commission, ASIC sought to improve its enforcement outcomes by adopting the so-called ‘why not litigate?’ approach. Two years later during the COVID-19 pandemic, ASIC set aside the ‘why not litigate?’ approach in favour of a new approach called ‘Express Investigation’. This ‘lighter’ approach focused on ASIC’s early engagement with entities and prioritised ‘cooperation’. ASIC dismissed concerns about the lighter approach, stating the ‘critical question’ for ASIC was whether it litigates the ‘right matters’ and takes ‘full advantage of the full range of enforcement and regulatory tools’ available to it.
However, evidence suggests that ASIC is not pursuing enough of the ‘right matters’, nor is it using its full suite of enforcement tools. For example, in May 2024, ASIC announced it was protecting ‘small business by disqualifying four directors for failures relating to the management of small proprietary companies’. Each of the disqualifications applied by ASIC appears to be manifestly inadequate. One director was involved in the failure of eight small companies—which owed over $33 million to unsecured creditors, including nearly $14 million to the Australian Taxation Office—and was disqualified from managing corporations for just four years. Another director was disqualified for two years, despite being involved in the failure of four companies that owed $4.9 million to over 50 creditors. ASIC has the power to disqualify directors for a maximum period of five years, but ASIC appears reluctant to use these powers to their full effect despite the extensive harm that poor conduct has on consumers andcreditors.
Furthermore, ASIC’s approach to strategic regulation is undermined by its inconsistent approach to enforcement actions. For instance, on the same day that ASIC announced that Australians need better hardship support from their lenders, reports emerged that ASIC failed to take basic action to help protect Australians from a major international cryptocurrency scam. Reports allege that ASIC received information from German law enforcement on over 34000 Australians who had lost over $200million to the scam, including the victims’ contact details. However, ASIC did not contact the victims despite there being a ‘serious risk’ that they could lose more money, nor did ASIC update an investor alert list to warn Australians about the scam. ASIC has refuted elements of the reporting but confirmed it did not seek to contact the Australian victims.
Redressing the underenforcement of corporate law in Australia should be a national priority. If those who seek to break the law do not fear that they will be held to account for their actions, then there is a high risk that offending will occur. Without significant improvements to ASIC’s enforcement approach, the harm to Australians from corporate misconduct can be expected to continue.
Culture starts from the top—the need for better governanceASIC’s governance is vital to ensuring that it is an effective and respected regulator.
ASIC’s leadership, and the systems used to support executive decision-making, need to demonstrate integrity and focus. This is particularly true of the ASIC commissioner structure, comprised of commissioners and led by the Chair, which exercises executive and non-executive functions that guide ASIC’s strategic direction, operations and culture.
Yet, in recent years ASIC has been inwardly focused and distracted from its core regulatory functions by well-publicised shortcomings in its governance arrangements. These issues have affected ASIC’s leadership and undoubtedly damaged ASIC’s standing in the community. While there have been some efforts to reform ASIC’s leadership structure, these changes do not appear to have altered ASIC’s governance arrangements in a way that would substantively enhance ASIC’s culture to ensure that similar distractions are not repeated in future.
At present, ASIC commissioners are appointed by the Governor-General, on the nomination of the government, as independent statutory officers under section 9 of the Australian Securities and Investments Commission Act 2001. While ASIC states that commissioners are subject to the ASIC Code of Conduct, there are no sanctions that can be imposed on a commissioner if they breach the code. Indeed, the only sanction that applies to commissioners is termination of their appointment by the Governor‑General.
This high threshold for sanctioning commissioners means that any underperformance is unlikely to be dealt with internally. In serious cases, this has been shown to affect the administration of ASIC. It also contributes to a culture whereby ASIC believes it is immune from accountability. This was evidenced during the inquiry when ASIC repeatedly declined to provide requested documentation, and failed to provide upfront explanations as to why it would not provide this information.
While ASIC may be independent of government, it is still accountable to the Australian Parliament. Given the significant functions and powers exercised by ASIC, it is essential that strong accountability mechanisms apply to ASIC. However, parliamentary accountability is severely curtailed when ASIC withholds certain information from parliamentary oversight. Indeed, ASIC’s engagement with the inquiry was characterised by its repudiation of concerns regarding its investigation and enforcement activities. ASIC’s lack of accountability does not instil confidence that ASIC will be an effective agent of self-improvement and suggests that the Australian Government will need to take a greater role in leading reforms of the legislative settings which define ASIC’swork.
Fit for the future—the need for regulatory reform
When ASIC underperforms, consumers and investors are too often left to deal with the harms of corporate misconduct. Persistent concerns raised about ASIC’s approach to investigation and enforcement underscore the need for the change.
Thirty years on from ASIC’s establishment, it is necessary to consider how corporate and financial regulation could be better served by refocusing ASIC’s remit. Indeed, Australia’s twin peaks model of financial regulation was never intended to operate with ASIC administering such an extensive set of responsibilities. To improve investigation and enforcement outcomes, a new framework is needed to recognise that it is impossible for ASIC to administer its exceedingly broad remit to the high standard expected by Australians.
There are several options to focus ASIC’s remit, including civil enforcement functions and prosecutions being administered by entities separate to ASIC. Additionally, dedicated responsibility for consumer protection in financial services could be administered by an agency focussed on the retail market.
These options to focus ASIC’s remit are a substantial opportunity to step away from the failed regulatory experiment of ASIC as a ‘do everything’ corporate regulator. Australia’s system of corporate and financial regulation could be much improved by assigning key regulatory functions, which are otherwise well designed, to special purpose bodies with the capacity to exercise those functions for maximum public benefit. Such outcomes are not being achieved under Australia’s current system with ASIC as a lone, capacity constrained, corporate regulator.
Further, ASIC’s approach to investigation and enforcement needs a wholesale reimagining. ASIC needs a structural shift from relying on its underwhelming enforcement response (for which it is most criticised) to more effective detection methods and prevention activities. Indeed, ASIC needs to take its role as a corporate gatekeeper more seriously. This should involve ASIC prioritising resources for front-end functions, such as company registration, market monitoring (including intelligence gathering), compliance requirements (such as product design) and improving director requirements.
Further, ASIC’s handling of misconduct reports needs a radical cultural shift. When ASIC seemingly views these reports as complaints to be managed, it completely overlooks the strategic opportunity to use these reports to identify misconduct at an early stage and take appropriate enforcement action. ASIC should commit significantly more resources to efficiently harvest the information in misconduct reports and routinely use information gathering powers to allow it to form a preliminary view of whether misconduct has likely occurred. Further, ASIC’s decision-making criteria for progressing reports to formal investigation needs to be reviewed with a view to limiting the wide range of circumstances which, at present, lead ASIC to assess the majority of misconduct reports as requiring no further action. Reforms in ASIC’s approach to investigation must also extend to better utilising information on alleged misconduct contained within statutory reports from registeredliquidators.
No one expects ASIC to investigate all the reports it receives, or to get it right 100percent of the time. However, at present, ASIC does not appear to even be trying to improve its handling of misconduct reports.
When misconduct does occur, ASIC’s enforcement response needs to be unquestionably robust. ASIC has extensive powers to enforce corporate law, but ASIC routinely underutilises those powers. As a result, enforcement outcomes are frequently mild compared to the severity of corporate offending and the harm that poor behaviour results in. While litigation is resource intensive, it is the most powerful tool in ASIC’s arsenal to hold offenders to account and acts as a strong deterrent to other potential offenders. To that end, the Australian Government needs to appropriately resource ASIC, or an external enforcement body, to undertake a greater amount of litigation which utilises a wider range of civil and criminal penalty provisions. To reduce length and complexity of corporate litigation, the Australian Government should prioritise implementing the recommendations of the Australian Law Reform Commission’s Final Report, Confronting Complexity: Reforming Corporations and Financial Services Legislation. Additionally, ASIC’s enforcement outcomes need ongoing oversight, which could be undertaken by the Financial Regulator Assessment Authority as part of its assessment and reports on ASIC’s effectiveness.
Clearly, exercising ASIC’s responsibilities needs to be done better and it needs to be done differently. Continually assigning ASIC more duties and powers will simply deliver more of the same result: an overburdened and monolithic regulator that fails to meet expectations. Addressing the challenges faced by ASIC, and the broader challenges in Australia’s financial system, requires strong action from the Australian Government. It also requires ASIC’s leadership to critically reflect on the evidence of ASIC’s underperformance and to use that as opportunity for improvement.