In the Interim Report, I said that ‘[w]hen deciding what to do in response to misconduct, ASIC’s starting point appears to have been: How can this be resolved by agreement?’[1] I said also that ‘[t]his cannot be the starting point for a conduct regulator’.[2] I remain of those views.
ASIC is charged with enforcing financial services laws on behalf of the community. One of ASIC’s objectives is to ‘take whatever action it can take, and is necessary, in order to enforce and give effect to the laws of the Commonwealth’.[3] The community is entitled to expect, and does expect, that financial services entities will comply with those laws.
Financial services entities are not ASIC’s ‘clients’. ASIC does not perform its functions as a service to those entities. And it is well‑established that ‘an unconditional preference for negotiated compliance renders an agency susceptible to capture’ by those whom it is bound to regulate.[4] As one leading American scholar has written, ‘corporate behavior moves quickly to take advantage of any perceived softening. Social norms act less upon complex organizations than upon individuals’.[5]
All of these considerations show that improving compliance with financial services laws cannot be achieved by focusing only on negotiation and persuasion. Compliance with the law is not a matter of choice. The law is, in that sense, coercive and its coercive character can be neither hidden nor ignored. Negotiation and persuasion, without enforcement, all too readily leads to the perception that compliance is voluntary. It is not. All financial services entities must obey the law, not just those who are willing to do so. And all financial services entities must comply with all the laws that apply to them, not just with those bits of the law that they find to be commercially acceptable.
In the Interim Report I said that there were already signs that ASIC may be seeking to alter its approach to enforcement, but that there were five reasons for caution.[6]
First was the size of ASIC’s remit. The reforms I have proposed, particularly regarding the Banking Executive Accountability Regime (BEAR) and enforcement of breaches of the SIS Act, will further enlarge that remit. ASIC will require deft management, a stable and appropriate level of funding and effective oversight to discharge its duties. But, as I have sought to explain, the size of ASIC’s remit is not an insurmountable obstacle to effective enforcement.
My second reason for caution was what seemed to me to be a deeply entrenched culture of negotiating outcomes rather than insisting upon public denunciation of, and punishment for, wrongdoing. Third, I referred to remediation of consumers being important but not the only consideration relevant to the regulator. Fourth, I said that there seemed to be no recognition of the fact that the amount outlaid to remedy a default may be much less than the advantage an entity has gained from the default. Fifth, I said that there appeared to be no effective mechanism for keeping ASIC’s enforcement policies and practices congruent with the needs of the economy more generally.
ASIC said in its written response to the Interim Report that it accepts that it needs to make changes.[7] More particularly, ASIC said that it accepts ‘that it must alter its enforcement priorities and practices within the financial sector – and particularly for larger financial institutions – so as to be more agile in initiating and prosecuting court action, and in many instances even commencing with it’.[8] It said that it ‘recognises that its enforcement priorities must change to emphasise deterrence and public denunciation more strongly in its use of various regulatory tools (inside and, where applicable, outside court) as mechanisms by which to change behaviours’.[9] ASIC said that it now accepts that, when considering enforcement measures, it should start with the question ‘[W]hy not litigate?’.[10]
Consideration of the way ahead begins, then, from the accepted premise that change is needed. What is that change? How is it to be made and then maintained?
[1] FSRC, Interim Report, vol 1, 277.
[2] FSRC, Interim Report, vol 1, 277.
[3] ASIC Act s 1(2)(g).
[4] Malcolm K Sparrow, The Regulatory Craft: Controlling Risks, Solving Problems, and Managing Compliance (Brookings Institution Press, 2000) 63 (footnote omitted).
[5] Malcolm K Sparrow, The Regulatory Craft: Controlling Risks, Solving Problems, and Managing Compliance (Brookings Institution Press, 2000) 63.
[6] FSRC, Interim Report, vol 1, 293–4.
[7] ASIC, Interim Report Submission, 2 [7].
[8] ASIC, Interim Report Submission, 5 [25].
[9] ASIC, Interim Report Submission, 9 [41]. See also, Exhibit 7.159, 6 January 2019, Summary of Review of ASIC’s Enforcement Policies.
[10] ASIC, Interim Report Submission, 9 [45] (footnote omitted).