3.7 Making the change in ASIC’s enforcement culture

3.7.1Internal review

ASIC’s first step, which it had taken at the time it made its submissions in response to the Interim Report, has been to undertake an Internal Enforcement Review focusing particularly on ‘policies, processes and decisionmaking procedures’ relevant to ‘whether or not to enforce the law using criminal and civil proceedings or other options’ and ‘the effectiveness and timeliness of the conduct of litigation and of enforcement outcomes’.[1]

Policies, processes and procedures are important to the proper operation of an organisation like ASIC. There can be no basis for criticising ASIC reviewing its policies, processes and procedures about enforcement. But only time and experience will tell whether altering statements of policies, processes and procedures is effective in achieving their more fundamental purposes.

Time and experience will be necessary because ASIC’s statements of enforcement policies, and its processes and procedures as they stood at the time of the events described in the course of the Commission, were not unorthodox. They were statements entirely consistent with the enforcement pyramid model of sanctions of escalating severity.[2] And ASIC’s stated policies about enforcement did not preclude it from taking much stronger steps than it did. This is why I have said that the question is one of culture rather than of needing to reformulate policies, processes and procedures. Any resulting restatement of policies, processes or procedures will be important only to the extent that it changes what ASIC does, as distinct from how it is done.

A related point concerns the structure of the enforcement function as compared with other units within ASIC. Because enforcement is concerned with deciding whether and what legal action is to be taken against an entity, it must, so far as possible, be independent of, and free from continuing relationships with, that entity.

As noted earlier, the risk of regulatory capture is well acknowledged.[3] One means of avoiding regulatory capture affecting enforcement decisions is to have the enforcement arm of ASIC separated from day-to-day dealings with the entities it regulates to the greatest possible extent.

Enforcement staff will have to meet with regulated entities to discuss enforcement decisions. So, for example, enforcement staff will have to negotiate about litigation that is on foot. But those meetings should be conducted through the parties’ legal representatives and with appropriate formality. Enforcement staff should not be responsible for the general relationship between the regulator and the regulated entity.[4] Their involvement with an entity should be matter-specific.

Within the regulator, enforcement officers must be relied upon for clear and objective advice and action. Those responsible for continuing supervision of an entity may give too muich weight to past good conduct, or may – even subconsciously – explain away conduct that would otherwise raise a red flag.

In short, enforcement is radically different from most other functions within a regulator and, to the maximum extent practicable, should be divorced from those other functions. ASIC’s Enforcement Review report recommends the establishment of an Office of Enforcement.[5] At a general level – I say nothing as to the proposed role of Commissioners in that office – functional separation of enforcement is consistent with what I have said about the radical difference between enforcement and other regulatory functions.

3.7.2Altering the management structure

Beyond the essential structure established by the ASIC Act, it is for ASIC to decide what organisational structure will best help it fulfil its remit.

I note the recent changes made in ASIC’s management structure by the creation of a group of executive directors (immediately below the Commissioners), who are to manage particular parts of ASIC’s activities. I note also that every one of these positions was filled from the existing ranks of senior team leaders without any opportunity for others within or without ASIC to apply for the positions.

One of the chief objectives of the change is said to be to allow Commissioners to deal better with higherlevel strategic issues.[6] However, introducing a new level of management must not be permitted to prevent the proper application of the principles I have set out above under the heading ‘Litigation’ when deciding whether, and what form of, enforcement action will be taken. The longer and more attenuated the chain of responsibility, the harder it is to challenge the views that are expressed along the way. And unless the decision relates to a simple and quasiadministrative requirement (which will either be met or not met), the judgments that are made along the way to making some recommendation about future action may not be explained in ways that give the final decisionmaker a real sense of why the recommendation is as it is. No less importantly, the final decisionmaker is all too often in a position where he or she cannot be held properly accountable for the decision that is made.

One significant challenge for ASIC’s new administrative structure is likely to be the proper determination of enforcement decisions. If ASIC’s new management structure operates as intended, it can be expected that many matters of significance will be determined by staff rather than Commissioners. That will require strong operational controls and clear lines of accountability.

But even under the new structure, inevitably some decisions will be reserved to the Commission, or a subset of it. The authors of ASIC’s internal Enforcement Review consider that it is in the best interests of the Australian community that enforcement of the Corporations and Consumer Credit legislation be made the principal responsibility of a recognised sub-committee of the Commission comprised of the Deputy Chair and two Commissioners.[7] Close attention will need to be given to both the process by which matters are elevated to the Commissioners (either the proposed sub-committee or the Commissioners as a whole), and the quality of the information presented to the Commissioners. Both may have significant consequences for ASIC’s enforcement work. Those observations remain true irrespective of whether an Office of Enforcement is established.

It is for the Commissioners to satisfy themselves that ASIC’s processes are designed in a way that assists them to arrive at the correct decisions. I will say no more about that issue, or about ASIC’s internal structure.

Recommendation 6.2 – ASIC’s approach to enforcement

ASIC should adopt an approach to enforcement that:

  • takes, as its starting point, the question of whether a court should determine the consequences of a contravention;
  • recognises that infringement notices should principally be used in respect of administrative failings by entities, will rarely be appropriate for provisions that require an evaluative judgment and, beyond purely administrative failings, will rarely be an appropriate enforcement tool where the infringing party is a large corporation;
  • recognises the relevance and importance of general and specific deterrence in deciding whether to accept an enforceable undertaking and the utility in obtaining admissions in enforceable undertakings; and
  • separates, as much as possible, enforcement staff from non-enforcement related contact with regulated entities.


[1] ASIC, Interim Report Submission, 6 [27].

[2] ASIC, Interim Report Submission, 4–5 [18]–[23].

[3] See, eg, James Kwak, ‘Cultural Capital and the Financial Crisis’ in Daniel Carpenter and David Moss (eds), Preventing Regulatory Capture (Cambridge, 2014) 71–98.

[4] Exhibit 7.157, 20 June 2018, Meeting Invitation Re ‘AMP Executive Group & ASIC (Reset)’.

[5] Exhibit 7.159, 6 January 2019, Summary of Review of ASIC’s Enforcement Policies.

[6] Exhibit 7.6.3, Witness statement of James Shipton, 7 November 2018, 4 [19].

[7] Exhibit 7.159, 6 January 2019, Summary of Review of ASIC’s Enforcement Policies.

Feedback