6.4 Information sharing

The complexities that attend the sharing of information between government agencies are wellacknowledged.[1] There will often be constraints, express or implied, on the use that may be made of documents and information obtained by government agencies by coercive process.[2]

Under the existing statutory arrangements, both ASIC and APRA are permitted to provide certain information to specified parties. Relevantly, ASIC can disclose confidential information (including information obtained by exercise of its compulsory powers) to APRA.[3] APRA may also provide information to ASIC,[4] but only if APRA is satisfied that the disclosure of the information or the production of the document will assist ASIC to peform its functions or exercise its powers.[5]

Those provisions, and others found in the ASIC Act and the APRA Act, are of undoubted utility. An inability of financial regulators to share relevant information would lead to duplication of information requests and to agencies acting without all available information. However those provisions, while necessary, are not sufficient. As noted earlier, the changes I have proposed, particularly concerning the SIS Act and the BEAR, will require the regulators to work more closely together than they have before. To make those changes effective the current informationsharing provisions should be changed.

A new statutory scheme for the sharing of information between APRA and ASIC is required. The detail of the scheme will need to be carefully worked through. But it should be founded on the premise that joint responsibility and co-operation necessitates substantial commonality of information.

I favour a model that prefers mandatory, rather than discretionary, sharing of information. ASIC and APRA should, to the greatest extent possible, work from a single body of relevant information.

Informationsharing arrangements are not novel. A ready example may be found in governing legislation of the Australian Crime Commission (ACC). The ACC is responsible for carrying out operations and investigations of potential relavance to many law enforcement agencies, both state and Federal. Information sharing is therefore critical to its task.

The Australian Crime Commission Act 2002 (Cth) (the ACC Act) requires the CEO of the ACC to assemble any admissible evidence of an offence against the law of the Commonwealth or of a state or territory and give that evidence to various persons, including the relevant law enforcement agency and any relevant prosecution services.[6] That duty is then coupled with a discretionary power to dislose information to government[7] and private[8] bodies in certain circumstances.

I recommend that each regulator be subject to a requirement to notify the other whenever it forms the belief, based on information available to it, that a breach may occur, or may have occurred, in respect of which the other regulator has enforcement responsibility. I consider that threshold, which does not require the formation of an opinion that a provision has in fact been breached, will more naturally result in regular exchanges of information.

But more is required to ensure that as far as possible, information gaps are closed. A change in both mindset and legislation is required. Rather than proceeding from a premise that certain information belongs to APRA or to ASIC, the preferable position is for information to be deemed to be ‘financial regulator information’. The APRA and ASIC Acts should be amended to require each entity to share any ‘financial regulator information’ that comes into their possession. Information coming within that description would include, but not be limited to, information concerning entities in respect of which both regulators have regulatory responsibilities and which is relevant to the exercise, or possible exercise, of a power or function of the other regulator. I suspect the most efficient way of storing that information will be in a shared database. But consideration will need to be given to the mechanics of the system, including how each regulator can be best made aware that documents have been uploaded to the database.

That is not to say that all documents and information need be shared. The drafting of the statutory definition of ‘financial regulator information’ will need to be given close attention. There will be some documents that should not come within the shared category. But that must be the exception and not the rule.

The mandatory sharing of information should mean that over time a substantial corpus of material will be collected and available – in as close to real time as technology allows – to each regulator. If properly designed and maintained, the shared database of information should become a valuable tool for the shared and individual work of ASIC and APRA.

Recommendation 6.9 – Statutory obligation to co-operate

The law should be amended to oblige each of APRA and ASIC to:

  • co-operate with the other;
  • share information to the maximum extent practicable; and
  • notify the other whenever it forms the belief that a breach in respect of which the other has enforcement responsibility may have occurred.

Recommendation 6.10 – Co-operation memorandum

ASIC and APRA should prepare and maintain a joint memorandum setting out how they intend to comply with their statutory obligation to co-operate.

The memorandum should be reviewed biennially and each of ASIC and APRA should report each year on the operation of and steps taken under it in its annual report.

[1] Administrative Review Council, The Coercive Information-gathering Powers of Government Agencies, May 2008, 65–70.

[2] Johns v Australian Securities Commission (1993) 178 CLR 408.

[3] ASIC Act s 127(2A)(c).

[4] ASIC being a ‘financial sector supervisory agency’ within the meaning of the APRA Act: see s 3(1) (definition of ‘financial sector supervisory agency’).

[5] APRA Act s 56(5)(a).

[6] ACC Act s 12.

[7] ACC Act ss 59AA, 59AAA.

[8] ACC Act s 59AB.