What this means for new regulatory enforcement landscape

The Royal Commission's final report sets the tone for increased enforcement activity in 2019 and beyond. A key observation made at the start of the report is that those who engaged in misconduct were not properly held to account and that 'misconduct will be deterred only if entities believe that misconduct will be detected, denounced and justly punished'. In tandem, the report also clearly critiques the effectiveness of regulatory oversight of the financial services sector. These views permeate the Commissioner's recommendations in the report.

With these strongly stated findings, we can expect to see:

  • increased supervision and monitoring by both APRA and ASIC;
  • a tendency for ASIC to commence litigation in place of enforceable undertakings and infringement notices – where enforceable undertakings are used, 'concerns' will likely be replaced with clear admissions;
  • increased APRA enforcement activity where consistent with its prudential mandate;
  • hot-button topics for enforcement activity emerging around breach reporting, individual accountability and culture, remuneration and governance; and
  • a generally sharpened focus from financial regulators, who will soon be subject to oversight from an external independent body.

Preparing your business to respond

Although dealing with regulators will never be an exact science, there are steps you can take now to navigate this new regulatory enforcement landscape. We have been assisting clients with:

  • preparing a strategy for engagement with regulators and other agencies;
  • managing accountability within the organisation for regulatory relationships;
  • preparing governance, policies and procedures for identifying and investigating misconduct and regulatory engagement;
  • identifying adequate cross-functional resources, expertise and personnel to help manage enforcement risk; and
  • conducting whole-of-business governance and compliance reviews.

Royal Commission recommendations

On enforcement, the Commissioner recommended ASIC adopt an approach that:

  • asks first whether a court should determine the consequences of the contravention;
  • recognises that infringement notices should primarily be used for administrative failings, and will rarely be appropriate for matters involving evaluative judgment or large corporations;
  • recognises the relevance and importance of deterrence (both general and specific) when considering enforceable undertakings and the utility of admissions in that context; and
  • separates ASIC enforcement staff from ASIC staff who are responsible for other contact with regulated entities.

Beyond enforcement, the Commission's final report contained several interesting observations and recommendations on regulatory responsibility and governance that will indirectly impact ASIC and APRA's future enforcement approach. Specifically, the Commissioner recommended:

  • that ASIC be given responsibility for 'conduct'-related matters concerning superannuation trustees and the Banking Executive Accountability Regime (BEAR), having emphasised the distinction between the 'conduct'-related purpose of ASIC and the 'prudential'-related purpose of APRA;
  • strengthened information-sharing and cooperation arrangements between the two regulators;
  • that both regulators apply principles from BEAR to their own organisations; and
  • that a new oversight body be established for both regulators, to ensure they are effectively discharging and exercising their statutory functions and powers.

Trends to date

As we noted late last year, the Commissioner's recommendations on the enforcement approach would come as no surprise to those following the Commission's hearings during 2018. In that time, the Government and regulators reacted to commentary from the hearing rounds and the interim report with a raft of announcements aimed at increasing enforcement activity for corporate misconduct. For example:

  • the Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Bill 2018 was tabled before Parliament, to increase the maximum imprisonment penalties for serious corporate crimes under the Corporations Act 2001 (Cth) and to strengthen penalties for individuals and corporations.
  • APRA announced a review of its enforcement strategy, due to report by the end of March this year.
  • APRA, ASIC, the Commonwealth Department of Public Prosecutions and the Federal Court all received significant funding increases.
  • ASIC announced a new supervisory approach that involves embedding ASIC officers in major financial institutions.
  • APRA and ASIC appointed new deputy chairs with a focus on enforcement approaches and policy.
  • The Government announced the establishment of a Committee of Regulatory Enforcement Strategy, to be chaired by the Attorney-General's Department.
  • The Government is looking to shift jurisdiction for corporate criminal cases from state courts to federal courts. (For more on these announcements, see our Insights ASIC's sanctions and powers to be strengthened, A new enforcement landscape for Australian corporations in 2019 and beyond and Unravelled: Close and continuous monitoring – the new ASIC approach of embedding its officers in banks.)

Most recently, and just before publication of the final report, ASIC's new enforcement-focused deputy chair, Daniel Crennan QC, completed his review of ASIC's enforcement policies, processes and decision-making procedures. The key recommendation made by Mr Crennan QC was that ASIC should introduce an Office of Enforcement responsible for investigating and enforcing contraventions of the corporations and consumer credit legislation (a suggestion that was in part endorsed by Commissioner Hayne in the final report). Mr Crennan QC also recommended that the guiding principles for that office should focus on deterrence, public denunciation and punishment by litigation, rather than through negotiated outcomes.

What's next?

With regulators called to take enforcement action, 2019 and beyond will, no doubt, see increasing regulatory requests, surveillance activity and investigations. Litigation will likely prevail over negotiated outcomes in the event that ASIC perceives misconduct has occurred.

In the past few weeks and months, we have seen both ASIC and APRA publicly comment on and accept this shift.

However, for APRA the Royal Commission's report adds some nuance to its recent acceptance that it needs to take more action. To some extent, the Royal Commission's final report acknowledges the tension between APRA's primary objective of ensuring prudential stability in the financial system and the pursuit of potentially destabilising enforcement.1 Nonetheless, the Commissioner was of the view that APRA should retain its enforcement powers should it need them for a prudential-related purpose.

Based on international experience and the themes emerging from the final report, there are several trends and areas of focus that we can expect to see emerging in regulatory enforcement in Australia:

  • Breach reporting – Commissioner Hayne supported the findings of the ASIC Enforcement Review Taskforce in relation to breach reporting, including that civil penalties should be imposed for failing to report and that criminal penalties should be increased.
  • Individual and senior executive accountability – with the introduction of the BEAR well underway and recommendations from the Commissioner that BEAR be expanded and that ASIC take responsibility for conduct-related aspects of the regime, we can expect to see both regulators monitoring through this lens. In the UK, the Financial Conduct Authority (the FCA) has highlighted the UK's equivalent, the Senior Managers and Certification Regime (which was introduced in March 2016), as a key priority for 2018/19.2
  • Culture, governance and remuneration – as has been the case internationally, we can expect to see both ASIC and APRA interested in the impact of culture and governance and, in particular, remuneration and incentive structures, on prudential matters and conduct. Without recommending any substantive changes to the law, the Commissioner has recommended increased regulator activity in these areas. As at 31 March 2018, the FCA's enforcement division had 61 open culture and governance cases (four times as many than the previous year), and has flagged the importance of culture and governance driving behaviours that benefit consumers in its Business Plan for 2018/19.3
  • Importance of whistleblowers – the United States Securities and Exchange Commission is increasingly relying on reports from whistleblowers for its enforcement activities. While in the US, whistleblowers can receive bounties for reports that contribute to the success of an action (which are not available to whistleblowers in Australia), legislation that increases the protection available to whistleblowers in Australia is before Parliament. The Federal Opposition has recently suggested that it might seek to introduce a similar 'rewards' scheme should it win the next federal election. With these changes on the horizon, it is possible that whistleblower reports will become a more significant channel for Australian regulators.


  1. See Royal Commission Final Report, Chapter 6, Sections 4 and 5.
  2. See FCA Business Plan 2018/19.
  3. See FCA Annual Enforcement Performance Report 2017/18 and Business Plan 2018/19.