ASIC Corporate Plan: Focus 2022-2023

This week the Australian Securities and Investment Commission (ASIC) released its Corporate Plan 2022-2026 (Corporate Plan), highlighting ASIC’s focus for 2022-2023.

ASIC’s current priorities and broadened focus

In ASIC’s previous Corporate Plan, its priorities revolved around reducing the risk of harm to consumers caused by poor product design and governance, as well as enhancing cyber and operational resilience.

Although these issues remain top priorities for ASIC, it will also broaden its focus to include:

• digitally enabled misconduct as technologies and products, focussing on scams and crypto-assets;
• the impacts of climate risks on markets and the growing emphasis on sustainable finance, with governance, transparency and disclosure standards in relation to sustainable finance being a priority; and
• in the face of an ageing population and changing economic climate, protecting Australians planning for retirement, focussing on superannuation products, managed investments and financial advice.

These priorities reflect those foreshadowed in ASIC’s recent Enforcement and Regulatory Update for April to June 2022, and by ASIC Chair, Joe Longo, in his presentation about ASIC’s corporate governance priorities at the AICD Australian Governance Summit in March 2022.

Key trends in regulatory environments and impact on ASIC’s priorities

ASIC acknowledges that its regulatory environment is changing and evolving, and that it needs to plan its priorities accordingly.

In particular, the Corporate Plan notes the emerging trend for capital markets to align with sustainability goals and the growing consumer emphasis on sustainability investments. It states that these trends increase the risk of ‘greenwashing’, being the practice of misrepresenting the extent to which a financial product or investment strategy is to strengthening policies and regulations to address this climatic and financial risk.

The Corporate Plan also notes, with concern, the rapid growth of new technologies and the resulting increase in opportunities for scams and cyber-attacks. It says $129 million was lost because of scams in 2021 and is concerned by the increasing frequency and complexity of cyber-attacks. As such, ASIC will develop appropriate mechanisms and regulations to address these ever-changing technological risks. 

ASIC action under the Corporate Plan

The Corporate Plan groups these various priorities into four overarching ‘External Priorities’, being product design and distribution, sustainable finance, retirement decision making and technology risks. It also identifies ‘core strategic projects’ (CSP) to action in relation to the External Priorities. Some of ASIC’s key CSP’s are set out below.  

Sustainable finance

The ‘Sustainable Finance’ CSP aims to prevent harm arising from greenwashing, and to support effective climate and sustainability governance and disclosure. In accordance with the sustainable finance CSP, ASIC will:

• ensure the oversight of sustainability-related disclosure and governance practices of listed companies, managed funds, superannuation funds and green bonds;
• focus on the licensing and supervision of carbon and related markets;
• implement a new Memorandum of Understanding with the Australian Energy Regulator to address misconduct in the gas and electricity markets;
• work alongside peer domestic and international regulators on sustainable finance developments; and
• take enforcement actions against misconduct, including misleading marketing and greenwashing.

Crypto Assets

The ‘Crypto Assets’ CSP aims to protect investors from harm posed by crypto assets that fall within ASIC’s remit. Actions to be undertaken by ASIC under the Crypto Assets CSP will include:

• supporting the development of an effective regulatory framework focused on consumer protection and market integrity;
• taking enforcement action to protect consumers from harms associated with crypto-assets;
• supervising and assessing Product Disclosure Statements and target market determinations of major crypto offerings within ASIC’s jurisdiction;
• raising public awareness of the risks of crypto-assets and decentralised finance; and
• working alongside domestic and international peers to monitor risks, develop coordinated responses to issues and develop international policy regarding crypto-assets and decentralised finance.

Cyber and Operational resilience

The ‘Cyber and Operational Resilience’ CSP seeks to introduce policies and actions to bring about operational resilience to limit the number of cyber-attacks and mitigate their impact. Action ASIC will take in relation to the Cyber and Operational Resilience CSP will include:

• implementing a cross-industry self-assessment to benchmark cyber resilience in ASIC regulated population, refine ASIC’s risk framework and develop sectoral insights;
• conduct surveillance to monitor cyber operational resilience among our regulated entities, and engaging with them to promote good practice;
• partnering with other financial regulators to harmonise regulatory approaches and action;
• updating the legal and compliance obligations for regulated entities;
• implement whole-of-government cyber resilience initiatives relevant to ASIC’s regulated entities;
• monitoring implementation of the expectations set out in Report 708 ASIC’s expectations for industry in responding to market outage on market resilience; and
• taking enforcement actions against egregious failures to mitigate the risks of cyber attacks and related governance failures.

Financial accountability regime

The ‘Financial Accountability Regime’ CSP aims to improve risk and governance in cultures of entities in the banking, superannuation, and insurance sectors. Actions to be taken by ASIC include:

• developing guidance and external engagement forums for industry;
• implement coordinated risk-based approach to registration activities under the regime; and
• increasing our focus on individual accountability in our regulatory and enforcement approach.

ASIC’s ongoing regulatory work

Enforcement

ASIC’s enforcement actions aim to maximise deterrence, enhance market integrity and reduce harm to consumers of financial services. The Corporate Plan states that ASIC will continue to focus its enforcement work on areas of greatest harm, including:

• misconduct that may damage market integrity, including insider trading, continuous disclosure beaches or failures, market manipulation, and governance failures;
• misconduct impacting Indigenous Australians;
• misconduct causing significant consumer harm or targeting financially vulnerable consumers;
• systemic compliance failures by large financial institutions resulting in widespread consumer harm; and
• participating in the Serious Financial Crime Taskforce and Phoenix Taskforce, to combat serious and complex financial crime and illegal activity.

Supervision and surveillance

The Corporate Plan states that ASIC will continue to use ‘conduct targeted surveillance’ across its regulated population to ensure that entities and individuals are acting in the best interests of consumers and investors. This includes surveillance of corporate transactions, market activities, financial reporting and audit quality.

ASIC’s supervision and surveillance will also help to ensure that financial services providers have the resources, competence, and systems to operate efficiently, honestly, and fairly.

The Corporate Plan provides that dedicated supervisory resources will be devoted to a select group of regulated entities that present the greatest potential harm to consumers and investors.

Lavan Comment

In its Corporate Plan, ASIC acknowledges that its regulatory environment is changing and evolving, and that it needs to plan its priorities accordingly. ASIC’s 2022 key priorities reflect trends seen in the market.

This is evident from ASIC’s focus on greenwashing, where environmental, social and governance proposals by activist shareholders are hitting record levels.

Similar trends are seen in respect of increasing cyber-risks, where ASIC has indicated that it intends to penalise large corporations for failing to mitigate cyber-risks.

Contact Cinzia Donald, Partner, Lavan’s Litigation and Disputes Resolution Team, if you have any queries about ASIC’s Corporate Plan, or you are the subject of an ASIC investigation or prosecution.