Trust, Culture and Enforcement

ASIC started off as a corporate governance and securities and markets regulator, and that’s a model which is all about the ambulance at the bottom of the cliff.
— Dr Hanrahan


On 12 September 2017, ASIC Chairman Greg Medcraft presented at the Thomson Reuters Newsmaker lunch.

Perhaps because his tenure at ASIC will soon expire, the Chairman addressed each question about ASIC and its performance with both clarity and tenacity. Anticipating the criticism common of ASIC in the financial press, Mr Medcraft passionately reiterated his vision for ASIC and his view of its role.

"The vision used to be about protecting investors - that's impossible ..... [it's now focused on] promoting trust and confidence."

This pragmatic view should not be interpreted as signalling a return to the passive and reactive regulator ASIC has often been accused of being. With reference to the ongoing actions involving Commonwealth Bank, NAB and a range of smaller licensees, the Chairman clearly indicated ASIC's priorities

"ASIC is enforcement first. We're more an enforcement body than regulatory agency

For those who missed the warning, Mr Medcraft reiterated his willingness to take on, and hold to account, the "very powerful" Banks. The actions to date, despite their cost and complexity, were essential for showing that ASIC "can't just bark, [it] can bite". In a room filled with regulated entities, the Chairman not only 'failed' to apologise for the slow and costly actions to date but evangelically restated ASIC's commitment to more active enforcement of the financial services laws. 

This is great news.

These statements should be interpreted positively by those licensees that have invested, and continue to invest, in compliance. The 'trust and confidence' with which the regulator is concerned is not the feel-good, can-do marketing often foisted on consumers by Institutions trying to mitigate critical brand damage, but a Licensee's substantive and demonstrable commitment to "truthfulness, transparency and timeliness". 

Of course, despite this positive commitment, some licensees might not be reassured by the Chairman's view that financial advice is ASIC's number one risk area.


Trust is the single most important currency in the business world. 

The Chairman's recognition of the importance of trust and culture is at the core of his approach to enforcement and regulation. A regulated Participant's 'culture' is not a tangential issue for ASIC to consider, but a core element that they are obliged to address in order to maintain and improve the financial system and promote consumers' confident and informed participation. In fact, the Chairman's view on the economic cost of bad culture is explicit.

"Culture is a driver of conduct. It does affect trust."

Logically, if ASIC's role is to promote trust and confidence it is essential that ASIC identify, anticipate and address cultural failures. While structural conflicts, and conflicted remuneration, will remain firmly in ASIC's focus, the Chairman signalled a broader ambition of ensuring good behaviour, enforcing professionalism and holding individuals to account. Differentiating ASIC's focus on individual accountability from APRA's approach, the Chairman emphasised that APRA's focus on culture and management accountability (BEAR) will complement, but not diminish or conflict with, ASIC's similar determination to focus on management accountability. APRA, he explained, will approach accountability from a prudential management perspective, while ASIC will act to protect consumers and markets. 

The Chairman's broader views on technology, data and regulation will be explored elsewhere, but ASIC's emphasis on trust, culture and accountability both needs to acknowledged and seen in a broader context. 

A focus on trust, values and culture is a logical regulatory approach given the limitations of disclosure and the manifest failures of formalist models. It also an approach that's gaining ground as technological innovations, such as algorithmic decision making, force radical transparency on existing institutions. Transparency may be futilely resisted, and sometimes even temporarily subverted, but, even in the absence of whistleblower rewards, institutions are more exposed and vulnerable than ever and the drive towards transparency seems irresistible.

Ironically, despite ASIC's emphasis on trust and reputation, the Edelman Trust Barometer 2017 shows that trust in ASIC has declined since the last survey.

Disruption and Reputation

Consumers understand that markets, and industries, are 'disrupted' when technology is used to exploit inefficiencies, identify new efficiencies or satisfy previously unidentified (and unsatisfied) needs. Commentators, however, frequently see disruption as a product of technological innovation rather than recognising that the technology only provides the means by which an industry can be 'disrupted'. Technology doesn't create a new opportunity, but only makes the exploitation of an existing opportunity easier, more efficient or more scalable. What critics often fail to acknowledge is that a participant's capability to resist, or exploit, disruption is a product of its own reputation and culture. Incumbents that are trusted, or that are considered to be 'good' brands, are better able to resist the disruption of their business because of the intangible values associated with their brand; values that are more important, for many consumers, than cheaper prices or new delivery mechanisms.

Rachel Botsman "Reputation Capital" (2012)

Rachel Botsman "Reputation Capital" (2012)

In my view, an enforcement focused regulator, one that understands the critical commercial importance of trust and culture, and one that acts consistently, predictably and publicly, is precisely what licensees, advisers and consumers require. While ASIC may move more slowly (and less aggressively) than some might prefer, the Chairman's restatement of their focus is a balm to an industry mired in complexity and riven by scandals.

The Devil, as they say, is in the detail and it is still unclear how ASIC, or APRA, will methodically and effectively assess 'good cultures'. Correct 'cultural assessments' are usually only made retrospectively when experts, with the benefit of hindsight, can precisely, and without fear of contradiction, skewer the cultural failures that made the scandal inevitable.

However, neither Management Teams nor Consultants are very good at prospectively identifying problems with their (or their client's) culture. Neither are businesses very good at identifying the limits of the 'trust' their clients extend to them. Banks may be trusted not to fail and lose depositors funds ('too big to fail') but recent events have shown consumers the dangers of trusting banks beyond providing basic functions.

As trust declines, consumers' willingness to explore alternatives increases and the Participants expose themselves to disruptive alternatives.

Honesty and fairness

So what does ASIC's recognition of the importance of culture, and their renewed commitment to active enforcement, mean to licensees. It means that, consistent with REP515, formal compliance will no longer be adequate to satisfy market and regulatory expectations. Formal review processes, Board commitments and clever, internal marketing will no longer prove the existence of a good compliance culture or protect a Licensee from the consequences of misconduct or management failures. 

See this as an opportunity. ASIC may look less to the paperwork that outlines how you comply with the financial services laws and more to the substance of your conduct. Do you act in a manner consistent with your principles? Do you comply with the letter of the law or the intent of it? You will still need to be able to prove your compliance but if the existence of a policy does not, in itself, prove compliance with the financial services laws the absence of a policy should not, in itself, prove that the Licensee does not comply with the law.

The Chairman's declaration should also embolden small to medium licensees to reject the generic compliance manual and instead cleave to a principles based governance framework - one that encourages, and demonstrates, conduct based on fairness, consistency and transparency.

Acting on values

So how can a small or medium licensee demonstrate its 'good culture'?

We'd recommend that those Licensees should first articulate their values in their mission statement and then embed those values into their review methodology and their consequence management policy. In our view, a Licensee's approach to remediation and consequence management is the clearest indicator of their culture and values - particularly when licensees remediate slowly, inconsistently and unpredictably. In our opinion, Licensees must set clear expectations for their staff and consumers. The predictability of a Licensee's response to failures and misconduct is the only practical measure of their capacity to act efficiently, honestly and fairly.

Consistent, predictable consequence management builds trust

Consistent, predictable consequence management builds trust



Dr Hanrahan's quote was extracted from "Scrutinising ASIC: Is it a watchdog or a dog with no teeth?". Sydney Morning Herald 23/11/2013