While the ASIC Corporate Plan for the next 3 years may not be everyone’s page-turner, the Plan contains important issues affecting all businesses. This blog highlights the key risks ASIC identified in their Corporate Plan 2015-16 to 2018-19 (Plan), which should act as a road map of emerging risk and compliance issues which all organisations should be considering at their next board, risk or compliance meeting.
The Plan lists what ASIC perceives to be the key drivers of risk to investors, financial consumers and the markets it regulates. Although ASIC acknowledges that there are some drivers of risk that it can’t influence, the regulator’s proactive approach to risk identification and management should serve as a guide for other organisations on what risks they should identify and consider how to manage, in 2015-16.
Poor culture and gatekeeper responsibility
ASIC identifies poor culture, resulting in lack of transparency and chronic under-pricing of risk, as a key risk for 2015-16, and the Plan references this risk as one of the causes of the 2008 global financial crisis.
ASIC’s focus on improving corporate culture has been discussed in previous blog posts (here and here). The Plan reinforces ASIC’s view that culture is a ‘gatekeeper’s underlying mindset’ (meaning culture comes from the top of an organisation) and notes that risk management systems can help encourage good culture in an organisation by influencing compliance and reinforcing good, or bad, corporate behaviour. The Plan lists the following areas as having poor gatekeeper culture:
- responsible entities;
- markets; and
- directors, auditors and insolvency practitioners.
In its Plan ASIC sets out actions for how it intends to respond to the risks posed by poor gatekeeper culture in those areas, such as incorporating culture and incentives more explicitly into its risk-based surveillance reviews. Those actions are in addition to other initiatives ASIC has previously proposed to tackle poor corporate culture, such as the introduction of civil penalties to apply to theCorporations Act provisions that it administers (see our earlier blog).
Misalignment between retail products and consumer understanding
The Plan also highlighted current issues with the design and distribution of retail financial products and consumer understanding of those products. ASIC’s concern about the disadvantages caused to retail investors and financial consumers as a result of that misalignment means that improving the advertising practices of those products is a key focus for 2015-16.
ASIC referenced research that suggests that people confronted with uncertainty, as is the case with some complex financial products, tend to misjudge probabilities and risk. This can lead to serious long term harm where a consumer lacks adequate understanding of the products they are buying. Consumers can be vulnerable and may exhibit behavioural biases. These traits are exacerbated if the retail products are disclosed or marketed in a misleading or deceptive way or if consumers are given unrealistic expectations.
ASIC has implemented several financial literacy initiatives to help equip consumers with the requisite knowledge to make informed decisions about financial products. They include ASIC’s MoneySmart website, the National Financial Literacy Strategy and ASIC’s desire to have financial literacy included in the Australian curriculum. In addition, ASIC is working to identify ‘inappropriate products’ and remove them from sale, such as retail over-the-counter derivatives or add-on insurance products.
Cyber-attacks: are you prepared?
ASIC will focus on the importance of cyber-resilience in 2015-16 to promote trust and confidence in the financial system and market integrity. As the recent Ashley Madison data hack demonstrated, when a breach of cyber-security and privacy occurs, it can have devastating consequences for an organisation, its clients and other members of the community.
In the case of the financial services industry, cyber-attacks can also have serious financial repercussions for its participants.
The increase in the number, sophistication and complexity of cyber-attacks presents a constantly changing risk for all organisations, including ASIC. It is estimated that in 2013, cyber-attacks affected five million Australians at a cost of $1.06 billion. The cost and scale of these attacks is projected to increase in the future.
Although ASIC acknowledges that it is impossible for firms to anticipate and be protected from every cyber-attack, it has created a Markets Cyber-Risk Taskforce to establish practices that will help protect the market.
ASIC’s focus on the risks presented by cyber-attacks is a reminder for all organisations to be proactive about incorporating the risk of a data breach in their risk registers as part of their risk management and compliance programs. The recent increase in the popularity of cyber-insurance policies emphasises the different types of risk management techniques companies can use to help improve their cyber-resilience and manage the fallout of a cyber-attack.
Improving cross-border regulation
Globalisation has led to an increase in cross border activity, competition and integration. It is estimated that 45% of Australian equities are held by foreign investors and that Australian investment abroad was at $2.1 trillion in the March quarter of 2015. This represents a 23% increase in one year.
Although this level of overseas investment can increase productivity and investment overall, cross-border integration can increase operating costs and complexity for businesses. In order to reduce costs to businesses, ASIC will work with Australian and overseas regulators to implement G20 commitments to streamline regulations between jurisdictions. One initiative highlighted by ASIC is the continued development and implementation of the Asia Region Funds Passport, which APEC reports could save investors $27.4 billion annually in fund management fees and create 170,000 jobs in APEC economies within five years.
ASIC’s Plan a reminder of the importance of Enterprise Risk Management
Although managers can’t predict future events, ASIC’s Plan provides a selection of likely risks which may crystallise sooner rather than later. On this basis, there is no excuse for managers who fail to take proactive steps now to prepare their organisations for the impact of these events. An organisation may be disadvantaged competitively if they are not employing and practicing risk management methodologies and practices such as those promoted by enterprise risk management (ERM) policies and procedures. Managers should also be aware of the formal risk management principles(usually referenced in Australia to the ISO 31000 standard), which are key implements in any risk management toolbox.
Organisations that are effectively practicing ERM are gaining significant competitive advantages, and the executives behind these ERM programs are finding themselves in increasing demand.
See our earlier articles on ERM tools and techniques to understand how your organisation can stay on top of emerging risks – and potentially avoid ASIC surveillance.
ABN to replace ACN and TFN in 2016
In its Plan ASIC re-iterated its previous commitments to cut red-tape by removing redundant or unnecessary regulations which have little practical benefit.
The recent Treasury announcement of legislative amendments to consolidate the ACN, TFN and ABN schemes after 1 July 2016 is one example of a combined practical red-tape reduction effort by ASIC, the Federal Government and Australian Tax Office.
Legislative amendments required
The Treasury released an exposure draft of the Treasury Legislation Amendment (Spring Repeal) Bill 2015 on 28 August 2015 which proposes amendments relating to superannuation, corporations and taxation.
The Bill will amend the Corporations Act 2001 (the Act) and the A New Tax System (Australian Business Number) Act 1999 to make the Australian Business Number (ABN) the single numerical identifier for companies registered under the Act from 1 July 2016. Also, taxation laws will be amended to allow an entity with an ABN to use that number instead of a TFN.
What do the changes mean?
The changes will only operate prospectively, meaning that only companies that register under the Act from 1 July 2016 onwards will be issued with an ABN as their single numerical identifier and will not be given an ACN by ASIC.
Existing companies will retain all current numerical identifiers and will not be required to apply for an ABN if they do not have one, however, from 1 July 2016, companies registered under the Act will no longer be permitted to use their ACN as their name. New companies registered after this date will be able to use their ABN in their name.
These changes will not only make it easier for new Australian companies to meet their registration requirements, they will also reduce the legal and regulatory requirements for international entities seeking to do business in Australia.
The Explanatory Material for the Bill provides more insight about how the old and new registration regimes will operate.
Impetus for change
These amendments come as part of the Federal Government’s commitment to its deregulation agenda.
In the 2015-16 Federal Budget, the Government announced measures to make it quicker and easier to register a new business as part of the Growing Jobs and Small Businesses package. Reducing the number of numerical business identifiers is the first step as a part of this package.
The amendments will ensure that an entity that has an ABN may use it as their only Commonwealth-issued numerical identifier and will not be required to also have a TFN.
These changes will reduce the administrative red-tape for businesses and hopefully there are similar initiatives to come in 2015-16!