APRA’s & ASIC’s Increased Supervision of Financial Institutions


The Royal Commission into misconduct in the financial service industry not only scrutinised business practices of financial institutions but also criticised the approach of both law enforcement agencies APRA and ASIC. While both regulators were underfunded and understaffed over the past few years, the Commission still found that the approach taken to the enforcement of the law did not meet expectations of the community – in fact, it promoted misconduct since enforcement actions – if any – did not constitute a strong deterrent.

The government accepted all recommendations made in the Final Report of the Royal Commission. Both regulators started to implement these recommendations not only to the letter but their spirit. Intention is to build and sustain a financial system based on fairness, honesty and efficiency. As outlined in the Final Report, organisations are expected to act according to certain behavioural norms[1]:

  • Obey the law.
  • Do not mislead or deceive.
  • Act fairly.
  • Provide services that are fit for purpose.
  • Deliver services with reasonable care and skill.
  • When acting for another, act in the best interest of that other.

ASIC: The Fairness Imperative

In his speech on the AFR Banking and Wealth Summit on 27/03/2019[2], ASIC chair James Shipton reiterated that small issues need to be evaluated in a wider business context and accountability of executives on board level has not changed. He also explained that the resistance and reluctance towards regulatory activities, as displayed by some firms, are not helpful.

ASIC’s new approach to enforcement of the law centers around the question “Why not litigate?”. In order to litigate, an organisation must have broken the law and it is in the public’s interest to pursue legal action. Since ASIC’s mandate was expanded, the government granted additional AUD 400m of funding. The new mandate includes the responsibility for assessing and enforcing conduct in all business aspects. Effectively, ASIC becomes the “new” Conduct Regulator.

To discharge its new responsibility, ASIC will focus on detection of cultural failings and identification of underlying drivers promoting misconduct. A better understanding of governance and culture within a particular organisation will also promote a better understanding of the underlying business model and correlating risk management practices. Assessment results will indicate whether the supervisory approach for an organisation needs to be adjusted according to underlying complexities, level of innovation and changes to entities or markets.

In addition, ASIC will promote certain areas of expertise including RegTech, behavioural economics and data analytics. These new capabilities will increase efficiency and effectiveness of the supervisory approach not only in the short-term but also in the long-run.

APRA: Response to Findings of the Royal Commission

After the Final Report, APRA released its own plan comprising measures to address the findings of the Royal Commission[3]. According to its response, the regulator will:

  • extend the Banking Executive Accountability Regime (BEAR) to product responsibility with a consultation phase until Q2 and final release date Q4 2019.
  • ensure that APRA staff complies with BEAR by end 2019.
  • release a revised version of the Prudential Standard on Governance (CPS 510) by mid 2019. The revision is based on:
    1. the findings of the Royal Commission
    2. the Commonwealth Bank of Australia (CBA) inquiry
    3. CBA inquiry related self-assessments by other entities
    4. international best practices
  • staff a review program for culture and risk management practices with the aim to assess cultural drivers for misconduct.

Similar to ASIC, APRA received additional funding of AUD 150m. This will ensure that the regulator can staff and execute required programs necessary to address the findings of the Royal Commission and, in a wider sense, the expectations of the community.

Impact on Financial Institutions

In summary, regulators will increase their supervision, will cooperate closely together exchanging information diligently, investigate issues collaboratively or individually and pursue legal actions against organisations as well as key personnel. Enforcement of the law is further leveraged through the recent passing of the Treasury Law Amendments. These amendments permit higher penalties for organisations or individuals breaching corporate and financial law[4].

With this outlook in mind, financial organisations need to be prepared to provide evidence for appropriate behaviour and outcomes along the lines:

  • Obey the law.
  • Do not mislead or deceive.
  • Act fairly.
  • Provide services that are fit for purpose.
  • Deliver services with reasonable care and skill.
  • When acting for another, act in the best interest of that other.

As James Shipton asks in his speech: Is the organisation confident that its governance, processes and systems meet listed behavioural norms?

This question implies that an organisation can produce appropriate evidence for different points in time along following key components:


  • Documentation of Key Terms: Definitions of key terms such fairness or reasonable care and skill
  • Aligned Business Objectives: Evidence that organisational goals are aligned with these principles, e.g. promotions rewarding loyal, existing customers over new customers
  • Aligned Business Decisions: Evidence that general / specific business decisions adhere to listed norms and are aligned with business objectives, e.g. product suitability vs product cross-selling
  • Breach Monitoring & Management: Evidence that breaches of outlined norms are penalised appropriately including notification of respective regulator – if applicable, e.g. misconduct has documented financial and non-financial consequences
  • Fair Treatment of all Customers: Evidence that all customers are treated fairly, e.g. customers meeting similar criteria are remediated even though they may not have been impacted directly by identified issues
  • Learning Organisation: Evidence that an organisation learns from its mistakes, e.g. systemic issues are identified and addressed sustainably

With the introduction of BEAR and its possible extension to other parts of the financial industry, accountable individuals may face stiff penalties and jail time in case of substantial breaches. Therefore, it would be well advised to understand respective accountabilities in detail and possess sufficient evidence how they were discharged. As indicated by the current version of BEAR, delegation is not appropriate.


First published on Enforcd.

[1] Source Final Report Royal Commission: https://financialservices.royalcommission.gov.au/Pages/reports.aspx

[2] Source ASIC homepage: https://asic.gov.au/about-asic/news-centre/speeches/the-fairness-imperative/

[3] Source Table with APRA’s responses to Royal Commission recommendations: https://www.apra.gov.au/sites/default/files/table_with_apras_responses_to_royal_commission_recommendations-v1.pdf

[4] Source: https://asic.gov.au/about-asic/news-centre/find-a-media-release/2019-releases/19-032mr-asic-to-pursue-harsher-penalties-after-laws-passed-by-senate/

%d bloggers like this: