Why the regulatory system is in need of urgent fix

Any change to Australia’s regulatory system requires a careful design, former ASIC chair James Shipton says.

James Shipton

3 min read

3:13PMAugust 11, 2024

The Australian Business Network

Former ASIC chairman James Shipton. Picture: Aaron Francis

A recent Senate report showed that the Australian Securities and Investments Commission’s governance is broken.

The report called out ASIC’s “unsatisfactory” Swiss-cheese governance arrangements, lack of commissioner accountability, and inadequate agency oversight.

It also reminded us that ASIC has not received an updated statement of expectations from the Treasurer in three years – meaning, ironically, that the government is breaching its own guidelines requiring these statements to be issued at least every two. Not a good regulatory example.

For these reasons, and recognising that ASIC is “overburdened”, the Senate recommended the reallocation of ASIC’s responsibilities to specialist agencies. Conceptually this will improve regulatory effectiveness and would help solve many of ASIC’s deep structural flaws; nevertheless, there is no easy fix, and it should not be rushed. Instead, the Senate report provides an opportunity to consider what is the best regulatory system for Australia’s financial system. It is not just a matter of right-sizing ASIC.

For regulation to work, the regulatory system must be carefully designed. Here it is important to emphasise that every regulator operates within a broader system.

This system includes: (i) government, (ii) business, (iv) civil society, and (v) other bodies that perform (public and private) regulatory functions. Press, media, legal systems (such as courts), and the attitude of those regulated are also included.

Indeed, the level of co-operation of those regulated is of great importance. It is imperative that those regulated understand the value of regulation, and for regulators to encourage, support and (ultimately) mandate they do so.

Here, aviation is a useful example as all participants in that industry know that airline safety is a good regulatory outcome; it’s also good for business.

Establishing an effective regulatory system requires careful design of the regulator, the role of other public institutions within the system (like complaints-handling services) and the prevailing rule book. The system, itself, must also fit within a broader network of supporting and interlocking regulatory systems (since regulators shouldn’t work in isolation).

Put simply, if we were designing the regulatory system for the financial sector from scratch it is highly unlikely that we would design it as it currently stands. Indeed, many of ASIC’s chronic flaws flow from the continued failure by successive governments to properly design the regulatory system in which it operates.

It is important to remember that ASIC operates in a system that was designed in the 1990s following the Wallis Inquiry. That was well before online financial services became ubiquitous and when compulsory superannuation was just a few years old.

There has been radical change in the intervening three decades, yet the overall regulatory architecture has not changed. Instead of stopping to consider the design of the regulatory system, successive governments have merely piled on new responsibilities, usually without commensurate funding, to ASIC and other regulators. ASIC is clearly “overburdened”.

Adding to this very ‘thin blue line’, as the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry pointed out, “ASIC now administers 11 pieces of legislation … (and) the legislation itself has grown longer and more complex” with the length of the Corporations Act increasing 178 per cent since 1981. The rule book ASIC is expected to enforce is too large, complex and convoluted.

Put crudely, ASIC is equivalent to a fuel-starved 1990s Holden Commodore that is required to cover longer distances at faster speeds; instead, we need a Tesla (or two).

Other regulators, like ACCC and Austrac, have also become key participants within the system (joining APRA and ASIC), and the Office of the Australian Information Commissioner (OAIC) is playing an increasingly vital role in relation to cyber security.

The increasing (and important) involvement of these different regulators reflects a radically different regulatory “threat landscape” to Australia’s financial system than was the case in the 1990s. The rapid emergence of AI will only exacerbate these challenges. It is time, 30 years on, for Australia to redesign its regulatory architecture to better respond to the regulatory threats of the future without the burden of 1990s infrastructure.

There are several ideas about how to do this (the Senate had some and I have some too); nevertheless, we must not fall into the trap of tweaking the edges of the regulatory system by concentrating on one (albeit important) part.

I am not advocating replacing the “twin peaks” model, but I am advocating that we review it in light of current and emerging regulatory challenges. We need to holistically assess the current and emerging threats to the financial system and then design (and fund) a regulatory system accordingly.

We need a regulatory system designed for the coming decades, not the past ones.

James Shipton is a Senior Fellow at Melbourne Law School, The University of Melbourne and a former ASIC chair.