ASIC’s Market Supervision Regulatory Priorities for 2016–17
27 July 2016
ASIC’s Regulatory Priorities for 2016–17
- This letter outlines the key regulatory priorities ASIC has identified for 2016–17.
- Plan for the year ahead by assessing your firm’s risk management framework and focusing your compliance, supervisory and risk management efforts taking in to account these priorities.
ASIC’s Market Supervision Regulatory Priorities letter
This letter sets out ASIC’s Market Supervision regulatory priorities for 2016–17. It is intended to help you assess your firm’s risk management framework as part of a robust review process, and focus your compliance, supervisory and risk management efforts.
Our key regulatory priorities for 2016–17 are:
- cyber resilience and technology disruption
- firm culture and conduct, and
- handling of confidential information and managing conflicts of interest in research and corporate advisory.
ASIC has prioritised these three existing and emerging risks because, if not properly addressed, they could adversely affect market integrity and investor confidence.
Regulatory Priority 1: Cyber resilience and technology disruption
- Cyber threats have become a key global risk to businesses and the stability of the financial markets.
- Use the resources ASIC has developed to help improve your firm’s cyber resilience.
- ASIC will also continue to provide cyber self-assessment questionnaires to selected groups of market participants each quarter.
One of ASIC’s Regulatory Priorities is to encourage improvements in cyber resilience practices for those entities operating in Australia’s financial markets. We intend to assist firms in driving behaviour that improves cyber resilience for the market overall, recognising that this overall cyber resilience may only be as strong as the weakest link. We will do this through close collaboration with regulated entities, regulators and Government.
To help improve your firm’s cyber resilience:
- Use our 2015 report, Cyber resilience: Health check. This health check is designed to:
- increase awareness of the risks
- encourage collaboration between industry and government
- provide health check prompts to help businesses consider their cyber resilience, and
- identify how cyber risks should be addressed in the regulatory context – including considering board oversight of cyber risks.
- Read our 2016 Cyber resilience assessment report to:
- learn some good practices for cyber resilience in investment banks, and
- identify key questions that directors and board members should ask executives.
ASIC will continue to provide cyber self-assessment questionnaires to selected groups of market participants each quarter. Our goal is to conduct a cyber resilience health check of our regulated population and to identify common areas for improvement. We will provide this information back to the participants.
Regulatory Priority 2: Firm culture and conduct
- Review the culture in your organisation to ensure it drives good conduct.
- In 2016–17, ASIC will integrate cultural indicators into our risk-based surveillances and use our findings to better understand how culture is driving conduct.
ASIC defines culture as a set of shared values and assumptions within an organisation. It represents the ‘unwritten rules’ for how things really work.
To address cultural and conduct-related issues it is imperative that firms focus first and foremost on setting the right tone from the top. It is also important to:
- cascade cultural values to the rest of the organisation
- translate values into actual business practices, and
- staff accountability
- effective communication and challenge
- recruitment, training and rewards, and
- governance and controls.
ASIC has always looked at individual elements of culture in our surveillances, for example, remuneration, breach reporting and complaints handling. This helps us to not only identify instances of misconduct, but also broader, more pervasive conduct problems. Where we think there may be a problem, we will ask questions and do a ‘deeper dive’. We want to uncover these problems early, and to disrupt and address them.
We are undertaking a suite of work in respect of culture and conduct in the markets area. In particular, we are reviewing attitudes to conduct risk, sound remuneration policies, management of confidential information and conflicts of interest, and supervisory frameworks and risk management.
At the beginning of this year we reissued a questionnaire to our investment bank stakeholders to see how they have progressed in their appetite, attitude and approach to conduct risk. We expanded our coverage to also include a sample of market participants. While we have seen a shift in focus at the board level of organisations, there is still a long way to go in terms of changing behaviours.
In April this year, we issued a Sound Remuneration Policies Model to gather information on our domestic and international banks’ local remuneration practices. We intend to provide feedback to industry on these areas of work, including better practices and areas requiring further consideration.
Regulatory Priority 3: Handling of confidential information and managing conflicts of interest in research and corporate advisory
- Mismanagement of confidential information and conflicts of interest can threaten market integrity and damage investor confidence.
- Review your firm’s controls (including policies, procedures, training and monitoring) to ensure you are appropriately managing risks identified by ASIC.
The handling of confidential information is an ongoing area of focus for ASIC. The leakage of confidential and material, non-public information about a listed entity threatens market integrity by creating information inequality. This may damage investor confidence and increase the risk of insider trading. It is also important to ensure that conflicts between the firm and its clients, and between the competing interests of different clients, are properly managed.
Through the establishment of a taskforce focusing on how firms handle conflicts of interest and confidential information, ASIC has identified the following risk areas that we consider important for firms to review.
Review your firm’s controls, including policies, procedures, training and monitoring in relation to:
- identifying and handling confidential, market-sensitive information
- supervision of wall-crossings and restricted lists where staff come into possession of confidential, market-sensitive information
- separation and segregation of research, sales and corporate advisory teams
- research independence, particularly when initiating coverage and valuing companies or participating in corporate transactions, and
- staff and principal participation in capital raisings, and trading around research coverage or capital raising transactions
Further detail on our findings will be published shortly.
Additional areas of focus
ASIC will consider other areas of focus over 2016–17, including those set out below.
Ensure client money is appropriately handled
Over 2015–16 we conducted several reviews on how market participants meet their obligations for client money in the Corporations Act 2001 (Corporations Act) and the ASIC market integrity rules. We intend to continue these reviews over 2016–17.
Over 2015–16 we found that some participants’ procedures for handling of client money were not sufficiently detailed. We also saw examples of inappropriate use of buffers and client money held outside of an Australian authorised deposit-taking institution. We will be focusing on areas of ongoing concern such as adequate record keeping of reconciliations and ensuring the review process is robust (including sign-off) and timely.
The Government has recently consulted on the client money rules in the Corporations Act and ASIC has made a submission to this review. We consider the proposed amendments are critical to ensuring the safety of client money, and we will continue to work with the Government and industry in this area.
Ensure financial stability and capital review for market participants
We continue to see structural shifts emerge throughout the industry, with higher costs and flat revenue often quoted by participants as a challenging part of the market environment. We see a number of firms undertaking steps to recapitalise or restructure their organisations.
Over the past year we have had reasons to question the accounting behind capital calculations for a number of participants as part of our review of their financial strength – this work is ongoing. We also intend to undertake a high-level review of our capital framework in the market integrity rules.
Ensure supervisory frameworks, risk management and controls are in place
Given the market environment and search for revenue-generating business lines, we seek to ensure that where a firm is taking on increased risks the appropriate supervisory, risk management and compliance controls are in place.
We have conducted several reviews in this area over 2015–16 and intend to continue this focus, where appropriate. In particular, we will be assessing whether a firm is adequately resourced from a human, technological and financial perspective. We will also consider how conflicts of interest are managed across a range of business lines, including financial advice, research, corporate advisory, sales and trading. This theme links in with our ongoing work in culture and conduct.
Ensure appropriate product distribution for retail over-the-counter (OTC) derivatives and complex products
We will be focusing on product distribution of complex products over 2016–17, in particular retail OTC derivatives and other complex structured products. We have recently conducted a number of surveillances of the retail OTC derivatives industry resulting in a large number of regulatory outcomes. We intend to broaden our focus to incorporate a number of other complex products, including hybrids.
Report suspicious activities
Our supervision of market participants’ trade monitoring and surveillance practices will continue. Another focus area will be participants’ ability to comply with their obligations under the suspicious activity reporting requirements (SARs) in the market integrity rules. Our approach will include proactive engagement with participants in relation to their market monitoring activity. In particular, where our systems identify suspicious market activity and the market participant has not lodged a SAR, we will seek to understand the process that led to this decision.
We provide this correspondence in an effort to keep participants fully informed on the issues we are currently experiencing in the Australian market, and those we see emerging. We hope leaders within our stakeholder community will use this letter as a catalyst to assess their own firm’s risk management framework as part of a robust review process. ASIC provides ongoing updates to market participants through our website, the Market Integrity Update, media releases, conferences and liaison meetings.
Australian Securities and Investments Commission