ASIC’s CRM ‘major obstacle’ to watchdog’s surveillance efforts

ASIC staff have delivered a scathing assessment of the regulator’s recently implemented Customer Relationship Management (CRM) platform, describing the system as a “major hindrance” and “a barely minimum viable product” that, rather than aiding enforcement efforts, takes up considerable resources and capacity at the agency.

The feedback comes as part of a recent review by the Federal Government’s Financial Regulator Assessment Authority (FRAA), created in the wake of the Royal Commission and tasked with assessing the capability and effectiveness of Australia’s chief financial watchdogs, ASIC and APRA.

Overall, the FRAA called on ASIC to deliver a “substantial uplift” of its IT and data capabilities as well as its approach to new systems deployments, singling out the regulator’s beleaguered CRM and data lake projects.

The reviewer, for instance, found that just over one in three (34 per cent) ASIC staff believed that the regulator had appropriate technology to identify and prioritise threats and harms as well as opportunities and innovations.

Moreover, a significant majority of staff declared their dissatisfaction with the CRM platform, believing it to be “an obstacle to effective surveillances”.

For instance, fewer than one in four (22 per cent) staff believed that the agency’s surveillance activities are supported by an easy-to-use information management system, with substantial negative feedback received concerning information requests made through the CRM.

“ASIC staff reported that the poor user interface and design of the new CRM system make tracking, reporting and coordinating surveillance activities difficult and time-consuming,” the review wrote.

More broadly, ASIC staff described the platform as “time-consuming and overly cumbersome”.

The review noted that the CRM platform is designed to record compulsory requests for information, thereby “allowing ASIC staff to view all interactions with an entity in a single location and assess whether the same or similar information is already available”.

In response to the searing feedback, ASIC revealed it has launched a CRM uplift program to “improve user experience” on the platform. A total of 23 enhancements have been identified, with delivery to commence in December 2022.

Beyond immediate data and technology investments, FRAA also urged for “material cultural change” to ensure benefits from these investments can be fully realised.

“The poor experience of the development and deployment of the new CRM system illustrates that investment in technology without the necessary cultural engagement will not succeed.”

The FRAA called on ASIC’s senior leaders to step up to lead the necessary cultural change required to realise the benefits of its planned digital uplift.

It added: “The negative sentiment expressed by staff towards ASIC’s Customer Relationship Management (CRM) platform demonstrates that ASIC staff members need to be supported when adopting new technology.”

“ASIC’s leadership needs to ensure staff members are engaged early and often to scope, plan and execute new technology to ensure the user experience is considered and tested.”

Additionally, the FRAA noted that the current iteration of the ‘data lake’, ASIC’s centralised data storage platform, was “sub-optimal”, necessitating substantial improvement to make it workable.

A shallow data lake

The reviewer found the data lake was not in wide use among ASIC surveillance staff, due in part to the two-pronged challenge of having a “limited volume of data” available alongside a “lack of analyst skill and familiarity with the platform”.

The FRAA added that limitations regarding data access and availability may challenge the development of innovative surveillance systems and technology platforms, particularly in Financial Services and Wealth teams, and limit a potential increase of the agency’s overall effectiveness.

“Richer and more granular datasets hold the potential to enhance ASIC’s strategic prioritisation and planning processes.”

ASIC’s legislative powers with regard to data capture from regulated entities also need to be reviewed, according to FRAA. “The lack of legislative power to collect granular recurrent data from some sectors limit ASIC’s ability to take an even more proactive, forward-looking stance in addressing and preventing identified threats and harms and to make strategic judgements.

The FRAA recognised that ASIC was aware of these problems with the regulator’s strategic prioritisation, planning and decision-making processes, and it did recognise opportunities to “better leverage insights from data and data analytics to inform its strategic assessments and prioritisation process”.

Staff also noted the value of better analysing data (for example complaints, breach reports, product performance) “to identify trends and potential harms to justify where our focus should be directed”.

Tech uplift on the cards

Overall, the FRAA called for a substantial uplift in ASIC’s data and technology capability, facilitated by wider cultural change across the organisation. The authority recognised that appropriate systems and platforms are critical to supporting ASIC’s effectiveness and capability in its surveillance activities.

Short-termism and reactivity pervade ASIC’s current strategic prioritisation, planning and decision-making processes, according to surveyed ASIC staff, affected in large part by a “lack of comprehensive basis in data and evidence”.

Cultural factors such as risk aversion, siloed teams and a short-term focus were seen as the major barrier to improving data and technology capability at ASIC.

According to the FRAA, the regulator acknowledges its data and IT capability require improvement, with ASIC already taking steps to uplift and transform.

“There is confidence and support at senior levels of ASIC in the ability of newly or recently hired data and technology leaders to deliver on ASIC’s capability uplift strategies,” the FRAA said.

ASIC Chair Joe Longo said: “We need to keep pace in an environment of accelerated change in order to be a confident and ambitious regulator.

“I welcome the FRAA’s recommendations which align closely with my priorities for ASIC.”

The FRAA, as part of its remit, will next report on the effectiveness and capability of the Australian Prudential Regulation Authority (APRA).