The Financial Regulator Assessment Authority’s (FRAA’s) 2022 review into the effectiveness and capability of Australia’s corporate regulator, ASIC, has recommended a “substantial uplift” of the watchdog’s data and technology capability, followed by “material cultural change to embed the benefit from the required investment”.
The FRAA’s (a post-Hayne-formed government body) report, which looked in particular at ASIC’s strategic prioritisation, planning and decision making, confirmed that ASIC would need “improved data, analytics and technology capabilities” to better act on emerging harms, set strategic priorities, create efficiencies and lower the regulatory burden.
In particular, enhanced effectiveness, improved technology and better use of data would be beneficial to ASIC’s Financial Services and Wealth Group, the report said.
Additionally, the FRAA was of a view that additional funding and government support would be necessary if ASIC was to achieve its ambition, given the historic underinvestment in technology and the resulting technology debt.
In particular, ASIC would require further investments in skilled technology and data specialists as well as modern technology platforms, analytical tools and digital capabilities.
At the same time, ASIC would need to focus on the “cultural settings necessary to support the benefits of an uplift in these capabilities.”
The report also found that, historically, the regulator struggled with underinvestment in technology, both funding and capability, and had a comparatively lower annual technology spend than other domestic public sector agencies and international market conduct regulators.
“The FRAA considers that ASIC’s immediate demands may have resulted in this underinvestment. It is also a function of ASIC’s capital expenditure budget which is set by the government, with limited flexibility to reallocate its operational expenditure budget to capital expenditure,” the report read.
The FRAA’s report also confirmed that to successfully execute ASIC’s digital and data strategies, ASIC’s chair, commission and executive directors would need to ensure its staff members were fully supported in a “cultural and mindset change” necessary to execute these strategies.
Additionally, when assessing ASIC’s organisational capability and ASIC’s staff and systems, the report found that only 29 per cent of staff (based on interviews and focus groups, alongside commentary from commissioners, executive directors and senior leaders), agreed that they had access to expertise in “emerging areas” such as threats relating to cyber risk and crypto assets.
As far as surveillance systems were concerned, data and technology capability across the Markets Group and the Financial Services and Wealth Group was varied, with teams in the Financial Services and Wealth Group appearing less confident in their use of data and technology.
This view was further echoed in focus groups and in staff surveys, where Financial Services and Wealth staff members noted they were inhibited by sub-optimal data tools and platforms.
The report also found that ASIC’s new customer relationship management (CRM) system was viewed by ASIC staff as an “obstacle to effective surveillances”.
“ASIC staff reported that the poor user interface and design of the new CRM system make tracking, reporting and coordinating surveillance activities difficult and time-consuming.
“Only 22 per cent of ASIC staff agreed that their surveillance activities are supported by an easy-to-use information management system.”
Also, there was broad feedback from ASIC staff members in the survey, focus groups and interviews around the inadequacy of the CRM system, which was described as “time-consuming and overly cumbersome.”
Additionally, ASIC’s centralised data storage platform, its “data lake”, was found not to be in wide use amongst ASIC surveillance staff.
“This is in part due to the limited volume of data currently available on the platform, as well as lack of analyst skill and familiarity with the platform,” the report wrote.
Hopes in a new digital strategy
The FRAA also found that ASIC had acknowledged that there was a range of opportunities for ASIC to enhance its effectiveness through improved technology capability and the better use of data and developed a digital strategy.
The strategy aimed to expand ASIC’s use of technology to support a more efficient regulatory process, improve its use of data analytics tools to better identify harms and regulatory priorities and improve the way it interacts with its regulated population.
In August, ASIC also outlined its priorities over the next four years with one of four strategic priorities identified as technology risks, including a greater focus on the impacts of technology in financial markets. This included driving good cyber-risk and operational resilience practices and acting to address digitally enabled misconduct such as scams.
Further to that, crypto-assets, scams, cyber and operational resilience and breach reporting were identified as core strategic projects by ASIC over the next four years.
Among the four internal priorities, two were technology-related, and included digital technology and data and analytics.
ASIC stressed that the use of digital technology supporting processes in its regulatory work had to be in line with its digital strategy while improved access to information and adoption of new analytical tools, in line with its data strategy, would help increase its efficiency and effectiveness.