Chapter 2: Governance and leadership matter most



This Chapter addresses key findings and recommendations across four aspects of leadership and governance:

• External governance: oversight and accountability at the ministerial and parliamentary level, together with media and public scrutiny, including requirements for external performance reporting;
• Internal governance: the organisation structure and the responsibilities of senior leadership to ensure strategic guidance and direction and provide internal checks and balances within an organisation;
• Leadership talent: the skills and capabilities of Commissioners, together with the processes that exist to ensure ongoing and future Commissioner suitability;
• Culture: the traits, characteristics and behaviours that define how staff at all levels conduct themselves internally and externally, and accordingly how the organisation's behaviour is viewed by those with whom it interacts.

A well-functioning governance and leadership structure ensures that ASIC Commissioners focus on strategically important issues and have the expertise and focus to plan and implement strategic initiatives. Effective governance arrangements also promote better accountability by ensuring oversight of regulatory delivery and performance, and whole-of-entity objectivity in decision making.

Strong governance models rely on having an organisation structure which allows the leadership team to effectively and efficiently drive the strategic direction and outcomes while also managing public and stakeholder expectations. This requires a strong sense of shared values and culture that are disseminated throughout the organisation. Finally, ministerial and parliamentary oversight provides checks and balances on regulatory powers and outcomes.

Key observations and recommendations are included below.

Table 4: Key observations and recommendations

	Observations
External governance	While the design of the external governance and accountability architecture is appropriate, it is being applied in a manner which is unnecessarily reactive and issue driven, and is not providing broad long term strategic oversight and thereby accountability for ASIC. The SoE is infrequently updated and does not clearly or transparently establish strategic priorities as understood by the Government. As a result, there is an opportunity to update and enhance the SoE to ensure better alignment and mutual understanding. There is a significant 'expectations gap' between the internal and external perceptions of ASIC's performance, which must be managed by both the Government and ASIC, including through the SoE and SoI. ASIC is addressing its performance reporting under the PGPA Act, although this activity remains at an early stage and will need ongoing development (as recognised by ASIC in the articulation of its Corporate Plan).
Internal governance	ASIC's non-executive and executive line management responsibilities are combined, unlike separated (split or hybrid) models used at large corporations and many other international and domestic regulators. While the Panel understands the evolution of the current model and strengths and shortcomings of various alternatives, on balance it believes the current structure is unsustainable if optimal outcomes are to be achieved. In particular, it leaves insufficient bandwidth for the Commissioners to focus on strategic matters, external engagement and communication and does not provide sufficient internal oversight and accountability. The Panel considers that the Commission's strategic and oversight responsibility, coupled with its external engagement role, as meriting the full time focus of the Commissioners.
Leadership talent	Merit based selection procedures exist but have not always been closely or fully followed by Governments in appointments of the Chairperson and Commissioners. While the collective capabilities of the ASIC Commission receive positive feedback from stakeholders and staff, there are acknowledged skill gaps in relation to some capabilities that will be required of the Commission (for example, data analytics, change management). There is not currently a formal and structured forward looking assessment to identify current or future Commission-level capability gaps on an ongoing basis. There is no formal assessment of Commission effectiveness and individual performance review for Commissioners. The Panel is of the view that even for statutory appointments a formal performance review would deliver better outcomes and accountability.
Culture	ASIC's culture is shaped by its stated values of Accountability, Professionalism and Teamwork, and is also a result of its origins and history. On balance, the Panel considers ASIC's internal culture to be more defensive, inward looking, risk averse and reactive than is desirable for a conduct regulator. While the Panel acknowledges that this is a broad and general observation, and there is some evidence of variability in culture within ASIC (although this is difficult to quantify), the Panel considers it to be the responsibility of leadership to set the culture and tone and to drive top-down messaging to ensure consistency.

	Recommendations
External governance	Recommendation 1: The Minister and ASIC to implement a more effective strategic long term oversight function, underpinned by a mutual commitment to a more pro-active regular ongoing dialogue. As steps to achieving this: The Minister to provide an Annual Ministerial Statement in Parliament, in conjunction with tabling of ASIC's Annual Report on the degree to which ASIC meets the expectations of the SoE and is performing in the achievement of its mandate. The Government and ASIC to enhance the SoE and SoI to clearly and regularly communicate expectations (to be reviewed annually) and to ensure mutual understanding and support ASIC in managing stakeholder expectations. Recommendation 2: ASIC to continue to refine the performance reporting framework, including consolidating performance reporting (to ensure consistency between reporting frameworks), aligning internal performance metrics, improving the use of performance narrative, and identifying opportunities for more sophisticated analytics, particularly in relation to outcomes measures.
Internal governance	Recommendation 3: ASIC to realign internal governance arrangements by elevating the current Commission role to that of a full time non-executive function (not an external board), with a commensurate strategic focus and external accountability free from executive line management responsibilities. Recommendation 4: ASIC to establish a new role of Head of Office (HoO), with delegated responsibility and accountability for executive line management functions. Recommendation 5: SELs to be delegated executive line management functions, reporting to the HoO. Recommendation 6: Government to revisit this structure in approximately 3 years, to review the size of the Commission and whether the roles of the Commissioners need to continue to be full-time.
Leadership talent	Recommendation 7: The Government to apply a contemporary best practice merit based recruitment process to ensure fully transparent and robust appointments of the Chairperson, Deputy Chairperson and other Commissioners. Recommendation 8: ASIC to implement a periodic forward looking skills gap assessment of the Commission to identify and inform future recruitment needs. Recommendation 9: ASIC to implement a Commission effectiveness review to assess performance on an ongoing basis. Recommendation 10: ASIC to develop a formal individual performance review process for the Commissioners, led by the Chairperson. Recommendation 11: The Minister to assess the effectiveness and performance of the Commission, to be discussed with the Chairperson on an annual basis.
Culture	Recommendation 12: ASIC to initiate a review of ASIC's organisational culture and as part of that review assess the merit of implementing Google's Project Oxygen team based assessment program to inform development of Commission strategy for high performance team culture.

2.1. External governance — governance architecture needs to be used better

ASIC's external governance framework comprises broad but periodic oversight at the ministerial and parliamentary level, together with media and public scrutiny. This includes:

• The statutory framework under which ASIC operates, laid out in the ASIC Act.
• The SoE,¹³ which sets out government expectations of ASIC and is periodically updated and issued by the Minister. ASIC is required to formally respond with an SoI,¹⁴ which sets out how it will respond to the Government's expectations.
• Ministerial oversight through the responsible Minister(s).
• Appearances before parliamentary committees on a regular and an ad-hoc basis to explain actions and decisions for example, the Senate Economics Legislation Committee ('Senate Estimates', which examines all Treasury portfolio agencies and reviews the annual reports of these agencies) and the Parliamentary Joint Committee on Corporations and Financial Services ((PJC), which enquires into the activities of ASIC and the operation of the corporations legislation, and reviews the annual reports of bodies established under the ASIC Act).

External performance reporting as established under the PGPA Act (requires an increased focus on outcomes, qualitative performance assessment and performance narrative) and the Regulator Performance Framework (RPF) (a set of six outcomes based performance indicators covering reducing regulatory burden, communications, risk-based and proportionate approaches, efficient and coordinated monitoring, transparency, and continuous improvement, which all Commonwealth regulators must report against):

• annual Portfolio Budget Statements that inform the Senate and Parliament of proposed resource allocation;
• periodic performance audits by the Auditor General;
• administrative review of decision making by Administrative Appeals Tribunal;
• parliamentary scrutiny of legislative instruments under the Legislative Instruments Act 2003.

This external governance framework is similar in structure to other key Australian regulators and statutory agencies (for example, APRA, ACCC and ATO).

The Panel's observations and subsequent recommendations focus on three important aspects of this governance framework:

• the nature of interactions between ASIC and the Government;
• the use of the SoE and SoI to increase mutual understanding over expectations to ensure ASIC has transparent guidance for internal planning processes and to reduce and proactively manage the 'expectations gap';
• the extent to which the existing performance reporting framework allows an effective assessment of ASIC's performance.

Government oversight

External oversight by the Minister and Parliament should be predominantly proactive (rather than reactive to the emergence of issues such as performance lapses), comprehensive (providing oversight of the organisation as a whole over time), and ongoing (occurring at regular and frequent intervals), together with more in-depth, issue-based analysis as needed.

By contrast, the Panel found that ministerial and parliamentary oversight of ASIC has tended over time to become more reactive and issue based. This is consistent with an observation of the FSI, which noted that 'parliamentary scrutiny tends to be episodic and focus on particular issues or decisions'.¹⁵ Analysis of Senate estimates and supplementary documents indicates that 85 per cent of discussions in recent years have related to specific issues, rather than to broader strategic topics (see Figure 13 below).

Figure 13: Comparison of strategic and issue based estimates discussion¹⁶

The Panel recognises that Parliament has an important role to play in investigating material regulator performance issues, including those that give rise to concerns of the public, and in ensuring that ASIC is identifying and addressing in a timely and effective manner significant risk issues that may result in material harm or potential harm. However, the Panel is of the view that, on balance, parliamentary oversight has tended to become overly issue driven and reactive and at the expense of a more strategic long term oversight function and comprehensive accountability. This view was shared by most stakeholders and emerged as a common theme in stakeholder feedback during the consultation process.

The Panel is therefore of the view that, on balance, there is insufficient external consideration of the suitability of ASIC's long term strategic direction and performance over time. The tendency to focus on issues, particularly on high profile enforcement actions (for example, financial advice and planning scandals, take-overs), can also reinforce the occasionally adversarial nature of interactions between the regulator and parliamentary committees and a perception that ASIC is overly focused on enforcement. The Senate Estimates session held on 22 October 2014 is one example of a particularly adversarial interaction.

In response to the identified shortcomings in ASIC's external governance, the Panel has considered whether alternative accountability structures, such as a FRAB as proposed by the FSI would assist in providing better oversight.¹⁷ While the FRAB would have subjected regulators (including ASIC) to more intensive scrutiny, the Panel supports the Government's view that a further institutional layer is not required given that the existing infrastructure is broadly appropriate, albeit not being well used. In short, the Panel considered there was no compelling case for a 'regulator to regulate the regulators', with the attendant additional cost burdens involved for the regulated population.

The Panel also supports the Government's indication that it will reconstitute the Financial Sector Advisory Council (FSAC) in an advisory role. While the design features of this body are still being finalised, the FSAC's Terms of Reference will include providing advice to the Government on the performance of financial regulators, which will complement, rather than replace, existing accountability measures.

The Panel believes that the external governance architecture is largely appropriate, and believes that the tendency toward issues-driven and reactive oversight is a result more of the framework's use and interpretation rather than any weakness in its design. As such, the existing framework needs to be better used to fully realise its accountability potential.

Achieving this outcome will require a
mutual and concerted commitment by the Minister, Parliament and Treasury, as well as from ASIC, to ensuring more effective oversight functions which involve a balanced and ongoing appraisal of ASIC's strategic direction and ongoing performance as assessed against ASIC's strategy and performance metrics (both informed by obligations in the SoE). This requires:

• enhancements to the SoE to ensure clearer and more regular guidance on long term strategic expectations of the Government (discussed in more detail later in this Chapter), together with a subsequent refresh of the SoI;
• more regular and ongoing discussions between the Minister and the Chairperson of ASIC, including explicit discussions of Commissioner performance (discussed further later in this Chapter);
• a Ministerial statement in Parliament by the Minister when tabling the ASIC annual report reflecting on the extent to which ASIC has fulfilled the SoE.

The Panel views this as a potential, helpful benchmark model for the Government's interactions with other independent statutory agencies and regulators.

Statements of Expectation and Intent — a missed opportunity

The Minister's SoE outlines the Government's current expectations about the role and responsibilities of ASIC, its relationship with the Government, issues of transparency and accountability, and operational matters. This Statement, and ASIC's response, the SoI, are released publicly.

As noted above, ministerial and parliamentary scrutiny of ASIC has tended to become overly issues-driven in nature. In this context, the Panel observes that the SoE currently provides insufficient clarity as to where ASIC is expected to focus its efforts and what trade-offs are reasonable in fulfilling its mandate. The Panel observes:

• A lack of discussion of emerging risks by the Government, which means there is insufficient guidance to ASIC on its strategic focus.
• Infrequent updates to the SoE (with the latest version being released in 2014, and the previous version having been released in 2007). This can result in a possible misalignment between current economic and market realities and stated Government priorities.
• Insufficient recognition of increasing expectations as to the issues and challenges ASIC is required to address (described as the additional 'To Dos' in Chapter 1, see Figure 5) and of the increasing complexity of the legislative environment (also discussed in Chapter 5).
• Limited guidance as to how the Government expects ASIC to balance the various components of its mandate.
• Limited discussion on the Government's risk tolerance or its explicit expectations as to the limits of ASIC's abilities to prevent harm and wrong-doing.
• Limited acknowledgement of the 'expectations gap' with regard to what ASIC can achieve and what it cannot (see Box A).
• Limited guidance around expected interaction between ASIC and other regulators, including opportunities for cooperation, such as on data sharing achieved via the CFR.

Similar findings were also made by the FSI, which observed that 'regulators currently receive little guidance about how they should balance the different objectives of their respective mandates'.¹⁸ In the case of ASIC, this is exacerbated by the sheer breadth of its mandate, compared with both other regulators in Australia, as well as peer regulators internationally.

The expectations gap – a case of mind the gap

As implied by its name, the SoE is intended to set certain government expectations of ASIC. As a public document, it also drives stakeholder and community expectations as to the role and activities of ASIC.

Where there is a misalignment between the understanding or perceptions of external stakeholders (members of the regulated population, industry bodies, the public) and internal stakeholders (ASIC Commissioners and staff), this can be referred to as an 'expectations gap'. There are two distinct types of expectations gap:

• A divergence between how well ASIC thinks it has performed compared to how external stakeholders assess ASIC's performance.
• A misunderstanding in what the public think ASIC can do, compared to what it actually can do legislatively, that is, ASIC's mandate.

The expectations gap is not necessarily indicative in itself of ASIC's performance, and there may be several reasons for these differences in perception. For example:

• ASIC may not have communicated its goals and achievements effectively to external stakeholders.
• Internal and external stakeholders may have different standards against which they assess performance.
• ASIC staff may have been overly optimistic in self assessing the organisation's perf
  ormance, or external stakeholders may be overly negative in their assessment due to past dealing with ASIC.
• External stakeholders might not understand the limits of ASIC's mandate.

As an example of a manifestation of an expectations gap, ASIC has been making progress on reducing red-tape, and is able to identify a number of specific examples where this has been successful, resulting in a total saving of around $470m. However, feedback suggests that this progress has fallen short of external expectations and that ASIC may not be placing sufficient focus on the areas that currently impose the biggest regulatory burden. This is in contrast to other agencies, such as the ATO, where stakeholder perceptions of red-tape reductions are broadly positive. The Panel notes that the ATO's deregulatory program is founded on an overarching strategy and a structured process of reducing regulatory burden across all of its business processes. The ATO's program is also well resourced and well received by stakeholders.

It is evident that many external stakeholders are not fully aware of the limits of what ASIC can and should do. This is demonstrated in the tendency for public reaction and criticism against ASIC where there is a market failure or losses occasioned by normal commercial, and investment risks, even where it is not reasonable to expect ASIC to have prevented that outcome. This is also manifest in much of the more recent parliamentary committee oversight.

Addressing the expectations gap

While some expectations gap is inevitable, the Panel finds the current expectations gap substantial and requiring immediate attention of the Commission and the Government. The Panel views this to be a mutual obligation.

Moreover, the imperative to address this expectations gap will increase if a proposed move to a user pays funding model is adopted by the Government. If regulated entities are required to contribute to the costs of their oversight, they will have a heighted expectation around transparency in reporting and about the effective and efficient use of their funding. There is also a risk they will be quick to judge market failures as a failure of ASIC if they have made a direct financial contribution to the maintenance of a strong financial system and are not fully aware of the limits of ASIC's mandate.

Closing this disparity on expectations of ASIC's role and performance can be achieved by ensuring:

• ASIC's mandate and expectations are well understood;
• ASIC's strategic responses to the mandate and expectations are well informed and appropriate;
• Performance is reported in a meaningful way.

As an additional perspective, it is informative to compare the results of external stakeholder surveys for ASIC with those of the FCA. In conducting this comparison, the Panel found that the results are mixed, with ASIC outperforming the FCA in some instances, and underperforming in others. For example, the FCA is perceived as being more forward looking and effective than ASIC.²³ On the other hand, external stakeholders believe ASIC staff have a stronger skill set vis-à-vis the FCA.²⁴ It is important to note that the survey methodologies (questions, sample groups) used for each survey are different, and that the regulators are also at different stages in their own lifecycles. Nevertheless, the Panel views this comparison as further evidence of the need to address key gaps.

Box A also highlights the importance of ensuring ASIC's mandate and expectations are well understood in order to reduce the expectations gap with regard to what ASIC can and cannot do. This provides an additional imperative to enhance the SoE and SoI, through clearly stating the Government's expectations and acknowledged limitations, and providing a clear plan on how ASIC intends to meet those requirements. Enhancements to the SoE will also ensure that the Government provides sufficient guidance and resourcing to the priorities for ASIC to pursue, given the extensive nature and ever growing 'To Do's' of its mandate.

The Panel welcomes the Government's commitment as a response to the FSI, to provide clearer guidance in a revised SoE in the first half of 2016.

Table 5 below provides an indication of the key changes that the Panel considers could potentially be incorporated in a revised SoE. At a minimum the SoE must discuss ASIC's role, priorities, the Government's regulatory outcomes risk tolerance, expected interactions with the Government, Minister and Treasury, interactions with other regulators and transparency and accountability. This has been further extended in Appendix B which contains a full form illustrative SoE. These examples are intended for benchmark purposes only, and should not be interpreted as recommended wording. The Panel acknowledges that the SoE needs to be carefully drafted so as to transparently express the Government's aspirations while not undermining the independence of ASIC.

Table 5: Illustrative SoE enhancements

Component	Example wording
Acknowledgement of any trade-offs in pursuing mandate with available tools	'ASIC operates with limited resources and the Government therefore recognises that the pursuit of an objective or use of a particular tool may come at the expense of others. ASIC should explicitly acknowledge and explain any required trade-offs, and should clearly state how it plans to allocate resources, prioritising those actions that are most directly aligned with its three regulatory objectives, given ASIC's assessment of the current risk environment. Further, ASIC should develop appropriate MIS to undergo internal efficiency reviews every two years to ensure that resources are being deployed in the most efficient way possible. The government expects the next review to occur in 2016.'
Acknowledgement of the expectations gap, that is ASIC's capabilities to effect change and know limitations	'There are limits to ASIC's mandate which may not be fully understood by the public, resulting in an expectations gap (that is, the misalignment between external and internal perceptions of ASIC's performance, capabilities and mandate). Educating the public of ASIC's role and limits is a mutual obligation of ASIC and the Government. This Statement of Expectations, combined with the Statement of Intent that ASIC is required to produce in response, goes some way to addressing this misalignment, by clearly describing the expectations the Government has for ASIC (in the Statement of Expectations), and outlining how ASIC will respond to each of the requirements (in the Statement of Intent).'
Explicit identification of the expansion of ASIC's mandate, functions or activities	'ASIC's mandate is subject to change over time as the regulatory needs of the Australian economy and markets change. ASIC must ensure that it develops strategies and the necessary internal capabilities to address any expansion of its mandate. The Government, in turn, has an obligation to articulate the additional resourcing to be provided for new functions.'
Statement of the Government's regulatory outcomes risk appetite	'However, the government recognises that ASIC cannot, nor should it seek to, eliminate all risk in the financial system. ASIC's role does not involve preventing all risk in the market, or in ensuring compensation where there is a loss. Rather, ASIC's role is to reduce the level of risk through surveillance, supervision and guidance, and, where wrong-doing does occur, enforcement. Its role also involves reducing the 'misalignment' of expectations through education, in order to address circumstances where investors or financia l consumers think they are bearing lower risk than the actual risk of the product or strategy.'
Acknowledgement of the impact of economic and market conditions	'In particular, the Government has identified a number of economic and market trends that should impact how ASIC deploys its resources over the coming year. These include: The current low yield environment: Where interest rates and asset yields are low, some investors may be attracted to high yield schemes in order to achieve a level of desired returns. In some instances, these investors may not be fully aware of the risks involved in extending risk appetite to achieve higher returns. As such, ASIC should deploy resources to investor education focused on risk-return trade off issues. It should also focus on supervision of market participants promoting higher yield products in order to identify possible misconduct. [Any other matters as identified by Government]
Identification of key risks to which ASIC should respond, along with a description of how this is expected to develop over the year	'The Government expects ASIC to take a forward looking approach to managing key risks that will shape financial markets in the next 3-5 years. Along with undertaking its own analysis of key risks, the Government expects ASIC to develop strategies that address: Corporate culture, with a focus on business integrity and treating customers fairly. The Government expects ASIC, following appropriate analysis and consultation, to conduct targeted supervision of high risk entities to review their conduct policies, and to assess the alignment of incentive structures and risk management as a proactive approach to identifying possible misconduct. [Any other matters as identified by Government]
Description of expected relationships with agencies and peer regulators	'Further, ASIC is also expected to work together with the Council of Financial Regulators (CFR) and the International Organisation of Securities Commissions (IOSCO) to further develop and maintain relationships with financial regulators domestically and globally. Commissioners should identify opportunities to participate in the leadership of these organisations in order to further contribute to the regulatory agenda and the global integration of Australia's capital markets.'
Description of priority areas for cooperating in the coming 1 to 3 years	'The Government recognises the importance of open data and expects ASIC to take an active role in promoting and developing an approach to more open government data sharing across financial regulators together with the CFR. ASIC should assist the Government in identifying the requirements of a coordinated data policy as well as legislative restrictions that need to be removed.'

The SoE will be reviewed annually to determine whether an update is required. Triggers that indicate that a change may be required include any changes in ASIC's mandate, a substantial change in Government priorities (for example where there is a change in Government) and a significant change in macro-economic and market conditions. If no change is to be made, this needs to be communicated, as soon as possible.

The Panel views this approach as consistent with the IOSCO Principles of Securities Regulation in that it respects the operational independence of the regulator whilst ensuring that the Government's priorities are being met. Further, it avoids the risk that Government assumes a directive stance that is not clearly or transparently communicated to ASIC and the public more broadly.²⁵

ASIC will be required to update its SoI to directly respond to each of the Government's articulated expectations, acknowledging what is required and identifying a plan for how it will meet those expectations. In order to drive accountability to execute that plan, each expectation must be aligned to specific performance measurements (see Chapter 3 for a broader discussion on these linkages). A description of what the Panel would expect to see in response to each component of the revised SoE is included in Table 6 below.

Table 6: Illustrative requirements of the SoI

SoE component	Requirements of the SoI
ASIC's role	Acknowledgement of its mandate, including any changes to this mandate over the past year Explanation of any trade-offs, and how resources will be allocated accordingly Explanation of how ASIC will manage the expectations gap Comment on the adequacy of resourcing and Government funding
Risk tolerance	Recognition of external factors impacting ASIC's ability to achieve its mandate Acknowledgment of the Government's risk appetite Description of how ASIC will adapt to changes in economic and market conditions
ASIC's priorities	Description of ASIC's strategic priorities which reflect the most significant risks and drivers of risk to ASIC's enduring objectives over the next 3 years Description of how ASIC proposes to allocate its resources, and manage its workforce and organisation capabilities to meet these requirements Establishment of a clear linkage between the SoE and the strategy outlined in the Corporate Plan Clear statement that an action plan and metrics to assess performance are included in the Corporate Plan Explanation of how the priorities stated by the Government in the SoE align with ASIC's own priorities Acknowledgement of the Government's priorities and a description of how ASIC will contribute to them

More detailed and informative use of these existing accountability tools will not only help address the expectations gap by clarifying what ASIC can and cannot do, but also anchor discussions with the Government. The SoE and SoI will be prepared on the basis of ongoing strategic dialogue between the Minister and the ASIC Chairperson, including on matters of prioritisation and potential changes to (and consequential resourcing of) ASIC's mandate. It will also be used to promote more targeted use of other existing external governance mechanisms.

The Panel views the annual preparation of the SoE and SoI as requiring greater pro-active engagement between the Minister, Treasury and the ASIC Chairperson.

The Panel believes that these recommendations for enhanced SoEs and SoIs, including scope and frequency, provide a potential helpful benchmark for other independent statutory agencies and regulators.

Performance reporting

Performance reporting is another key component of ensuring external (and internal) accountability, and managing the expectations gap. Performance measures should be chosen that allow external stakeholders to make an assessment of whether and how ASIC has achieved its strategic objectives. This will help to ensure objective and information assessment of performance to hold ASIC to account.

Figure 16 below outlines the levels at which performance can be assessed according to Harvard academic and regulatory consultant, Malcolm Sparrow. Tier 1 measures assess whether or not the regulator has been able to achieve its strategic objectives. In ASIC's case, these would be measures directly assessing the extent to which it has, for example, improved trust and confidence in the financial system. This is inherently difficult, as it is challenging to prove causality (did ASIC's actions alone improve trust and confidence) and to measure prevention (what would have been the outcome if ASIC had done nothing).²⁶ No global regulator has yet achieved a best practice approach to measuring tier 1 performance.

Figure 16: Malcolm Sparrow's tiered performance reporting framework²⁷

ASIC leadership understands the importance of a well-developed performance measurement and reporting framework, and has invested time to develop improved tools, as reflected in the 2015-2019 Corporate Plan. For example, in the past year, ASIC has produced two frameworks for external reporting, firstly to provide evidence metrics as part of the RPF, and then to develop outcomes based metrics for the PGPA Act.²⁸

The Panel recognises that the performance measurement framework included in the Corporate Plan is a step in the right direction that will enhance the ability of external parties to assess the extent to which ASIC achieves its objectives. In particular, it commends:

• The explicit recognition of the importance of including outcome based metrics to assess perceived and actual behaviours demonstrating trust and confidence in the financial system (as one of ASIC's enduring mandate objectives).
• The use of the stakeholder survey as direct evidence of perceptions and any specific areas of material disparity between internal and external performance assessment. This will ensure enhanced focus on managing the expectations gap and act as an catalyst to review and recalibrate the stakeholder engagement model and avoid a 'set and forget' approach to stakeholder management (see Chapter 4 for further discussion on external panels).
• The assessment of performance across multiple tiers, although recognising that measurement of tier 1 should continue to improve (see Table 7 below). The commitment to continually improving the framework with time.

Table 7: ASIC's updated performance reporting framework

Tier	ASIC's measurement approach (2015-19 Corporate plan)	Panel assessment
Tier 1 Effects, impacts and outcomes	Stakeholder survey responses.	Stakeholder surveys are not a direct measure of performance against strategic objectives. Will require careful nuancing and discussion to overcome concerns around potential bias in survey results.
Tier 2 Behavioural outcomes	Case studies and tailored initiative impact assessments to demonstrate how specific pieces of work have influenced behaviours. Percentage of misconduct reports resolved resulting in changes to systems, processes or procedures, or corrective disclosures made.	Not able to fully assess use of case studies as these have not been incorporated in performance reporting in prior years.
Tier 3 Agency activities and outputs	Number of surveillance completed. Percentage of successful criminal and civil litigation. Number of financial literacy resourced produced and delivered. Number of new or revised regulated guides published.	As expected, and consistent with peer regulators. Narrative important here for appropriate interpretation.
Tier 4 Resource efficiency	No explicit metrics.	These metrics would become more important if a user pays funding model is adopted.

However, this activity remains in an early stage and will need ongoing development. More specifically ASIC should focus on:

• Consolidating performance reporting: Performance metrics are currently scattered across multiple external reports, with several main sources of performance information published for public consumption.²⁹ Most of these sources are not accompanied by a detailed performance narrative, or an assessment of gaps in performance or delivery against stated priorities. This makes it challenging for stakeholders to make a judgment as to the degree to which ASIC is performing against its objectives, priorities and expectations.³⁰
• Enhancing the use of performance narrative: In the absence of specific measures at the tier 1 level, it is important that ASIC develop a narrative to demonstrate how its actions have contributed to achieving its strategic objectives. Moreover, greater reliance on tier 3 metrics requires greater use of accompanying narrative to avoid the potential for perverse risk incentives (a high litigation success rate could suggest risk averse case selection), and outputs (number of financial literacy tools) misconstrued as effective outcomes.
• Internal alignment: Measurements used for external reporting should also be used for internal performance measurement (see Chapter 3 for further discussion).
• Increasing use of sophisticated data analytics to enhance measurement: ASIC has identified social media, data analytics and greater use of sector specific metric targets as areas of future development.³¹
• Looking to peer performance measurement frameworks to identify scope for further improvement. For example:
  • the SEC (USA) uses a mix of performance indicators and related indicators, with the latter used to provide context rather than an assessment of performance;
  • the CFTC (USA) sets targets for upcoming years and over the medium-term using annual results as a baseline to assist in setting targets for future years;
  • the FCA (UK) uses market cleanliness statistics (movements in share prices around takeover announcements), but accompanied with a narrative.

External governance: recommendations summary

Internal governance includes the organisation structure and the responsibilities of senior leadership to ensure strategic guidance and provide internal checks and balances within an organisation. Additionally, good internal governance ensures decisions are being made at the right level to ensure efficient use of senior leadership and to maximise staff empowerment with a framework of strong accountability.

ASIC's Commission is comprised of five full time Commissioners (including the Chairman and Deputy Chairman). As curren
tly interpreted by the Commission itself, the Commissioners all have dual roles:

• Non-executive governance roles: As statutory appointments, the Commissioners have ultimate decision-making authority as to strategic oversight and direction of the organisation (that is, a traditional Board role). In this role, they sit in on internal committees, all external panels and have ultimate responsibility for ASIC's Corporate Plan, and strategic and material regulatory decisions.
• Executive management roles: In addition, the Commissioners perform day-to-day executive line management functions in relation to business activities of ASIC. In this role, they lead groups of business lines ('clusters') with direct reporting lines from SELs to individual Commissioners, and make decisions on operational matters.

This design is not fully a result of legislative requirements, with the law stating only that the Commission must be comprised of three to eight full time statutory appointees, with a Chairperson holding complete executive responsibility. In other words, the delegation of executive responsibilities for parts of the organisation (the clusters) by the Chairperson to individual Commissioners is an arrangement that was deliberately chosen by the former Chairperson and upheld by the current Chairperson.

The model differs from that employed by large corporations and many other regulators (for example, FMA), where Commissioners or Directors do not have direct responsibility for a line of business and are not directly involved in day-to-day operations. The Panel also notes that this model is different from that of domestic regulators such as the ACCC and APRA where Commissioners and Members do not spend a majority or material allocation of their time on operational matters, and indeed, the ACCC delegates such functions to a CoO.

The combined executive line management and non-executive (governance) role has a number of strengths, including:

• Closer alignment between strategic and operational decision making.
• Direct accountability to the Minister for high priority operational and regulatory matters.

The structure of the current model is also partially supported by two reviews which emphasise the importance of an executive board but these warrant nuanced interpretation and translation to ASIC's current internal governance model:

• Review of the governance practices of statutory authorities and office holders 2003 (Uhrig report):³² As part of a broader review of structures for good governance, this review recommended that 'boards should be used only when they have full power to act'.³³ Where Ministers play a key role in determination of policy, or where the board would lack the power to appoint and remove the CEO then the report finds delegation to an executive group most practical.
• The Failure of HIH Insurance, 2003:³⁴ As a result of the HIH Royal Commission, APRA was established with a model similar to ASIC: that is an executive group board comprising a CEO and 2-3 executive commissioners. As part of that review, Justice Owen stated that: 'APRA's governance structures are not optimal for an organisation of its type. It has a board that is in some respect similar to the boards of commercial entities. I do not think this is necessary. Control — and with it responsibility — should rest with a small full-time executive'. However, it should be noted that this recommendation for APRA was accompanied by many others and there is no explicit attribution (despite public suggestion otherwise) that APRA's previous governance model contributed to the quality of oversight.

The model also results however, in a number of challenges and tensions, with the risk that it can erode the strength of internal accountability, and that it may leave insufficient time for Commissioners to focus on strategic decision making, holding executives accountable for delivery, external engagement and strategic communications.

The Panel believes that a dual governance and executive line management role inherently undermines accountability. Despite best efforts, individuals responsible for particular executive functions are unlikely to be consistently able to detach themselves from their concerns as an executive to take a fully independent and organisation-wide perspective when acting in their governance role to hold the executive team (including themselves) to account.

Because ASIC's governance and executive layers are merged, there is no separation between development and advocacy for business initiatives (by the executive) and impartial consideration of the strategic merits of those proposals (by the governance group). This may make it difficult for the Commissioners to take a completely non-biased and strategic approach to decision making, as they may tend to be swayed by the perspectives of their executive roles, particularly in the endorsement of proposals they have been involved in.

Additionally, there is a risk that a Commissioner involved in a particular operational area will dominate discussion on that topic and influence decisions as other Commissioners may defer to him/her because of their relevant expertise. Commissioners may therefore feel less comfortable and confident in questioning the suggestions and decisions of their peers and may be less likely to demand clear articulation of delivery plans and challenge these when detail is lacking. This ultimately erodes internal accountability mechanisms, as there is no impartial body objectively assessing performance progress against tangible delivery plans (see Chapter 3 for further detail).

The Panel is also of the view that the volume and urgency or time sensitivity of operational matters distracts the Commission away from focusing on higher priority strategic questions and challenges, strategy development and organisation capacity and capability needs. There is likely to be a natural tendency for people in blended executive and governance roles to prioritise some of the more immediate issues and short term challenges compared with long term strategic requirements.

While structures exist to minimise Commissioner involvement in operational matters, these are not always operating as designed. Namely, the Panel observed a number of challenges with the delegation framework:

• Employment delegations are only permitted to ASIC staff employed under the PSA (see Chapter 3). As an increasing number of senior staff are not being employed under the PSA, this frustrates the decision making process, creating inefficiency and putting pressure on those who can be delegated functions and powers.³⁵
• The delegation matrix does not always reflect how decisions are made. Commission and staff discussions highlighted that decisions were generally made at more senior levels than suggested in the delegations (with the exception of the finance delegations).

These factors compound to put additional pressure on the Commission to be unnecessarily immersed in operational matters. Further evidence of insufficient bandwidth for strategic decision making includes:

• Panel discussions with ASIC Commissioners and staff, review of meeting minutes and attendance at committee and Commission meetings.
• Insufficient time spent engaging with the market. For example, ASIC Commissioners spend an average of 26 per cent of their time on meetings and engagement activities with external stakeholders³⁶ which again is materially less than that of other domestic regulators (see also the discussion on culture in this Chapter). This corresponds with ASIC's own time use analysis, which indicates that Commissioners spend
  around 24 per cent of their time on external engagement. Excluding the Chairperson, whose IOSCO role entails a significant time commitment, the average comes down to 21 per cent.³⁷ The Panel views a best practice time allocation to external engagement for the senior leadership of a regulator as 40 per cent or more, based on observations of other agencies.
• Time use analysis conducted as part of the PwC evidentiary review, indicating that 58-77 per cent of Commissioner time is spent on operational and administrative matters (the executive line management role), leaving only 23-42 per cent for strategic initiatives and external engagement (the strategic oversight role).³⁸ By contrast, the Panel would expect to see less than 20 per cent of time being spent on operational and administrative matters and which notably aligns more closely to that of other domestic regulators.

After having reviewed PwC's analysis and the Panel's draft Report, ASIC provided its own time-use analysis conducted on the basis of a review of Commissioners' diaries and reflection on activities over a one-month period in the office between September and November 2015. The results suggest that ASIC Commissioners spend around 59 per cent of their time on strategic matters and activities.³⁹ However, the Panel has a number of concerns with this analysis:

• The data underlying the supplementary analysis cannot be reconciled with the data originally provided to PwC.
• A number of examples defined by ASIC as strategic appear to the Panel to be more executive and operational, for example updates to staff and internal presentations.
• An average of 7 per cent of time was spent on 'internal accountability', which includes weekly Commission meetings and fortnightly one-on-ones with key reports. Based on its observation of one of the Commission meetings and assessment of minutes of other meetings, the Panel finds that substantive time is devoted in these discussions to matters that it considers largely operational.
• The analysis was conducted over the course of this Review, when the Commissioners were required to substantively engage with the review process, which would likely require more strategic focus compared to business as usual. This is accounted for under 'change management' which accounted for an average of 6 per cent of Commissioner time spent.
• The analysis was received late in the Panel's report drafting process, and hence could not be fully tested and verified.

Regardless of the interpretation of the supplementary time analysis evidence, the Panel is of the view that its findings stand given other sources of evidence (observations, internal and external discussions, survey data) and challenges around ensuring strong internal accountability under the current structure.

The Panel does recognise the many strategic exercises that are being led by the Commission, including the funding model review, One ASIC project, and the Registry Separation project. It also acknowledges the importance of Commission involvement in high priority regulatory decisions (for example, policy issues and landmark enforcement discussions). However, it appears that operational matters require a disproportionate degree of input, commensurately reducing the capacity of senior leadership for long term strategic thinking, delivery oversight, accountability, and external stakeholder engagement and management.

The Panel considered a range of internal governance models applied by regulators in Australia and overseas. These models can be compared based on whether there is a low or high degree of separation between the governance and executive roles.

• Low degree of separation:
  • Commissioners also have an executive role with responsibility for a particular line of business.
  • There are formal reporting lines directly to individual Commissioners.
  • Commissioners are all full time and internal.
• High degree of separation:
  • Commissioners are responsible for collective decision making only.
  • All reporting lines go directly to a Chairperson, CEO or other role with delegated responsibilities.
  • The Commission may comprise part time external members and full time internal members.

The positioning of other regulators against these characteristics is demonstrated in Figure 17 below, with a brief summary of each regulator's governance model included in Table 8.

Figure 17: Regulator governance models

Another important consideration is the role of the Chairperson as CEO or non-executive. For ASIC, it is mandated that the Chairperson must hold executive responsibilities. As such, there can only be delegation to a CoO or quasi-CEO. This is consistent with the Uhrig Report, which highlighted the importance of the Chair being able to appoint the CEO, and also the World Bank's report on the Governance of Securities regulators, which notes that 'if the CEO is appointed by another authority then he or she would have a separate status and may consider there to be a mandate to implement the agenda of the person who was responsible for their appointment, rather than the Board. This would undermine the accountability of the Board.'⁴⁰

The Panel acknowledges that there is no ideal model for structuring internal governance for a regulator such as ASIC. However, on balance, the Panel recommends that ASIC realign its structure to achieve clear separation of the non-executive (governance) and executive (management) roles. In the view of the Panel, despite some benefits, the current model is unsustainable, as it confuses responsibilities and blurs accountabilities, and will ultimately lead to sub-optimal outcomes, especially given the strategic challenges and tasks for the Commission over the next few years (outlined in more detail in subsequent paragraphs).

Table 8: Regulator internal governance structure examples⁴¹

Regulator	Description
APRA	Executive Board, although most operational activities delegated Chair acting as CEO
ACCC	Chair, two Deputy Chairs and four full time Executive Commissioners Four Associate non-executive Commissioners Executive functions delegated to a CoO
BAFIN (Germany)	Two tier structure Part time supervisory board comprising members of Ministry of Finance, Economics and Justice, members of parliament, and representatives from credit institutions, insurers and asset management companies Chairman and CEO are separate roles Full time executive board with full delegation for day-to-day management
FCA (UK)	Board comprising a non-executive Chair, CEO, the Bank of England Deputy Governor for prudential regulation, six additional non-executive directions, one additional executive director A separate executive committee with two members also sitting on the Board (CEO and Director of Strategy and Competition) All reporting lines go through the CEO
FMA (NZ)	Board comprising a non-executive chairman and eight additional non-executive directors Separate executive team
MAS (Singapore)	Board of Directo rs comprising a Chair, Managing Director and eight additional non-executive directors Separate management team, with one member (the MD) sitting on the Board
SEBI (India)	Eight member board (including the Chairman), with four full time roles Chairman is also the CEO Full time members have responsibilities for a number of specific functions, which are in turn each led by an executive director
SEC (USA)	Four non-executive Commissioners and a Chair (who is effectively the CEO), all full time All business units report into Chair Separate management team comprising an Office of the Executive Director, Office of the Chief Operating Officer and divisional directors
SFC (Hong Kong)	Board comprising a non-executive Chair, the CEO, seven additional non-executive directors and four additional (full time) executive directors Chairman and CEO are separate roles Separate 10 member executive committee (four members sitting on the Board), reporting into the CEO
OSC (Canada)	Commission of 9-16 members, with two full time roles (Chair and Vice Chairs) Chair is effectively the CEO One part-time Member elected by other part-time members to act as Lead Director All executive functions report into an Executive Director/CAO, who then reports to the Chair.

The recommended model retains the full time Commissioner role, and effectively elevates the Commission to a full-time non-executive 'Board of the Commission' where it can fully focus on improved internal accountability, strategic decision making and external engagement and communication. It also empowers the SELs to take responsibility for decision making and execution of operational matters. This model does not imply a major structural change, and does not have any legislative implications.

The key features of the recommended model are:

• Elevation of the existing Commission to a non-executive board function (a Board of the Commission), with a conventional oversight and accountability role similar to that of a listed company board, coupled with an external engagement role. The Commission would continue to comprise five full time Commissioners, for at least the next two to three years. This would not be an external board and the Panel is not proposing any change to Commissioner terms of appointment.
• The role of the ASIC Commissioners will extend materially beyond the role of a non-executive director at a listed corporation. Under the new approach, ASIC's Commissioners will still be full-time and intimately involved in major regulatory decisions of strategic significance, for example approving policy recommendations and major enforcement decisions that are systemically important or high profile. Furthermore as full-time roles, there will be no risk of conflicts of interest driven by other roles, and no detachment from the business, as can occur with an external Board. There will be close interaction with ASIC senior executives on a daily basis, but Commissioners will have greater bandwidth to drive strategy, direction, culture and stakeholder management more effectively. This will allow the Commissioners to become genuine leaders rather than managers.
• Establishment of a new role of a 'Head of the Office' (HoO) of ASIC, with delegated responsibility for executive line management functions. This position would be a non-statutory role appointed by the Commission. As such, the recommendation is consistent with the Uhrig report in that it gives power to the Chairperson and Commission Board to appoint and remove the HoO. Furthermore, the Chairperson will maintain executive authority, in accordance with ASIC legislation.
• The role of the HoO will be to lead the day-to-day operational management of the organisation and to relieve the Chairperson and Commissioners of these additional and operational responsibilities. SELs will either report directly into the HoO or via group leaders. Clear lines of accountability, a revised delegation framework, and likely a revised Commission sub-committee structure will all be required to ensure that the right issues are being elevated to the Commission. A well-developed governance and oversight framework will ensure that the HoO does not become a 'bottleneck' on decision-making and is elevating key issues while addressing operational matters below the Commission level. As is the case in other regulators and many large organisations with external Boards, there will still be regular direct contact between the full-time Commissioners and SELs on strategic and important operational matters, both during Commission meetings to which relevant SELs would be invited, and more informally on a daily basis. However, the important difference would be the elimination of direct reporting from particular SELs to individual Commissioners, and hence clear lines of accountability for executive line management functions.

The key features of the model are illustrated below.

Figure 18: Key features of the proposed internal governance structure

In the Panel's view, there are a number of significant benefits which make the proposed internal governance model superior to the current arrangements:

• The Commission and executive have separate and distinct roles, ensuring clearer lines of accountability and oversight, thereby enhancing overall accountability and efficiency at both levels
• Primary focus of the Commissioners is on setting the strategy of the organisation and supervising overall delivery and performance against the strategy.
• Commissioners have a full-time focus across the whole organisation (rather than devoting part of their time to one specific cluster).
• Commissioners are separated from operational decision making and execution activities with consequential unconflicted interests and whole-of-entity objectivity
• Commissioners can be more focused on managing 'upwards and outwards', that is managing external relationships with the Government and other external stakeholders, rather than being focused 'inwards and downwards', that is managing internal operations and relationships.
• The Commission has the organisational flexibility to allocate the oversight of particular components of the strategy to a subset of the Commissioners.
• The proposed model does not require legislative change for implementation.

ASIC should also take the realignment of the internal organisation structure as an opportunity to revisit the Committee structure, including the current coverage of risk management matters. In doing so, ASIC should establish alignment between, and strategic oversight of, risk management as it relates to external, regulatory risks and internal organisational and operational risks. These two streams should be linked through the delivery component of the Corporate Plan and subject to regular management reporting to the Commission Board through the relevant Board sub-committees. This is not happening at present.

Once relieved of executive line management responsibilities, the Panel considers that the revised strategic role for Commissioners would enable them to devote increased attention and priority to significant responsibilities critical to the future direction of ASIC. These have been identified by the Panel and cover a range of areas detailed further in the remainder of this report and can be summarised across seven categories, as follows:

• Internal accountability:
  • driving accountability through critically and impartially assessing business initi
    atives and projects presented to the Commission;
  • driving the performance management process to ensure operational staff are being fully held to account.
• Strategy setting:
  • ongoing oversight of the corporate planning process, including signing off on business plans and monitoring effective delivery of those plans (see Chapter 3);
  • overseeing the development of a more strategic and forward looking IT plan, which includes assessment of future required analytic capabilities and developing an open data policy and forward work program with the CFR (see Chapter 4);
  • reviewing ASIC's organisation structure to ensure alignment with strategy (see Chapter 4).
• Capabilities improvement:
  • developing and piloting temporary project teams (focused on particular risk issues) as part of enhancing organisational and resourcing flexibility (see Chapter 4);
  • conducting an effectiveness review of external panels and internal committees;
  • developing a new tiered approach to Stakeholder Management, and recalibrating the organisation structure of Stakeholder teams appropriately (see Chapter 4);
  • proactively identifying opportunities for co-regulation, and working with relevant bodies to implement (see Chapter 4);
  • conducting a review of internal MIS to support current and future performance reporting and efficiency measurement (see Chapter 4);
  • enhancing the secondment, exchange and partnership program (see Chapter 4).
• Cultural transformation:
  • driving a culture of outward facing professional confidence and high performance teams (see section 4 of this Chapter);
  • refining internal communication methods to drive organisation wide alignment.
• Change management:
  • overseeing the implementation of an industry funding model, should the Government decide to proceed with this course of action;
  • risk management and implementation of registry separation, if a government decision is made to adopt this proposed course of action.
• External engagement:
  • ongoing engagement with senior level stakeholders, including members of the regulated population, in order to understand emerging risks and priorities and to make ASIC's priorities clear to those stakeholders;
  • clarifying ASIC's role as a regulator to the public and working with Government to proactively manage the expectations gap (see Chapter 3).
• Key regulatory decision making: signing off on strategically significant enforcement actions and policy related decisions.

Given the quantity and complexity of strategic issues for the Commission to address over the next 2-3 years, the Panel considers that the Commission role should continue to be full time for at least that period. Beyond that timeframe, and once these issues have been satisfactorily addressed, it would be appropriate for the Government to review the size of the Commission and whether the roles of the Commissioners need to continue to be full-time.

The Panel acknowledges that the decision on the appropriate internal governance model for ASIC is not clear-cut and is ultimately a matter of judgement. However, the Panel has concluded that true accountability for ASIC will remain elusive in the absence of the proposed changes to its internal governance arrangements.

Internal governance: recommendations summary

2.2. Leadership talent — best practice recruitment and effectiveness assessment needed

The role of ASIC Commissioners is broad, challenging, high profile and subject to close public scrutiny. As a result, it is critical to the performance of ASIC that it is led by those with the best available capabilities to develop and deliver on ASIC's regulatory objectives.

In considering leadership talent, the Panel has considered the:

• recruitment process for Commissioners;
• composition and capabilities of the current Commission and required skills sets;
• individual performance review process.

Commissioner recruitment

The Chairperson and Commissioners are statutory appointments by the Governor General on nomination of the Minister, for a period determined by the Minister (up to five years) with Cabinet approval.⁴² While there are no separate appointment guidelines for ASIC Chairpersons and Commissioners, both are subject to the Public Service Commision's (PSC) guidelines on Merit and transparency: Merit-based selection of APS agency heads and APS statutory office holders.⁴³

The selection of ASIC's leadership should be supported by an independent, transparent and consistent appointment process that reflects contemporary best practice. The PSC's guidelines set out requirements for ensuring merit based appointments. These include public advertisement of the position and the production of a report recommending shortlisted candidates to the Minister. This process also has the benefit of having embedded controls to ensure the appointment is consistent with ASIC's status as a regulator independent of the Government.

The PSC guidelines provide some flexibility on how to select office holders. They recognise that some circumstances may arise where it is not appropriate or possible to advertise a vacancy and/or conduct a full selection process. In such cases, the Minister must request the Prime Minister's approval to fill a position without conducting a full selection process. Such approval does not provide relief from the underlying obligation that the process be merit based.

Selection criteria are broad under the ASIC Act, with no guidance as to the skills and capabilities required for Commissions as members of the Commission and as cluster leaders. There is no documented process for managing the selection of Commissioners. However, the process for managing reappointment of Commissioners is documented.

In assessing Commissioner recruitment, the Panel has reviewed the process only, and makes no assessment of the outcome of that process (such as the suitability of the appointees). Broadly, the appointment process used in recent years has not always met the Panel's expectations of good process (as described below). The need for a contemporary best practice and transparent merit selection process is further elevated by the potential move towards an industry funding model for ASIC, which would place an even higher requirement for external transparency in ASIC's efficiency and effectiveness.

The Panel's recommendations seek to enhance the recruitment process to ensure the suitability of the Commission to address future requirements, whilst ensuring transparency and meritocracy.

The Panel recommends that the recruitment process should apply a contemporary best practice merit based recruitment process to ensure transparent and robust appointments of Commissioners and the Chairperson as a priority. This should comprise:

• Public
  advertising of Commissioner positions.
• A forward looking capability 'skills-gap' review to identify future requirements (for example, compared with the skills mix and composition of the Commission at the time) and to inform the recruitment process. This should occur on average every two years, and account for the calendar of Commissioner appointments.
• Use of an international executive search firm to undertake searches for Chairperson and Commissioner positions (informed by the skills-gap assessment).
• Candidate interviews to prepare a shortlist to submit to the Minister, conducted by a high level selection panel (comprising the Secretary to the Treasury, Head of a peer agency, an independent representative able to represent the perspectives of consumers and investors, and in the case of Commissioner appointments, the ASIC Chairperson). The use of an independent representative is becoming emerging contemporary best practice, including locally by the NSW State Government for senior appointments.
• Recommendation of a candidate from the shortlist by the Minister for consideration by Cabinet.
• The process would apply to all appointments, including reappointments.

These recommendations are consistent with the World Bank's report on the governance of securities regulators.⁴⁴

While these requirements add time and cost to the process, they are needed to ensure that the recruitment process leads to the Commission being comprised of the best possible candidates, with the best combination and diversity of skills and experience. This will ensure the right leadership and provide the public and Government with confidence in the suitability of the Commission, and therefore in ASIC more broadly.

Commission effectiveness and skill set

Ensuring trust and confidence in the financial system, requires that ASIC has the right leaders with not only the right technical skills but, importantly, the right values. To be effective, ASIC's leadership needs to have the capabilities and leadership and management style that enable it to be both forward looking and proactive.

The high level profiles of the current Commission are summarised in Table 9 below.

Table 9: Composition of the Commission⁴⁵

Professional experience	Of the five Commissioners, three had previously worked at ASIC, with one Commissioner appointed directly into the Commission from a role on the ASIC staff and two returning to ASIC after periods working elsewhere. External work experience across investment banking, other regulators/government bodies, legal counsel roles, and not-for profit sector.
Education	Broad mix of educational backgrounds across commerce, economics, arts and law (including litigation experience)
Gender	One female, four males

Stakeholder feedback on the Commission is broadly positive, albeit mixed:

• The Orima 2015 ASIC staff survey found that 67 per cent of staff are satisfied with the overall effectiveness of the Commission (26 per cent neutral).⁴⁶
• 81 per cent of staff agreed in the Orima survey that Commission leadership is of high quality.⁴⁷
• Staff interviews indicated that ASIC leaders are perceived as having the required expertise.
• Industry stakeholders, particularly those in the larger financial institutions, provided positive feedback on the market knowledge and capabilities of the Commission overall. However, it was clear that not all members have equally broad public profiles, suggesting more scope for time spent on stakeholder engagement, which in the Panel's judgement reinforces the case for recommendation 3.
• However, there is variability in the degree to which the regulated population perceives the leadership of ASIC, with only 34 per cent agreeing that 'ASIC's leadership has the skills and capability to perform its role'.⁴⁸

The Panel shares the view of the ASIC Chairman that the current skillsets of the Commission will need to be expanded going forward to meet both the emerging and the dynamic challenges ASIC will face. In a context of structural change (as discussed in Chapter 1), the Commission of the future will require greater capabilities and expertise in areas such as innovative forms of regulation, big data, digital disruption, financial disintermediation, sophisticated change management, litigation and strategic legal thinking.

Ongoing identification of these requirements ought to be achieved through a periodic external capability assessment of the Commission's capacity to fulfil its leadership responsibilities in the future. This in turn would inform skills gaps and requirements for future Commission recruitment process. This is distinct from individual performance reviews (discussed later in this section) in that it is forward looking, and conducted at a whole-of-Commission level.

The Panel therefore recommends that ASIC implement a regular and formal forward looking 'skills-gaps' assessment led by the Chairperson and drawing on external expertise to facilitate the identification of Commission level capability weaknesses which impede ASIC's ability to ensure trust and confidence in the market. This would be distinct from current processes that are not systematic, structured or well evidenced.

Similar to workforce planning throughout the rest of the organisation (see Chapter 4), this process could include a benchmarking of skills against a set of required criteria aligned to identified priorities under the strategic outlook. Identified gaps should be used to inform the recruitment process (discussed above).

Commissioner performance assessment

There is currently no formal individual performance-management process for Commissioners. While the PwC report notes that this is normal practice for statutory office holders under the traditional Westminster convention,⁴⁹ the current arrangement is delivering sub-optimal outcomes.

• Reduces the accountability of Commissioners to the Chairperson, particularly in the absence of Chairperson responsibility for Commissioner selection rewards and incentives.
• Impedes the personal development of Commissioners in full time roles by not providing them timely and targeted feedback on their performance and development needs.

The Panel considers that implementing individual performance reviews would not be inconsistent with the Westminster system, but would be an improvement on the way it is implemented in Australia today in line with contemporary management best practice. Individual performance management of the Commissioners should be the responsibility of the Chairperson.

The Panel recommends that the Chairperson establish a formal performance review cycle for all Commissioners, which are linked to the external accountability processes. Performance metrics should be chosen that are clearly aligned to those in the Corporate Plan, to ensure organisation wide alignment and pursuit of key strategic goals. Objectives should be discussed at the start of the year and reflected upon in the end of year assessment. Performance reviews should also be informed by the implementation of a Commission effectiveness review led by the Chairperson with the assistance of an external expert. In formalising the process, the results of these discussions would carry a greater deal of importance than would otherwise be the case. Additionally, the Chairperson should work with the Comm
issioners to ensure they are achieving their own personal development objectives.

In addition, the Panel recommends that the Minister assess the overall effectiveness and performance of the Commission, and discuss this annually with the Chairperson.

This discussion would also involve the Chairperson providing an update on the performance of the other Commissioners and the outcome of the external Commission skills gap and effectiveness review. This should form part of the process leading to the development of the proposed annual Ministerial Statement on ASIC's performance.

The recommendations discussed across sections 2.1, 2.3 and 2.3 are all aligned in ensuring strong governance and leadership at ASIC. The key components of the proposed framework are presented in Figure 19 below. As illustrated, ASIC is held accountable to the public through the SoE and SoI, together with the Corporate Plan and performance reporting, which all are made publicly available. External advisers provide perspectives on Commission performance and identify future skills gaps. This informs both the merit based selection of Commissioners as well as individual performance reviews. The Government and the Chairperson have regular ongoing discussions, together with an annual review of Chairperson effectiveness. Internal strategies are aligned through business unit level plans and performance reporting, and feedback through internal performance management. The framework is thus reinforcing to ensure strategic alignment and internal and external accountability.

Figure 19: The proposed leadership and governance framework

Leadership talent: recommendations summary

2.3. Culture — need for outward focus and professional confidence

Culture has become a contemporary catchphrase and a focus of attention in financial services regulation recently. In culture as it relates to regulators, it is important to distinguish two distinct aspects:

• the expectations of the culture of regulated entities, as assessed by regulators;
• the expectations of the culture of the regulators.

US regulators and the FCA have been leading the development of regulatory standards around culture over the last 3-4 years. These standards have largely emerged as an outcome of the GFC and numerous high profile misconduct cases, and therefore focus on business integrity and treating customers fairly. Conduct and market regulators in Asia Pacific have only begun a concerted focus on culture more recently. ASIC is making progress in this area, and is in the early stages of developing its programme of work.

Assessment of a regulator's own culture should be on whether that culture contributes to good regulatory outcomes. A regulator should look to promote a culture that rewards collaboration, innovation, risk and evidence based strategic thinking and proactive approaches to decision making. A modern day conduct regulator needs a professionally confident staff and high performance teams.

Given that the tone for culture is set from the top, the Commission has an important role to play in defining and disseminating the right behaviours and culture of ASIC. The Panel's findings and recommendations (outlined above) on ASIC leadership talent should equally contribute to addressing any cultural issues of variability or misalignment.

Culture is difficult to identify and measure, but it is an important part of the way an organisation behaves and operates, and is viewed by stakeholders. In aggregate, culture is the outcome of the many other factors considered in this Report, including ASIC's mandate, history, governance and organisation structures, leadership, and workforce management practices.

ASIC's culture has been partly shaped by its regulatory origins as the ASC and NCSC and, prior to amalgamation, the State Corporate Affairs Commissions. These were largely enforcement and 'police- like' in culture as distinct from the culture of a conduct regulator with enforcement powers like ASIC is today. Also, the transfer of market surveillance functions from the ASX in 2010 introduced a new, outward and more market-oriented dimension to the culture of ASIC.

ASIC's values of Accountability, Professionalism and Teamwork are clearly documented on its website and reinforced in formal mechanisms (for example, staff performance agreements), and results of the staff survey suggest strong top down communication of organisation-wide values.⁵⁰ However, the Panel has reservations about the degree to which staff are able to display these values, given constraints on agility and innovation imposed by bureaucracy and related insights of recent innovative research on what is needed for high performance teams.

The Panel observed that ASIC staff morale is generally strong. In particular, staff have high levels of professionalism and dedication. The Orima staff survey found high levels of agreement across a number of motivation related questions. For example:

• 97 per cent of respondents are willing to put in the extra effort to get a task or project completed.
• 83 per cent of respondents indicated that they are motivated to do the best possible work that they can.
• 60 per cent of staff feel they are valued for their contribution (23 per cent neutral).
• 78 per cent of staff are satisfied with their job.⁵¹

Interview feedback and the Panel's broader observations suggest that external stakeholders also perceive ASIC staff as dedicated and hard working.

However, the Panel has identified from the respective streams of evidence gathering that ASIC's culture is variable and can tend to be overly defensive, inward looking, risk averse and reactive. These behaviours are manifest in various observations made elsewhere across this report.

• Defensive: ASIC can be quick to reject and challenge criticism, with limited acknowledgment of weakness. ASIC is able to identify a number of specific examples where it has adapted its processes in response to parliamentary inquiries.⁵² However the Panel's interactions with ASIC during the period of this review, as well as observations and feedback from a number of sources, suggest that ASIC can be more defensive than desirable in its approach to responding to challenges and critical assessments from the public, industry and/or Government inquiries. Further, the Panel notes that ASIC leadership has a tendency to rely upon perceived funding inadequacies as an explanation for insufficient progress or areas of ineffective performance. As outlined in Chapter 5, it is not clear that this is necessarily the case.
• Inward looking: ASIC has a tendency to be overly focused on internal challenges and operations. As discussed in section 2.2, Commissioners spend only 23-45 per cent of their time on strategic initiatives and external engagement.⁵³ The Panel also found that ASIC does not sufficiently leverage external stakeholder perspectives to support the strategy setting process (see Chapter 3 for further discussion and Box A on the expectations gap). Stakeholders indicated that they do not feel ASIC is using them as a means of proactively identifying emerging risks and priorities and tailoring regulatory solutions.
• Risk averse: ASIC can tend to lack confidence in its regulatory approach, which is an important component of professional confidence (discussed in Chapter 4). For example, there appears to be limited risk appetite to pursue litigation to test the veracity of the law and where there is a material chance of loss.
• Reactive: ASIC can lack a sufficiently forward looking approach and tends to be reactive to emerging issues.⁵⁴ For example, as highlighted in section 2.1, there is a significant expectations gap regarding the extent to which ASIC is responsive to emerging risks and developments.

Assessing the prevalence of these characteristics is a matter of degree and judgement. The Panel's judgement was informed by strong and consistent feedback from multiple sources, including consultation with informed members of the regulated population, other peer regulators, surveys, roundtable discussions, and the Panel's own observations of ASIC meetings and discussions.

The Panel acknowledges that these characteristics vary between individuals and across different parts of the organisation. The Panel also acknowledges that other regulators and many government agencies in Australia and abroad also share some or all of these traits. The Review of Whole-of-Government Internal Regulation found that risk aversion was a dominant aspect of institutional culture across the public sector. Of the 18 capability reviews of departments and agencies conducted between August 2012 and July 2014, 13 identified significant levels of risk aversion and centralised decision-making at senior levels.⁵⁵

The Panel's judgement has been informed by feedback from many of the more than 150 stakeholder interviews across the spectrum of stakeholder types, roundtable discussions, assessment of survey data, the Panel's own observations and findings from previous reviews around specific issues and failures. This suggests that issues with the culture are likely wide reaching across the organisation, and indicate a need for action by ASIC's leadership.

Possible causes of these culture issues include:

• the practices of ASIC's external governance oversight, including the tendency of parliamentary oversight to be somewhat adversarial in nature;
• the current internal governance arrangements, which tend to blur responsibility and accountability and limit the empowerment of staff and SELs;
• the individual and collective leadership styles of the current and former Commissioners;
• reactions to prior enquiries and reviews into ASIC's performance, which set the tone for future interactions.

As noted at the start of this section, another aspect of culture relates to the expectations of regulators about the culture of regulated entities. This is especially relevant, as ASIC (along with APRA) recently initiated an assessment of the culture of regulated entities as part of its regulatory priorities.

What regulators expect from regulated entities in relation to culture is also a relevant reference point for consideration of ASIC's approach to organisational culture. Clearly, the cultural problems regulators are concerned with in parts of the financial sector (for example, excessive risk-taking or a lack of business ethics) are different from the cultural issues the Panel has observed at ASIC. However, the efforts that regulators expect financial firms to make to improve and maintain their cultures do provide some salient lessons for ASIC with regards to its own culture.

ASIC and other regulators are increasingly requiring that Boards and management of regulated entities consciously think about the appropriateness of their firms' culture and the outcomes that it produces. Where culture is found to have shortcomings, firms are expected to identify the required changes to their culture and then:

• adapt the tone and messaging from the top of the house to reflect the desired changes in corporate values and culture;
• consistently articulate these down through every aspect of the firm's documented policies and practices through to actions;
• reflect the desired changes in the performance management infrastructure (for example, incentives, promotions, training).

Given what ASIC expects from its regulated entities, it is critical that ASIC itself is a role model and that its approach to organisational culture is a clear reflection of what it today expects from regulated entities. However, the Panel found no evidence that ASIC's leadership has taken steps towards putting a cultural change program in place to address concerns around professional confidence and the possible underlying causes described above. For example, the ASIC Cultural Values Assessment program and subsequent roll-out of ASIC's Values and Behaviours program was developed in order to:

• improve customer orientation;
• ensure performance and achievement focus ;
• drive continuous improvement, strategic and transformational qualities in culture.

While the resulting articulation of values, performance management training and leadership programs are certainly a positive outcome, they do not address the concerns raised by the Panel or seek to remedy the underlying drivers. Indeed, it is not evident that the Commission has acknowledged the full extent of cultural challenges the Panel has observed and intends to act on them.

As a result, one of the primary challenges for ASIC's leadership is how to re-align the organisation's values and behaviours, and thereby culture, to better reflect its own desired outcomes, as this is what ASIC currently expects its regulated entities to do.

The Panel anticipates that the culture will be significantly improved as a result of other recommendations in this report being actioned, particularly around organisation of senior leadership and improvement of the strategic planning process. In particular, improved external and internal governance arrangements will provide better aligned incentives for ASIC to become a more outward-looking and pro-active, less defensive regulator.

During the course of this review, the Panel learned of innovative and leading edge organisational research by Google culminating in the development of an applied method for assessing and developing high performance teams within an organisation. The research, underpinned by rigorous and extensive quantitative and survey analysis, found that the essential prerequisite or distinguishing characteristic of high performance teams is a team culture of psychological safety.

Culture: recommendations summary

---

¹³ Statement of Expectations available on the ASIC website, viewed 26 November 2015, <http://asic.gov.au/about-asic/what-we-do/our-role/statements-of-expectations-and-intent/statement-of-expectations-april-2014/>.

¹⁴ Statement of Intent available on the ASIC website, viewed 26 November 2015, <http://asic.gov.au/about-asic/what-we-do/our-role/statements-of-expectations-and-intent/statement-of-intent-july-2014/>.

¹⁵ Commonwealth of Australia 2014, Financial System Inquiry Final Report, Canberra, page 241.

¹⁶ Treasury analysis of publicly available publications — pages dedicated to discussion of strategic questions (incl. Capability Review, user-pays funding, registry sale) vs. issues (for example, HSBC financial advice, CBA financial planning, BBSW).

¹⁷ For further information on the FRAB, please see the Financial System Inquiry Final Report, pages 239 to 245.

¹⁸ Commonwealth of Australia 2014, Financial System Inquiry Final Report, Canberra, page 242.

¹⁹ FCA 2015, FCA Practitioner Panel Survey 2015, viewed 3 December 2015, <http://www.fcapractitionerpanelsurvey.co.uk/downloads/FCA%20PP%20Survey%20-%20Questionaire.pdf>.

²⁰ Susan Bell Research 2015, ASIC Capability Review: Comparing the views of ASIC's leadership team with the views of external stakeholders, in Appendix E of Evidence Report — Volume 3, pages 71 to 72.

²¹ Susan Bell Research 2015, ASIC Capability Review: Comparing the views of ASIC's leadership team with the views of external stakeholders, in Appendix E of Evidence Report — Volume 3, page 82. 34 per cent of SELSs and Commissioners and 24 per cent of external stakeholders agree 'detecting and prosecuting unlawful conduct' should be ASIC's number one priority; 24 per cent of SELs and Commissioners and 25 per cent of external stakeholders agree 'setting rules, standards and expectations for corporate and financial markets' should be the number one priority.

²² Susan Bell Research 2015, ASIC Capability Review: Comparing the views of ASIC's leadership team with the views of external stakeholders, in Appendix E of Evidence Report — Volume 3, page 69; excellent/good rating.

²³ FCA 2015, FCA Practitioner Panel Survey 2015, viewed 3 December 2015, <http://www.fcapractitionerpanelsurvey.co.uk/downloads/FCA%20PP%20Survey%20-%20Questionaire.pdf>. 21 per cent of ASIC's external stakeholders agreed that ASIC is forward looking, compared to 44 per cent of FCA stakeholders that agreed; 58 per cent believed the FCA was an effective regulator and only 43 per cent of external stakeholders believed ASIC's current performance was excellent/good.

²⁴ FCA 2015, FCA Practitioner Panel Survey 2015, viewed 3 December 2015, <http://www.fcapractitionerpanelsurvey.co.uk/downloads/FCA%20PP%20Survey%20-%20Questionaire.pdf>. 44 per cent believed ASIC staff have the necessary skills for their role, compared with 32 per cent strongly believing that the FCA have appropriately qualified staff with the necessary skills.

²⁵ IOSCO 2010, Objectives and Principles of Securities Regulation.

²⁶ Sparrow, M 2000, The Regulatory Craft, Brookings Institution Press, Washington DC.

²⁷ Adapted from: Sparrow, M 2000, The Regulatory Craft, Brookings Institution Press, Washington DC.

²⁸ PwC 2015, ASIC Capability Review: Evidence Report — Volume 1, Sydney, page 38.

²⁹ These include the Annual Report, the Regulator Performance Framework, market surveillance reports, licensing reports, enforcement reports.

³⁰ The Panel recognises that this fragmentation is partially driven by the need to comply with multiple government reporting obligations.

³¹ ASIC 2015, ASIC's Corporate Plan 2015-16 to 2018-19, Sydney, page 27.

³² Commonwealth of Australia 2003, Review of the Corporate Governance of Statutory Authorities and Office Holders, viewed 27 November 2015, <http://www.finance.gov.au/sites/default/files/Uhrig-Report.pdf>.

³³ Commonwealth of Australia 2005, The Uhrig Review and the future of statutory authorities, viewed 27 November 2015, <http://www.aph.gov.au/binaries/library/pubs/rn/2004-05/05rn50.pdf>.

³⁴ Commonwealth of Australia 2003, The HIH Royal Commission, viewed 27 November 2015, <http://pandora.nla.gov.au/pan/23212/20030418-0000/www.hihroyalcom.gov.au/finalreport/index.htm>.

³⁵ PwC 2015, ASIC Capability Review: Evidence Report — Volume 1, Sydney, page 11.

³⁶ PwC 2015, ASIC Capability Review: Evidence Report — Volume 1, Sydney, page 20.

³⁷ Analysis conducted by ASIC based on review of Commissioners' diaries and reflection on activities between September and November 2015. Given some Commissioners' leave and travel arrangements during this time, note that analysis was conducted to reflect a one month long period when they were present in the office. Analysis assumes a 9 hour day and 22 working days a month.

³⁸ PwC 2015, ASIC Capability Review: Evidence Report — Volume 1, Sydney, page 20.

³⁹ Assuming a 9 hour day and 22 working days a month.

⁴⁰ The World Bank 2014, Governance of Securities Regulators: A Framework, Financial and Private Sector Development, Capital Markets Practice, Washington DC, page 9.

⁴¹ PwC 2015, ASIC Capability Review: Evidence Report — Volume 1, Sydney, page 13; The World Bank 2014, Governance of Securities Regulators: A Framework, Financial and Private Sector Development, Capital Markets Practice, Washington DC, pages 7 to
8; and other regulator websites.

⁴² Subsection 9(2) ASIC Act. For other requirements see <http://download.asic.gov.au/media/1327328/Commission--Purpose-Governance-and-Practices--March-2012.pdf> (viewed 20 October 2015).

⁴³ Australian Public Service Commission 2012, Merit and Transparency, viewed 27 November 2015, <http://www.apsc.gov.au/__data/assets/pdf_file/0010/51967/Merit-and-transparency.pdf>.

⁴⁴ The World Bank 2014, Governance of Securities Regulators: A Framework, Financial and Private Sector Development, Capital Markets Practice, Washington DC, pages 18 to 19.

⁴⁵ PwC 2015, ASIC Capability Review: Evidence Report — Volume 2, Sydney, page 29.

⁴⁶ PwC 2015, ASIC Capability Review: Survey overview working pack, in Appendix D of Evidence Report — Volume 3, page 34. In comparison to 42 per cent in 2010.

⁴⁷ PwC 2015, ASIC Capability Review: Survey overview working pack, in Appendix D of Evidence Report — Volume 3, page 34.

⁴⁸ 28 per cent midpoint, 19 per cent disagree, 19 per cent don't know; source: Susan Bell Research 2015, ASIC Capability Review: External stakeholder survey — final report, in Appendix F of Evidence Report — Volume 3, page 105.

⁴⁹ PwC 2015, ASIC Capability Review: Evidence Report — Volume 1, Sydney, page 18.

⁵⁰ PwC 2015, ASIC Capability Review: Survey overview working pack, in Appendix D of Evidence Report — Volume 3, page 36.

⁵¹ PwC 2015, ASIC Capability Review: Survey overview working pack, in Appendix D of Evidence Report — Volume 3, page 48.

⁵² For example: improving the transparency of the outcomes of enforceable undertakings; instituting an avenue for stakeholder to make complaints about ASIC; introducing an Office of the Whistleblower and updating its approach to whistleblowers.

⁵³ PwC 2015, ASIC Capability Review: Evidence Report — Volume 1, Sydney, page 20.

⁵⁴ PwC 2015, ASIC Capability Review: Evidence Report — Volume 1, Sydney, page 69.

⁵⁵ Burgess, V 2015 (November 18), 'Risk aversion still chokes up the public service', Australian Financial Review.