ASIC ‘not naming enough names’

During the fourth day of the final round of hearings, both senior counsel assisting Rowena Orr and royal commissioner Kenneth Hayne asked ASIC chair James Shipton about why the regulator had not disclosed certain entities engaging in breaches detailed within its public reviews.

Mr Shipton also revealed that ASIC alerts organisations that are going to be named in reports before publishing.

A number of ASIC reports were mentioned, including an industry wide review of claims handling in life insurance in 2016, a report about the sales of direct life insurance in August this year and another detailing cases of breaches among AFSLs.

He had mentioned earlier in the hearing that he saw the value in naming organisations.

“Do you agree that an entity that is publicly identified as being the worst performer amongst its peers is likely to have a strong incentive to improve their practices?” Ms Orr asked.

“I most certainly do,” Mr Shipton said.

The report looking into breaches had identified two financial institutions that had referred to customer remediation as a distraction.

While it had named the entities examined, it had not revealed which two organisations had breached.

"So why not identify the entities, the two entities who you called out in this report as having referred to customer remediation as a distraction?” Ms Orr asked.

“Because, as I said before, the main purpose was to talk about systems and processes in financial institutions on a relative basis. That was the main purpose,” Mr Shipton said.

“You don't think that purpose would have been well served by naming names throughout the report?” Ms Orr said.

“I don't think that it would have necessarily added to the broader impact and purpose of that particular report,” Mr Shipton said.

He noted the report aimed to talk about themes and processes, procedures, systems and decision making inside financial institutions as opposed to case specific matters.

“But I am disturbed by that response. I agree with you,” Mr Shipton said.

“And I know that the team followed up directly with the institution on that.”

Another example of an unnamed case study was brought up, of an AFS licensee external audit that found it was not possible to conduct analysis of risk indicators because the incident data from the firm was incomplete and inaccurate.

The licensee had still not improved their compliance system and method of reporting breaches after what Ms Orr said to be years.

“Why did ASIC not identify the AFS licensee to whom this case study related?” Ms Orr asked.

“My response would be I certainly see the utility of disclosing the name of the licensee in this particular point in time,” Mr Shipton said.

“And I would also suggest, subject to any statutory limitations or fairness limitations, that this is something that we should be thinking about moving forward.”

Ms Orr also queried why ASIC alerts companies that they will be named in reports before publishing.

“Well, I just want to try and understand this more and why you're concerned about fairness with your regulated population, when you have brought in information that yields very disturbing results about the conduct of your regulated population, why are you concerned at that point to be fair by giving them advance notice of your findings?” Ms Orr said.

“I do not believe that giving advance notice of our intent to publish their names in any way distracts from the importance and the impact of this particular report,” Mr Shipton said.

“Does this come back to the relationship that you're trying to cultivate and maintain with the entity, Mr Shipton?” Ms Orr said.

“Absolutely not. I see it as the exercise of professional judgment,” Mr Shipton said.

“I see it as ensuring that we are tough, we are resolute, we are strong, but we also apply principles of fairness and follow due process. I do not see that there is an inconsistency in those two concepts.”