ASIC naming and shaming over IDR reports ‘handballing’ responsibility

The Stockbrokers and Investment Advisers Association (SIAA) has argued that the Australian Securities and Investments Commission’s (ASIC) does not have “the legislative authority” to follow through on its proposal to publish internal dispute resolution (IDR) data at the licensee level.

Last month, ASIC released a consultation paper on its plans to publish two dashboards containing reportable situations and internal dispute resolution (IDR) data in the second half of 2025.

This would see firm-level data go public, ASIC stated, including businesses’ names and Australian Financial Services Licence (AFSL) numbers.

In its submission to ASIC’s consultation on the proposal, SIAA said while the Corporations Act requires ASIC to publish information about the reportable situations reports and the entities in relation to which those reports are lodged, it does not “consider that the provision requires ASIC to publicly disclose the licensee’s name against their data”.

“As stated in the Consultation Paper, the precise contents and format of the data ASIC publishes are not prescribed by legislation. Accordingly, we consider that ASIC would be exceeding its regulatory remit by publicly naming and shaming licensees in this way,” SIAA said.

The submission added: “SIAA fundamentally opposes ASIC’s approach to the publication of firm level IDR and reportable situations data that includes firms’ names and licence numbers.

“Using licensees’ data to publicly name and shame them is a completely inappropriate use of data that licensees are required by law to report to ASIC.”

SIAA also contended that any improvement in transparency as a result of the measures would not be worth the increased burden on licensees.

“It does not appear from the Consultation Paper that ASIC has considered the full impact of these proposals,” it said.

“Reporting at a licensee level is not consistent with the purpose of the breach reporting regime

“Our primary concern is that the threshold question of the intended objective of this initiative has not been satisfactorily justified.”

Not a job for consumers

Importantly, SIAA noted that it in strong agreement with ASIC and the consultation paper that licensees providing information about reportable situations are a “critical source of regulatory intelligence” for the regulator that can help it focus its resources and take appropriate regulatory action.

However, the association argued that publishing breach reporting data on a name and shame basis “does not further any of these regulatory aims”.

“Supervising licensees is not a role for consumers. It is ASIC’s responsibility,” SIAA said.

“A consumer who reads the reportable situations data of a licensee does not have any of ASIC’s investigative, supervisory or enforcement powers. ASIC is meant to undertake the analysis of the data.

“We therefore struggle to understand how publicly naming and shaming licensees helps consumers when it is ASIC that has the responsibility to analyse the data provided, supervise licensees and enforce the law.

“We consider that this naming and shaming approach is akin to ASIC handballing its responsibilities to the court of public opinion and abrogating its responsibilities for supervision and enforcement.”

Public naming and shaming, SIAA added, also creates a strong disincentive to licensees to “fully and frankly report” under the regime.

“Public naming and shaming of licensees runs counter to the objective of the regime which is to enhance accountability and transparency. We consider that public naming and shaming of licensees represents a backwards step,” the submission said.

“In a public name and shame regime, licensees considering whether their obligations to report have been triggered will need to consider, as an additional matter, the reputational risk of details of the breach being publicly reported against their name. Firms may change the level of detail they provide in their reports as this reputational risk will disincentivise them from providing additional information.”

Ultimately, it will reduce both the quality and usefulness of reports to ASIC, SIAA said.

“If a situation is a borderline case, the impact of a public name and shame regime will be that the licensee will not report it. This will provide a disincentive to good behaviour,” it added.

“This runs counter to ASIC’s desire for open and transparent communication. It will also have a deleterious and significant impact on the compliance culture of licensees.”